Documentation
¶
Index ¶
Constants ¶
const InjectInitContainerName = "consul-connect-inject-init"
Variables ¶
var ServiceNotFoundErr = errors.New("service is not registered in Consul")
ServiceNotFoundErr is returned when a Consul service instance is not registered.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
ConsulClient *api.Client
// ImageConsul is the container image for Consul to use.
// ImageEnvoy is the container image for Envoy to use.
//
// Both of these MUST be set.
ImageConsul string
ImageEnvoy string
// ImageConsulK8S is the container image for consul-k8s to use.
// This image is used for the lifecycle-sidecar container.
ImageConsulK8S string
// Optional: set when you need extra options to be set when running envoy
// See a list of args here: https://www.envoyproxy.io/docs/envoy/latest/operations/cli
EnvoyExtraArgs string
// RequireAnnotation means that the annotation must be given to inject.
// If this is false, injection is default.
RequireAnnotation bool
// AuthMethod is the name of the Kubernetes Auth Method to
// use for identity with connectInjection if ACLs are enabled
AuthMethod string
// WriteServiceDefaults controls whether injection should write a
// service-defaults config entry for each service.
// Requires an additional `protocol` parameter.
WriteServiceDefaults bool
// DefaultProtocol is the default protocol to use for central config
// registrations. It will be overridden by a specific annotation.
DefaultProtocol string
// The PEM-encoded CA certificate string
// to use when communicating with Consul clients over HTTPS.
// If not set, will use HTTP.
ConsulCACert string
// EnableNamespaces indicates that a user is running Consul Enterprise
// with version 1.7+ which is namespace aware. It enables Consul namespaces,
// with injection into either a single Consul namespace or mirrored from
// k8s namespaces.
EnableNamespaces bool
// AllowK8sNamespacesSet is a set of k8s namespaces to explicitly allow for
// injection. It supports the special character `*` which indicates that
// all k8s namespaces are eligible unless explicitly denied. This filter
// is applied before checking pod annotations.
AllowK8sNamespacesSet mapset.Set
// DenyK8sNamespacesSet is a set of k8s namespaces to explicitly deny
// injection and thus service registration with Consul. An empty set
// means that no namespaces are removed from consideration. This filter
// takes precedence over AllowK8sNamespacesSet.
DenyK8sNamespacesSet mapset.Set
// ConsulDestinationNamespace is the name of the Consul namespace to register all
// injected services into if Consul namespaces are enabled and mirroring
// is disabled. This may be set, but will not be used if mirroring is enabled.
ConsulDestinationNamespace string
// EnableK8SNSMirroring causes Consul namespaces to be created to match the
// k8s namespace of any service being registered into Consul. Services are
// registered into the Consul namespace that mirrors their k8s namespace.
EnableK8SNSMirroring bool
// K8SNSMirroringPrefix is an optional prefix that can be added to the Consul
// namespaces created while mirroring. For example, if it is set to "k8s-",
// then the k8s `default` namespace will be mirrored in Consul's
// `k8s-default` namespace.
K8SNSMirroringPrefix string
// CrossNamespaceACLPolicy is the name of the ACL policy to attach to
// any created Consul namespaces to allow cross namespace service discovery.
// Only necessary if ACLs are enabled.
CrossNamespaceACLPolicy string
// Default resource settings for sidecar proxies. Some of these
// fields may be empty.
DefaultProxyCPURequest resource.Quantity
DefaultProxyCPULimit resource.Quantity
DefaultProxyMemoryRequest resource.Quantity
DefaultProxyMemoryLimit resource.Quantity
// Resource settings for init container. All of these fields
// will be populated by the defaults provided in the initial flags.
InitContainerResources corev1.ResourceRequirements
// Resource settings for lifecycle sidecar. All of these fields
// will be populated by the defaults provided in the initial flags.
LifecycleSidecarResources corev1.ResourceRequirements
// Log
Log hclog.Logger
}
Handler is the HTTP handler for admission webhooks.
func (*Handler) Handle ¶
func (h *Handler) Handle(w http.ResponseWriter, r *http.Request)
Handle is the http.HandlerFunc implementation that actually handles the webhook request for admission control. This should be registered or served via an HTTP server.
func (*Handler) Mutate ¶
func (h *Handler) Mutate(req *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
Mutate takes an admission request and performs mutation if necessary, returning the final API response.
type HealthCheckResource ¶ added in v0.20.0
type HealthCheckResource struct {
Log hclog.Logger
KubernetesClientset kubernetes.Interface
// ConsulUrl holds the url information for client connections.
ConsulUrl *url.URL
// ReconcilePeriod is the period by which reconcile gets called.
// default to 1 minute.
ReconcilePeriod time.Duration
Ctx context.Context
// contains filtered or unexported fields
}
func (*HealthCheckResource) Delete ¶ added in v0.20.0
func (h *HealthCheckResource) Delete(string) error
Delete is not implemented because it is handled by the preStop phase whereby all services related to the pod are deregistered which also deregisters health checks.
func (*HealthCheckResource) Informer ¶ added in v0.20.0
func (h *HealthCheckResource) Informer() cache.SharedIndexInformer
Informer starts a sharedindex informer which watches and lists corev1.Pod objects which meet the filter of labelInject.
func (*HealthCheckResource) Reconcile ¶ added in v0.20.0
func (h *HealthCheckResource) Reconcile() error
Reconcile iterates through all Pods with the appropriate label and compares the current health check status against that which is stored in Consul and updates the consul health check accordingly. If the health check doesn't yet exist it will create it.
func (*HealthCheckResource) Run ¶ added in v0.20.0
func (h *HealthCheckResource) Run(stopCh <-chan struct{})
Run is the long-running runloop for periodically running Reconcile. It initially reconciles at startup and is then invoked after every ReconcilePeriod expires.
func (*HealthCheckResource) Upsert ¶ added in v0.20.0
func (h *HealthCheckResource) Upsert(key string, raw interface{}) error
Upsert processes a create or update event. Two primary use cases are handled, new pods will get a new consul TTL health check registered against their respective agent and service, and updates to pods will have this TTL health check updated to reflect the pod's readiness status.
Source Files