Documentation ¶
Index ¶
Constants ¶
View Source
const ( InjectInitCopyContainerName = "copy-consul-bin" InjectInitContainerName = "consul-connect-inject-init" )
View Source
const ( MetaKeyPodName = "pod-name" MetaKeyKubeServiceName = "k8s-service-name" MetaKeyKubeNS = "k8s-namespace" MetaKeyManagedBy = "managed-by" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EndpointsController ¶ added in v0.26.0
type EndpointsController struct { client.Client // ConsulClient points at the agent local to the connect-inject deployment pod. ConsulClient *api.Client // ConsulClientCfg is the client config used by the ConsulClient when calling NewClient(). ConsulClientCfg *api.Config // ConsulScheme is the scheme to use when making API calls to Consul, // i.e. "http" or "https". ConsulScheme string // ConsulPort is the port to make HTTP API calls to Consul agents on. ConsulPort string // Only endpoints in the AllowK8sNamespacesSet are reconciled. AllowK8sNamespacesSet mapset.Set // Endpoints in the DenyK8sNamespacesSet are ignored. DenyK8sNamespacesSet mapset.Set // EnableConsulNamespaces indicates that a user is running Consul Enterprise // with version 1.7+ which supports namespaces. EnableConsulNamespaces bool // ConsulDestinationNamespace is the name of the Consul namespace to create // all config entries in. If EnableNSMirroring is true this is ignored. ConsulDestinationNamespace string // EnableNSMirroring causes Consul namespaces to be created to match the // k8s namespace of any config entry custom resource. Config entries will // be created in the matching Consul namespace. EnableNSMirroring bool // NSMirroringPrefix is an optional prefix that can be added to the Consul // namespaces created while mirroring. For example, if it is set to "k8s-", // then the k8s `default` namespace will be mirrored in Consul's // `k8s-default` namespace. NSMirroringPrefix string // CrossNSACLPolicy is the name of the ACL policy to attach to // any created Consul namespaces to allow cross namespace service discovery. // Only necessary if ACLs are enabled. CrossNSACLPolicy string // ReleaseName is the Consul Helm installation release. ReleaseName string // ReleaseNamespace is the namespace where Consul is installed. ReleaseNamespace string // EnableTransparentProxy controls whether transparent proxy should be enabled // for all proxy service registrations. EnableTransparentProxy bool // TProxyOverwriteProbes controls whether the endpoints controller should expose pod's HTTP probes // via Envoy proxy. TProxyOverwriteProbes bool MetricsConfig MetricsConfig Log logr.Logger Scheme *runtime.Scheme context.Context }
func (*EndpointsController) Logger ¶ added in v0.26.0
func (r *EndpointsController) Logger(name types.NamespacedName) logr.Logger
func (*EndpointsController) SetupWithManager ¶ added in v0.26.0
func (r *EndpointsController) SetupWithManager(mgr ctrl.Manager) error
type Handler ¶
type Handler struct { ConsulClient *api.Client Clientset kubernetes.Interface // ImageConsul is the container image for Consul to use. // ImageEnvoy is the container image for Envoy to use. // // Both of these MUST be set. ImageConsul string ImageEnvoy string // ImageConsulK8S is the container image for consul-k8s to use. // This image is used for the consul-sidecar container. ImageConsulK8S string // Optional: set when you need extra options to be set when running envoy // See a list of args here: https://www.envoyproxy.io/docs/envoy/latest/operations/cli EnvoyExtraArgs string // RequireAnnotation means that the annotation must be given to inject. // If this is false, injection is default. RequireAnnotation bool // AuthMethod is the name of the Kubernetes Auth Method to // use for identity with connectInjection if ACLs are enabled AuthMethod string // The PEM-encoded CA certificate string // to use when communicating with Consul clients over HTTPS. // If not set, will use HTTP. ConsulCACert string // EnableNamespaces indicates that a user is running Consul Enterprise // with version 1.7+ which is namespace aware. It enables Consul namespaces, // with injection into either a single Consul namespace or mirrored from // k8s namespaces. EnableNamespaces bool // AllowK8sNamespacesSet is a set of k8s namespaces to explicitly allow for // injection. It supports the special character `*` which indicates that // all k8s namespaces are eligible unless explicitly denied. This filter // is applied before checking pod annotations. AllowK8sNamespacesSet mapset.Set // DenyK8sNamespacesSet is a set of k8s namespaces to explicitly deny // injection and thus service registration with Consul. An empty set // means that no namespaces are removed from consideration. This filter // takes precedence over AllowK8sNamespacesSet. DenyK8sNamespacesSet mapset.Set // ConsulDestinationNamespace is the name of the Consul namespace to register all // injected services into if Consul namespaces are enabled and mirroring // is disabled. This may be set, but will not be used if mirroring is enabled. ConsulDestinationNamespace string // EnableK8SNSMirroring causes Consul namespaces to be created to match the // k8s namespace of any service being registered into Consul. Services are // registered into the Consul namespace that mirrors their k8s namespace. EnableK8SNSMirroring bool // K8SNSMirroringPrefix is an optional prefix that can be added to the Consul // namespaces created while mirroring. For example, if it is set to "k8s-", // then the k8s `default` namespace will be mirrored in Consul's // `k8s-default` namespace. K8SNSMirroringPrefix string // CrossNamespaceACLPolicy is the name of the ACL policy to attach to // any created Consul namespaces to allow cross namespace service discovery. // Only necessary if ACLs are enabled. CrossNamespaceACLPolicy string // Default resource settings for sidecar proxies. Some of these // fields may be empty. DefaultProxyCPURequest resource.Quantity DefaultProxyCPULimit resource.Quantity DefaultProxyMemoryRequest resource.Quantity DefaultProxyMemoryLimit resource.Quantity // MetricsConfig contains metrics configuration from the inject-connect command and has methods to determine whether // configuration should come from the default flags or annotations. The handler uses this to configure prometheus // annotations and the merged metrics server. MetricsConfig MetricsConfig // Resource settings for init container. All of these fields // will be populated by the defaults provided in the initial flags. InitContainerResources corev1.ResourceRequirements // Resource settings for Consul sidecar. All of these fields // will be populated by the defaults provided in the initial flags. ConsulSidecarResources corev1.ResourceRequirements // EnableTransparentProxy enables transparent proxy mode. // This means that the injected init container will apply traffic redirection rules // so that all traffic will go through the Envoy proxy. EnableTransparentProxy bool // TProxyOverwriteProbes controls whether the webhook should mutate pod's HTTP probes // to point them to the Envoy proxy. TProxyOverwriteProbes bool // EnableOpenShift indicates that when tproxy is enabled, the security context for the Envoy and init // containers should not be added because OpenShift sets a random user for those and will not allow // those containers to be created otherwise. EnableOpenShift bool // Log Log logr.Logger // contains filtered or unexported fields }
Handler is the HTTP handler for admission webhooks.
type MetricsConfig ¶ added in v0.26.0
type MetricsConfig struct { DefaultEnableMetrics bool DefaultEnableMetricsMerging bool DefaultMergedMetricsPort string DefaultPrometheusScrapePort string DefaultPrometheusScrapePath string }
MetricsConfig represents configuration common to connect-inject components related to metrics.
Click to show internal directories.
Click to hide internal directories.