common

package
v0.0.0-...-19ab7e0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 1, 2024 License: MPL-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const (
	GatewayClassControllerName = "consul.hashicorp.com/gateway-controller"

	AnnotationGatewayClassConfig = "consul.hashicorp.com/gateway-class-config"

	// The following annotation keys are used in the v1beta1.GatewayTLSConfig's Options on a v1beta1.Listener.
	TLSCipherSuitesAnnotationKey = "api-gateway.consul.hashicorp.com/tls_cipher_suites"
	TLSMaxVersionAnnotationKey   = "api-gateway.consul.hashicorp.com/tls_max_version"
	TLSMinVersionAnnotationKey   = "api-gateway.consul.hashicorp.com/tls_min_version"
)
View Source
const (
	// GatewayFinalizer is the finalizer we add to any gateway object.
	GatewayFinalizer = "gateway-finalizer.consul.hashicorp.com"

	// NamespaceNameLabel represents that label added automatically to namespaces in newer Kubernetes clusters.
	NamespaceNameLabel = "kubernetes.io/metadata.name"
)
View Source
const (
	ManagedLabel = "gateway.consul.hashicorp.com/managed"
)
View Source
const MinKeyLength = 2048

Envoy will silently reject any keys that are less than 2048 bytes long https://github.com/envoyproxy/envoy/blob/main/source/extensions/transport_sockets/tls/context_impl.cc#L238

Variables

View Source
var (
	// constants extracted for ease of use.
	KindGateway = "Gateway"
	KindSecret  = "Secret"
	KindService = "Service"
	BetaGroup   = gwv1beta1.GroupVersion.Group
)

Functions

func BothNilOrEqual

func BothNilOrEqual[T comparable](one, two *T) bool

BothNilOrEqual is used to determine if two pointers to comparable object are either nil or both point to the same value.

func ConvertMapValuesToSlice

func ConvertMapValuesToSlice[T comparable, U any](vs map[T]U) []U

func ConvertSliceFunc

func ConvertSliceFunc[T any, U any](vs []T, fn func(T) U) []U

func ConvertSliceFuncIf

func ConvertSliceFuncIf[T any, U any](vs []T, fn func(T) (U, bool)) []U

func DefaultOrEqual

func DefaultOrEqual(v, fallback, check string) bool

func DerefAll

func DerefAll[T any](vs []*T) []T

func DerefConvertFunc

func DerefConvertFunc[T any, U any](v *T, fn func(T) U) U

func DerefEqual

func DerefEqual[T ~string](v *T, check string) bool

func DerefIntOr

func DerefIntOr[T ~int | ~int32, U ~int](v *T, val U) int

func DerefLookup

func DerefLookup[T comparable, U any](v *T, lookup map[T]U) U

func DerefStringOr

func DerefStringOr[T ~string, U ~string](v *T, val U) string

func EmptyOrEqual

func EmptyOrEqual(v, check string) bool

func EnsureFinalizer

func EnsureFinalizer(object client.Object) bool

EnsureFinalizer ensures that our finalizer is set on an object returning whether or not it modified the object.

func EntriesEqual

func EntriesEqual(a, b api.ConfigEntry) bool

func EntryToNamespacedName

func EntryToNamespacedName(entry api.ConfigEntry) types.NamespacedName

func EntryToReference

func EntryToReference(entry api.ConfigEntry) api.ResourceReference

func Filter

func Filter[T any](vs []T, filterFn func(T) bool) []T

func FilterIsExternalFilter

func FilterIsExternalFilter(filter gwv1beta1.HTTPRouteFilter) bool

func Flatten

func Flatten[T any](vs [][]T) []T

func GatewayFromPod

func GatewayFromPod(pod *corev1.Pod) (types.NamespacedName, bool)

func GatewayPolicyStatusesEqual

func GatewayPolicyStatusesEqual(a, b v1alpha1.GatewayPolicyStatus) bool

func GatewayStatusesEqual

func GatewayStatusesEqual(a, b gwv1beta1.GatewayStatus) bool

func IndexedNamespacedNameWithDefault

func IndexedNamespacedNameWithDefault[T ~string, U ~string, V ~string](t T, u *U, v V) types.NamespacedName

func LabelsForGateway

func LabelsForGateway(gateway *gwv1beta1.Gateway) map[string]string

LabelsForGateway formats the default labels that appear on objects managed by the controllers.

