binding

Documentation

Index

• func NewReferenceValidator(grants []gwv1beta1.ReferenceGrant) common.ReferenceValidator
• type Binder
  • func NewBinder(config BinderConfig) *Binder
  • func (b *Binder) Snapshot() *Snapshot
• type BinderConfig
• type Cleaner
  • func (c Cleaner) Run(ctx context.Context)
• type ConsulSnapshot
• type KubernetesSnapshot
• type Snapshot
  • func NewSnapshot() *Snapshot

Functions

func NewReferenceValidator

func NewReferenceValidator(grants []gwv1beta1.ReferenceGrant) common.ReferenceValidator

Types

type Binder

type Binder struct {
	// contains filtered or unexported fields
}

Binder is used for generating a Snapshot of all operations that should occur both in Kubernetes and Consul as a result of binding routes to a Gateway.

func NewBinder

func NewBinder(config BinderConfig) *Binder

NewBinder creates a Binder object with the given configuration.

func (*Binder) Snapshot

func (b *Binder) Snapshot() *Snapshot

Snapshot generates a snapshot of operations that need to occur in Kubernetes and Consul in order for a Gateway to be reconciled.

type BinderConfig

type BinderConfig struct {
	// Logger for any internal logs
	Logger logr.Logger
	// Translator instance initialized with proper name/namespace translation
	// configuration from helm.
	Translator common.ResourceTranslator
	// ControllerName is the name of the controller used in determining which
	// gateways we control, also leveraged for setting route statuses.
	ControllerName string

	// Namespaces is a map of all namespaces in Kubernetes indexed by their names for looking up labels
	// for AllowedRoutes matching purposes.
	Namespaces map[string]corev1.Namespace
	// GatewayClassConfig is the configuration corresponding to the given
	// GatewayClass -- if it is nil we should treat the gateway as deleted
	// since the gateway is now pointing to an invalid gateway class
	GatewayClassConfig *v1alpha1.GatewayClassConfig
	// GatewayClass is the GatewayClass corresponding to the Gateway we want to
	// bind routes to. It is passed as a pointer because it could be nil. If no
	// GatewayClass corresponds to a Gateway, we ought to clean up any sort of
	// state that we may have set on the Gateway, its corresponding Routes or in
	// Consul, because we should no longer be managing the Gateway (its association
	// to our controller is through a parameter on the GatewayClass).
	GatewayClass *gwv1beta1.GatewayClass
	// Gateway is the Gateway being reconciled that we want to bind routes to.
	Gateway gwv1beta1.Gateway
	// HTTPRoutes is a list of HTTPRoute objects that ought to be bound to the Gateway.
	HTTPRoutes []gwv1beta1.HTTPRoute
	// TCPRoutes is a list of TCPRoute objects that ought to be bound to the Gateway.
	TCPRoutes []gwv1alpha2.TCPRoute
	// Pods are any pods that are part of the Gateway deployment.
	Pods []corev1.Pod
	// Service is the deployed service associated with the Gateway deployment.
	Service *corev1.Service
	// JWTProviders is the list of all JWTProviders in the cluster
	JWTProviders []v1alpha1.JWTProvider

	// ConsulGateway is the config entry we've created in Consul.
	ConsulGateway *api.APIGatewayConfigEntry
	// GatewayServices are the services associated with the Gateway
	ConsulGatewayServices []api.CatalogService

	// Resources is a map containing all service targets to verify
	// against the routing backends.
	Resources *common.ResourceMap

	// Policies is a list containing all GatewayPolicies that are part of the Gateway Deployment
	Policies []v1alpha1.GatewayPolicy

	// Configuration from helm.
	HelmConfig common.HelmConfig
}

BinderConfig configures a binder instance with all of the information that it needs to know to generate a snapshot of bound state.

type Cleaner

type Cleaner struct {
	Logger       logr.Logger
	ConsulConfig *consul.Config
	ServerMgr    consul.ServerConnectionManager
	AuthMethod   string
}

func (Cleaner) Run

func (c Cleaner) Run(ctx context.Context)

Run periodically cleans up old ACL roles and policies as well as orphaned inline certificate config entries. When it detects that there are no more inline-certificates and that the old ACL role and policy are not in use, it exits.

type ConsulSnapshot

type ConsulSnapshot struct {
	// Updates is the list of ConfigEntry objects that should
	// either be updated or created in Consul
	Updates []*common.ConsulUpdateOperation
	// Deletions is a list of references that ought to be
	// deleted in Consul
	Deletions []api.ResourceReference
	// Registrations is a list of Consul services to make sure
	// are registered in Consul
	Registrations []api.CatalogRegistration
	// Deregistrations is a list of Consul services to make sure
	// are no longer registered in Consul
	Deregistrations []api.CatalogDeregistration
}

ConsulSnapshot contains all the operations required in Consul to complete reconciliation.

type KubernetesSnapshot

type KubernetesSnapshot struct {
	// Updates is the list of objects that need to have
	// aspects of their metadata or spec updated in Kubernetes
	// (i.e. for finalizers or annotations)
	Updates *common.KubernetesUpdates
	// StatusUpdates is the list of objects that need
	// to have their statuses updated in Kubernetes
	StatusUpdates *common.KubernetesUpdates
}

KubernetesSnapshot contains all the operations required in Kubernetes to complete reconciliation.

type Snapshot

type Snapshot struct {
	// Kubernetes holds the snapshot of required Kubernetes operations
	Kubernetes *KubernetesSnapshot
	// Consul holds the snapshot of required Consul operations
	Consul *ConsulSnapshot
	// GatewayClassConfig is the configuration to use for determining
	// a Gateway deployment, if it is not set, a deployment should be
	// deleted instead of updated
	GatewayClassConfig *v1alpha1.GatewayClassConfig

	// UpsertGatewayDeployment determines whether the gateway deployment
	// objects should be updated, i.e. deployments, roles, services
	UpsertGatewayDeployment bool
}

Snapshot contains all Kubernetes and Consul operations needed to complete reconciliation.

func NewSnapshot

func NewSnapshot() *Snapshot