func NilOrEqual

func NilOrEqual[T ~string](v *T, check string) bool

func NormalizeEmptyMetadataString

func NormalizeEmptyMetadataString(metaString string) string

func ObjectsToReconcileRequests

func ObjectsToReconcileRequests[T metav1.Object](objects []T) []reconcile.Request

ObjectsToReconcileRequests takes a list of objects and returns a list of reconcile Requests.

func ParentRefs

func ParentRefs(group, kind, namespace string, refs []gwv1beta1.ParentReference) []types.NamespacedName

ParentRefs takes a list of ParentReference objects and returns a list of NamespacedName objects.

func ParentsEqual

func ParentsEqual(one, two gwv1beta1.ParentReference) bool

ParentsEqual checks for equality between two parent references.

func ParseCertificateData

func ParseCertificateData(secret corev1.Secret) (cert string, privateKey string, err error)

func PointerTo

func PointerTo[T any](v T) *T

PointerTo is a convenience method for taking a pointer of an object without having to declare an intermediate variable. It's also useful for making sure we don't accidentally take the pointer of a range variable directly.

func RemoveFinalizer

func RemoveFinalizer(object client.Object) bool

RemoveFinalizer ensures that our finalizer is absent from an object returning whether or not it modified the object.

func ResourceReferenceWithDefault

func ResourceReferenceWithDefault[T ~string, U ~string, V ~string](kind string, name T, section string, u *U, v V, partition string) api.ResourceReference

func RouteAuthFilterStatusesEqual

func RouteAuthFilterStatusesEqual(a, b v1alpha1.RouteAuthFilterStatus) bool

func StringLikeSlice

func StringLikeSlice[T ~string](vs []T) []string

func ToContainerPort

func ToContainerPort(portNumber gwv1beta1.PortNumber, mapPrivilegedContainerPorts int32) int

func ValidateKeyLength

func ValidateKeyLength(privateKey string) error

ValidateKeyLength ensures that the key length for a certificate is of a valid length for envoy dependent on if consul is running in FIPS mode or not.

func ValueOr

func ValueOr[T ~string](v *T, fallback string) string

ValueOr checks if a string-like pointer is nil, and if it is, returns the given value instead.

Types

type ConsulConfig

type ConsulConfig struct {
	Address    string
	GRPCPort   int
	HTTPPort   int
	APITimeout time.Duration
}

type ConsulUpdateOperation

type ConsulUpdateOperation struct {
	// Entry is the ConfigEntry to write to Consul.
	Entry api.ConfigEntry
	// OnUpdate is an optional callback to fire after running
	// the Consul update operation. If specified, then no more
	// error handling occurs after the function is called, otherwise
	// normal error handling logic applies.
	OnUpdate func(err error)
}

ConsulUpdateOperation is an operation representing an update in Consul.

type HelmConfig

type HelmConfig struct {
	// ImageDataplane is the Consul Dataplane image to use in gateway deployments.
	ImageDataplane string
	// ImageConsulK8S is the Consul Kubernetes Control Plane image to use in gateway deployments.
	ImageConsulK8S string
	// ImagePullSecrets reference one or more Secret(s) that contain the credentials to pull images from private image repos.
	ImagePullSecrets []v1.LocalObjectReference
	// GlobalImagePullPolicy is the pull policy to use for all images used in gateway deployments.
	GlobalImagePullPolicy      string
	ConsulDestinationNamespace string
	NamespaceMirroringPrefix   string
	EnableNamespaces           bool
	EnableNamespaceMirroring   bool
	AuthMethod                 string

	// LogLevel is the logging level of the deployed Consul Dataplanes.
	LogLevel            string
	ConsulPartition     string
	LogJSON             bool
	TLSEnabled          bool
	PeeringEnabled      bool
	ConsulTLSServerName string
	ConsulCACert        string
	ConsulConfig        ConsulConfig

	// EnableOpenShift indicates whether we're deploying into an OpenShift environment
	// and should create SecurityContextConstraints.
	EnableOpenShift bool

	// MapPrivilegedServicePorts is the value which Consul will add to privileged container port values (ports < 1024)
	// defined on a Gateway.
	MapPrivilegedServicePorts int

	// EnableGatewayMetrics indicates whether or not gateway metrics should be enabled
	// by default on a deployed gateway, passed from the helm chart via command-line flags to our controller.
	EnableGatewayMetrics bool

	// The default path to use for scraping prometheus metrics, passed from the helm chart via command-line flags to our controller.
	DefaultPrometheusScrapePath string

	// The default port to use for scraping prometheus metrics, passed from the helm chart via command-line flags to our controller.
	DefaultPrometheusScrapePort string

	InitContainerResources *v1.ResourceRequirements
}

HelmConfig is the configuration of gateways that comes in from the user's Helm values. This is a combination of the apiGateway stanza and other settings that impact api-gateways.

func (HelmConfig) Normalize

func (h HelmConfig) Normalize() HelmConfig

type KubernetesUpdates

type KubernetesUpdates struct {
	// contains filtered or unexported fields
}

KubernetesUpdates holds all update operations (including status) that need to be synced to Kubernetes. So long as you're modifying the same pointer object passed in to its Add function, this de-duplicates any calls to Add, in order for us to Add any previously unseen entires, but ignore them if they've already been added.

func NewKubernetesUpdates

func NewKubernetesUpdates() *KubernetesUpdates

func (*KubernetesUpdates) Add

func (k *KubernetesUpdates) Add(object client.Object)

func (*KubernetesUpdates) Operations

func (k *KubernetesUpdates) Operations() []client.Object

type MetricsConfig

type MetricsConfig struct {
	Enabled bool
	Path    string
	Port    int
}

func GatewayMetricsConfig

func GatewayMetricsConfig(gateway gwv1beta1.Gateway, gcc v1alpha1.GatewayClassConfig, config HelmConfig) MetricsConfig

type ReferenceMap

type ReferenceMap struct {
	// contains filtered or unexported fields
}

ReferenceMap is contains a map of config entries stored by their normalized resource references (with empty string for namespaces and partitions stored as "default").

func NewReferenceMap

func NewReferenceMap() *ReferenceMap

NewReferenceMap constructs a reference map.

func (*ReferenceMap) Delete

func (r *ReferenceMap) Delete(ref api.ResourceReference)

Delete deletes an entry stored in the reference map.

func (*ReferenceMap) Diff

func (r *ReferenceMap) Diff(other *ReferenceMap) []api.ConfigEntry

Diff calculates the difference between the stored entries in two reference maps.

func (*ReferenceMap) Entries

func (r *ReferenceMap) Entries() []api.ConfigEntry

Entries returns a list of entries stored in the reference map.

func (*ReferenceMap) Get

Get returns an entry from the reference map.

func (*ReferenceMap) IDs

func (r *ReferenceMap) IDs() []api.ResourceReference

func (*ReferenceMap) Set

Set adds an entry to the reference map.

type ReferenceSet

type ReferenceSet struct {
	// contains filtered or unexported fields
}

ReferenceSet is a set of stored references.

func NewReferenceSet

func NewReferenceSet() *ReferenceSet

NewReferenceSet constructs a new reference set.

func (*ReferenceSet) Contains

func (r *ReferenceSet) Contains(ref api.ResourceReference) bool

Contains checks for the inclusion of a reference in the set.

func (*ReferenceSet) IDs

func (r *ReferenceSet) IDs() []api.ResourceReference

func (*ReferenceSet) Mark

func (r *ReferenceSet) Mark(ref api.ResourceReference)

Mark adds a reference to the reference set.

func (*ReferenceSet) Remove

func (r *ReferenceSet) Remove(ref api.ResourceReference)

Remove drops a reference from the set.

type ReferenceValidator

type ReferenceValidator interface {
	GatewayCanReferenceSecret(gateway gwv1beta1.Gateway, secretRef gwv1beta1.SecretObjectReference) bool
	HTTPRouteCanReferenceBackend(httproute gwv1beta1.HTTPRoute, backendRef gwv1beta1.BackendRef) bool
	TCPRouteCanReferenceBackend(tcpRoute gwv1alpha2.TCPRoute, backendRef gwv1beta1.BackendRef) bool
}

type ResourceMap

type ResourceMap struct {
	// contains filtered or unexported fields
}

func NewResourceMap

func NewResourceMap(translator ResourceTranslator, validator ReferenceValidator, logger logr.Logger) *ResourceMap

func (*ResourceMap) AddExternalFilter

func (s *ResourceMap) AddExternalFilter(filter client.Object)

func (*ResourceMap) AddGatewayPolicy

func (s *ResourceMap) AddGatewayPolicy(gatewayPolicy *v1alpha1.GatewayPolicy) *v1alpha1.GatewayPolicy

func (*ResourceMap) AddJWTProvider

func (s *ResourceMap) AddJWTProvider(provider *v1alpha1.JWTProvider)

func (*ResourceMap) AddMeshService

func (s *ResourceMap) AddMeshService(service v1alpha1.MeshService)

func (*ResourceMap) AddService

func (s *ResourceMap) AddService(id types.NamespacedName, name string)

func (*ResourceMap) CanGCHTTPRouteOnUnbind

func (s *ResourceMap) CanGCHTTPRouteOnUnbind(id api.ResourceReference) bool

func (*ResourceMap) CanGCTCPRouteOnUnbind

func (s *ResourceMap) CanGCTCPRouteOnUnbind(id api.ResourceReference) bool

func (*ResourceMap) Certificate

func (s *ResourceMap) Certificate(key types.NamespacedName) *corev1.Secret

func (*ResourceMap) ExternalFilterExists

func (s *ResourceMap) ExternalFilterExists(filterRef gwv1beta1.LocalObjectReference, namespace string) bool

func (*ResourceMap) GatewayCanReferenceSecret

func (s *ResourceMap) GatewayCanReferenceSecret(gateway gwv1beta1.Gateway, ref gwv1beta1.SecretObjectReference) bool

func (*ResourceMap) GetExternalAuthFilters

func (s *ResourceMap) GetExternalAuthFilters() []*v1alpha1.RouteAuthFilter

func (*ResourceMap) GetExternalFilter

func (s *ResourceMap) GetExternalFilter(filterRef gwv1beta1.LocalObjectReference, namespace string) (client.Object, bool)

func (*ResourceMap) GetJWTProviderForGatewayJWTProvider

func (s *ResourceMap) GetJWTProviderForGatewayJWTProvider(provider *v1alpha1.GatewayJWTProvider) (*v1alpha1.JWTProvider, bool)

func (*ResourceMap) GetPolicyForGatewayListener

func (s *ResourceMap) GetPolicyForGatewayListener(gateway gwv1beta1.Gateway, gatewayListener gwv1beta1.Listener) (*v1alpha1.GatewayPolicy, bool)

func (*ResourceMap) HTTPRouteCanReferenceBackend

func (s *ResourceMap) HTTPRouteCanReferenceBackend(route gwv1beta1.HTTPRoute, ref gwv1beta1.BackendRef) bool

func (*ResourceMap) HasMeshService

func (s *ResourceMap) HasMeshService(id types.NamespacedName) bool

func (*ResourceMap) HasService

func (s *ResourceMap) HasService(id types.NamespacedName) bool

func (*ResourceMap) MeshService

func (*ResourceMap) MutateHTTPRoute

func (s *ResourceMap) MutateHTTPRoute(key types.NamespacedName, onUpdate func(error, api.ConfigEntryStatus), mutateFn func(api.HTTPRouteConfigEntry) api.HTTPRouteConfigEntry)

func (*ResourceMap) MutateTCPRoute

func (s *ResourceMap) MutateTCPRoute(key types.NamespacedName, onUpdate func(error, api.ConfigEntryStatus), mutateFn func(api.TCPRouteConfigEntry) api.TCPRouteConfigEntry)

func (*ResourceMap) Mutations

func (s *ResourceMap) Mutations() []*ConsulUpdateOperation

func (*ResourceMap) ReferenceCountCertificate

func (s *ResourceMap) ReferenceCountCertificate(secret corev1.Secret)

func (*ResourceMap) ReferenceCountConsulCertificate

func (s *ResourceMap) ReferenceCountConsulCertificate(cert api.FileSystemCertificateConfigEntry)

func (*ResourceMap) ReferenceCountConsulHTTPRoute

func (s *ResourceMap) ReferenceCountConsulHTTPRoute(route api.HTTPRouteConfigEntry)

func (*ResourceMap) ReferenceCountConsulTCPRoute

func (s *ResourceMap) ReferenceCountConsulTCPRoute(route api.TCPRouteConfigEntry)

func (*ResourceMap) ReferenceCountGateway

func (s *ResourceMap) ReferenceCountGateway(gateway gwv1beta1.Gateway)

func (*ResourceMap) ReferenceCountHTTPRoute

func (s *ResourceMap) ReferenceCountHTTPRoute(route gwv1beta1.HTTPRoute)

func (*ResourceMap) ReferenceCountTCPRoute

func (s *ResourceMap) ReferenceCountTCPRoute(route gwv1alpha2.TCPRoute)

func (*ResourceMap) ResourcesToGC

func (s *ResourceMap) ResourcesToGC(key types.NamespacedName) []api.ResourceReference

func (*ResourceMap) Service

func (*ResourceMap) TCPRouteCanReferenceBackend

func (s *ResourceMap) TCPRouteCanReferenceBackend(route gwv1alpha2.TCPRoute, ref gwv1beta1.BackendRef) bool

func (*ResourceMap) TranslateAndMutateHTTPRoute

func (s *ResourceMap) TranslateAndMutateHTTPRoute(key types.NamespacedName, onUpdate func(error, api.ConfigEntryStatus), mutateFn func(old *api.HTTPRouteConfigEntry, new api.HTTPRouteConfigEntry) api.HTTPRouteConfigEntry)

func (*ResourceMap) TranslateAndMutateTCPRoute

func (s *ResourceMap) TranslateAndMutateTCPRoute(key types.NamespacedName, onUpdate func(error, api.ConfigEntryStatus), mutateFn func(*api.TCPRouteConfigEntry, api.TCPRouteConfigEntry) api.TCPRouteConfigEntry)

func (*ResourceMap) TranslateFileSystemCertificate

func (s *ResourceMap) TranslateFileSystemCertificate(key types.NamespacedName)

type ResourceTranslator

type ResourceTranslator struct {
	EnableConsulNamespaces bool
	ConsulDestNamespace    string
	EnableK8sMirroring     bool
	MirroringPrefix        string
	ConsulPartition        string
	Datacenter             string
}

ResourceTranslator handles translating K8s resources into Consul config entries.

func (ResourceTranslator) ConfigEntryReference

func (t ResourceTranslator) ConfigEntryReference(kind string, id types.NamespacedName) api.ResourceReference

func (ResourceTranslator) Namespace

func (t ResourceTranslator) Namespace(namespace string) string

func (ResourceTranslator) NonNormalizedConfigEntryReference

func (t ResourceTranslator) NonNormalizedConfigEntryReference(kind string, id types.NamespacedName) api.ResourceReference

func (ResourceTranslator) NormalizedResourceReference

func (t ResourceTranslator) NormalizedResourceReference(kind, namespace string, ref api.ResourceReference) api.ResourceReference

func (ResourceTranslator) ToAPIGateway

ToAPIGateway translates a kuberenetes API gateway into a Consul APIGateway Config Entry.

func (ResourceTranslator) ToFileSystemCertificate

func (t ResourceTranslator) ToFileSystemCertificate(secret corev1.Secret) *api.FileSystemCertificateConfigEntry

func (ResourceTranslator) ToHTTPRoute

func (t ResourceTranslator) ToHTTPRoute(route gwv1beta1.HTTPRoute, resources *ResourceMap) *api.HTTPRouteConfigEntry

func (ResourceTranslator) ToTCPRoute

func (t ResourceTranslator) ToTCPRoute(route gwv1alpha2.TCPRoute, resources *ResourceMap) *api.TCPRouteConfigEntry

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL