configs

package
v3.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 27, 2023 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const AppProtectDosProtectedAnnotation = "appprotectdos.f5.com/app-protect-dos-resource"

AppProtectDosProtectedAnnotation is the namespace/name reference of a DosProtectedResource

View Source 
const AppProtectLogConfAnnotation = "appprotect.f5.com/app-protect-security-log"

AppProtectLogConfAnnotation is where the NGINX AppProtect Log Configuration is specified

View Source 
const AppProtectLogConfDstAnnotation = "appprotect.f5.com/app-protect-security-log-destination"

AppProtectLogConfDstAnnotation is where the NGINX AppProtect Log Configuration destination is specified

View Source 
const AppProtectPolicyAnnotation = "appprotect.f5.com/app-protect-policy"

AppProtectPolicyAnnotation is where the NGINX App Protect policy is specified

View Source 
const BasicAuthSecretAnnotation = "nginx.org/basic-auth-secret" // #nosec G101

BasicAuthSecretAnnotation is the annotation where the Secret with the HTTP basic user list

View Source 
const CACrlKey = "ca.crl"

CACrlKey is the key of the data field of a Secret where the cert revocation list must be stored.

View Source 
const CACrtKey = "ca.crt"

CACrtKey is the key of the data field of a Secret where the cert must be stored.

View Source 
const ClientSecretKey = "client-secret"

ClientSecretKey is the key of the data field of a Secret where the OIDC client secret must be stored.

View Source 
const DefaultSecretPath = "/etc/nginx/secrets" // #nosec G101

DefaultSecretPath is the full default path to where secrets are stored and accessed.

View Source 
const DefaultServerSecretName = "default"

DefaultServerSecretName is the filename of the Secret with a TLS cert and a key for the default server.

View Source 
const DefaultServerSecretPath = "/etc/nginx/secrets/default"

DefaultServerSecretPath is the full path to the Secret with a TLS cert and a key for the default server. #nosec G101

View Source 
const HtpasswdFileKey = "htpasswd"

HtpasswdFileKey is the key of the data field of a Secret where the HTTP basic authorization list must be stored

View Source 
const JWTKeyAnnotation = "nginx.com/jwt-key"

JWTKeyAnnotation is the annotation where the Secret with a JWK is specified.

View Source 
const JWTKeyKey = "jwk"

JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.

View Source 
const OffsetFmt = `\d+[kKmMgG]?`

OffsetFmt http://nginx.org/en/docs/syntax.html

View Source 
const PathRegexAnnotation = "nginx.org/path-regex"

PathRegexAnnotation is the annotation where the regex location (path) modifier is specified.

View Source 
const SizeFmt = `\d+[kKmM]?`

SizeFmt http://nginx.org/en/docs/syntax.html

View Source 
const WildcardSecretName = "wildcard"

WildcardSecretName is the filename of the Secret with a TLS cert and a key for the ingress resources with TLS termination enabled but not secret defined.

Variables

This section is empty.

Functions

func GenerateCAFileContent 

func GenerateCAFileContent(secret *api_v1.Secret) ([]byte, []byte)

GenerateCAFileContent generates a pem file content from the TLS secret.

func GenerateCertAndKeyFileContent 

func GenerateCertAndKeyFileContent(secret *api_v1.Secret) []byte

GenerateCertAndKeyFileContent generates a pem file content from the TLS secret.

func GenerateEndpointsKey 

func GenerateEndpointsKey(
	serviceNamespace string,
	serviceName string,
	subselector map[string]string,
	port uint16,
) string

GenerateEndpointsKey generates a key for the Endpoints map in VirtualServerEx.

func GenerateExternalNameSvcKey 

func GenerateExternalNameSvcKey(namespace string, service string) string

GenerateExternalNameSvcKey returns the key to identify an ExternalName service.

func GenerateNginxMainConfig 

func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *ConfigParams) *version1.MainConfig

GenerateNginxMainConfig generates MainConfig.

func GetBackendPortAsString 

func GetBackendPortAsString(port networking.ServiceBackendPort) string

GetBackendPortAsString returns the port of a ServiceBackend of an Ingress resource as a string.

func GetMapKeyAsBool 

func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error)

GetMapKeyAsBool searches the map for the given key and parses the key as bool.

func GetMapKeyAsInt 

func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int, bool, error)

GetMapKeyAsInt tries to find and parse a key in a map as int.

func GetMapKeyAsInt64 

func GetMapKeyAsInt64(m map[string]string, key string, context apiObject) (int64, bool, error)

GetMapKeyAsInt64 tries to find and parse a key in a map as int64.

func GetMapKeyAsStringSlice 

func GetMapKeyAsStringSlice(m map[string]string, key string, _ apiObject, delimiter string) ([]string, bool)

GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter.

func GetMapKeyAsUint64 

func GetMapKeyAsUint64(m map[string]string, key string, context apiObject, nonZero bool) (uint64, bool, error)

GetMapKeyAsUint64 tries to find and parse a key in a map as uint64.

func NewUpstreamNamerForVirtualServer 

func NewUpstreamNamerForVirtualServer(virtualServer *conf_v1.VirtualServer) *upstreamNamer

NewUpstreamNamerForVirtualServer creates a new namer.

func NewUpstreamNamerForVirtualServerRoute 

func NewUpstreamNamerForVirtualServerRoute(virtualServer *conf_v1.VirtualServer, virtualServerRoute *conf_v1.VirtualServerRoute) *upstreamNamer

NewUpstreamNamerForVirtualServerRoute creates a new namer.

func ParseBool 

func ParseBool(s string) (bool, error)

ParseBool ensures that the string value is a valid bool

func ParseFloat64 

func ParseFloat64(s string) (float64, error)

ParseFloat64 ensures that the string value is a valid float64

func ParseInt 

func ParseInt(s string) (int, error)

ParseInt ensures that the string value is a valid int

func ParseInt64 

func ParseInt64(s string) (int64, error)

ParseInt64 ensures that the string value is a valid int64

func ParseLBMethod 

func ParseLBMethod(method string) (string, error)

ParseLBMethod parses method and matches it to a corresponding load balancing method in NGINX. An error is returned if method is not valid.

func ParseLBMethodForPlus 

func ParseLBMethodForPlus(method string) (string, error)

ParseLBMethodForPlus parses method and matches it to a corresponding load balancing method in NGINX Plus. An error is returned if method is not valid.

func ParseOffset 

func ParseOffset(s string) (string, error)

ParseOffset ensures that the string value is a valid offset

func ParsePortList 

func ParsePortList(s string) ([]int, error)

ParsePortList ensures that the string is a comma-separated list of port numbers

func ParseProxyBuffersSpec 

func ParseProxyBuffersSpec(s string) (string, error)

ParseProxyBuffersSpec ensures that the string value is a valid proxy buffer spec

func ParseRewriteList 

func ParseRewriteList(s string) (map[string]string, error)

ParseRewriteList ensures that the string is a semicolon-separated list of services

func ParseServiceList 

func ParseServiceList(s string) map[string]bool

ParseServiceList ensures that the string is a comma-separated list of services

func ParseSize 

func ParseSize(s string) (string, error)

ParseSize ensures that the string value is a valid size

func ParseStickyServiceList 

func ParseStickyServiceList(s string) (map[string]string, error)

ParseStickyServiceList ensures that the string is a semicolon-separated list of sticky services

func ParseTime 

func ParseTime(s string) (string, error)

ParseTime ensures that the string value in the annotation is a valid time.

func ParseUint64 

func ParseUint64(s string) (uint64, error)

ParseUint64 ensures that the string value is a valid uint64

func VerifyAppProtectThresholds 

func VerifyAppProtectThresholds(value string) bool

VerifyAppProtectThresholds ensures that threshold values are set correctly

func VerifyPath 

func VerifyPath(s string) bool

VerifyPath ensures that rewrite paths are in the correct format

Types

type AppProtectLog 

type AppProtectLog struct {
	LogConf *unstructured.Unstructured
	Dest    string
}

AppProtectLog holds a single pair of log config and log destination

type AppProtectResources 

type AppProtectResources struct {
	AppProtectPolicy   string
	AppProtectLogconfs []string
}

AppProtectResources holds namespace names of App Protect resources relevant to an Ingress

type ConfigParams 

type ConfigParams struct {
	ClientMaxBodySize                      string
	DefaultServerAccessLogOff              bool
	DefaultServerReturn                    string
	FailTimeout                            string
	HealthCheckEnabled                     bool
	HealthCheckMandatory                   bool
	HealthCheckMandatoryQueue              int64
	HSTS                                   bool
	HSTSBehindProxy                        bool
	HSTSIncludeSubdomains                  bool
	HSTSMaxAge                             int64
	HTTP2                                  bool
	Keepalive                              int
	LBMethod                               string
	LocationSnippets                       []string
	MainAccessLogOff                       bool
	MainErrorLogLevel                      string
	MainHTTPSnippets                       []string
	MainKeepaliveRequests                  int64
	MainKeepaliveTimeout                   string
	MainLogFormat                          []string
	MainLogFormatEscaping                  string
	MainMainSnippets                       []string
	MainOpenTracingEnabled                 bool
	MainOpenTracingLoadModule              bool
	MainOpenTracingTracer                  string
	MainOpenTracingTracerConfig            string
	MainServerNamesHashBucketSize          string
	MainServerNamesHashMaxSize             string
	MainStreamLogFormat                    []string
	MainStreamLogFormatEscaping            string
	MainStreamSnippets                     []string
	MainMapHashBucketSize                  string
	MainMapHashMaxSize                     string
	MainWorkerConnections                  string
	MainWorkerCPUAffinity                  string
	MainWorkerProcesses                    string
	MainWorkerRlimitNofile                 string
	MainWorkerShutdownTimeout              string
	MaxConns                               int
	MaxFails                               int
	AppProtectEnable                       string
	AppProtectPolicy                       string
	AppProtectLogConf                      string
	AppProtectLogEnable                    string
	MainAppProtectFailureModeAction        string
	MainAppProtectCompressedRequestsAction string
	MainAppProtectCookieSeed               string
	MainAppProtectCPUThresholds            string
	MainAppProtectPhysicalMemoryThresholds string
	MainAppProtectReconnectPeriod          string
	AppProtectDosResource                  string
	MainAppProtectDosLogFormat             []string
	MainAppProtectDosLogFormatEscaping     string
	MainAppProtectDosArbFqdn               string
	ProxyBuffering                         bool
	ProxyBuffers                           string
	ProxyBufferSize                        string
	ProxyConnectTimeout                    string
	ProxyHideHeaders                       []string
	ProxyMaxTempFileSize                   string
	ProxyPassHeaders                       []string
	ProxyProtocol                          bool
	ProxyReadTimeout                       string
	ProxySendTimeout                       string
	RedirectToHTTPS                        bool
	ResolverAddresses                      []string
	ResolverIPV6                           bool
	ResolverTimeout                        string
	ResolverValid                          string
	ServerSnippets                         []string
	ServerTokens                           string
	SlowStart                              string
	SSLRedirect                            bool
	UpstreamZoneSize                       string
	VariablesHashBucketSize                uint64
	VariablesHashMaxSize                   uint64

	RealIPHeader    string
	RealIPRecursive bool
	SetRealIPFrom   []string

	MainServerSSLCiphers             string
	MainServerSSLDHParam             string
	MainServerSSLDHParamFileContent  *string
	MainServerSSLPreferServerCiphers bool
	MainServerSSLProtocols           string

	IngressTemplate       *string
	VirtualServerTemplate *string
	MainTemplate          *string

	JWTKey      string
	JWTLoginURL string
	JWTRealm    string
	JWTToken    string

	BasicAuthSecret string
	BasicAuthRealm  string

	Ports    []int
	SSLPorts []int

	SpiffeServerCerts bool
}

ConfigParams holds NGINX configuration parameters that affect the main NGINX config as well as configs for Ingress resources.

func NewDefaultConfigParams 

func NewDefaultConfigParams(isPlus bool) *ConfigParams

NewDefaultConfigParams creates a ConfigParams with default values.

func ParseConfigMap 

func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool, hasAppProtectDos bool, hasTLSPassthrough bool) *ConfigParams

ParseConfigMap parses ConfigMap into ConfigParams.

type Configurator 

type Configurator struct {
	// contains filtered or unexported fields
}

Configurator configures NGINX. Until reloads are enabled via EnableReloads(), the Configurator will not reload NGINX and update NGINX Plus upstream servers via NGINX Plus API for configuration changes. This allows the Ingress Controller to incrementally build the NGINX configuration during the IC start and then apply it at the end of the start.

func NewConfigurator 

func NewConfigurator(p ConfiguratorParams) *Configurator

NewConfigurator creates a new Configurator.

func (*Configurator) AddInternalRouteConfig 

func (cnf *Configurator) AddInternalRouteConfig() error

AddInternalRouteConfig adds internal route server to NGINX Configuration and reloads NGINX

func (*Configurator) AddOrUpdateAppProtectResource 

func (cnf *Configurator) AddOrUpdateAppProtectResource(resource *unstructured.Unstructured, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error)

AddOrUpdateAppProtectResource updates Ingresses and VirtualServers that use App Protect or App Protect DoS resources.

func (*Configurator) AddOrUpdateDHParam 

func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)

AddOrUpdateDHParam creates a dhparam file with the content of the string.

func (*Configurator) AddOrUpdateIngress 

func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) (Warnings, error)

AddOrUpdateIngress adds or updates NGINX configuration for the Ingress resource.

func (*Configurator) AddOrUpdateMergeableIngress 

func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIngresses) (Warnings, error)

AddOrUpdateMergeableIngress adds or updates NGINX configuration for the Ingress resources with Mergeable Types.

func (*Configurator) AddOrUpdateResources 

func (cnf *Configurator) AddOrUpdateResources(resources ExtendedResources, reloadIfUnchanged bool) (Warnings, error)

AddOrUpdateResources adds or updates configuration for resources.

func (*Configurator) AddOrUpdateResourcesThatUseDosProtected 

func (cnf *Configurator) AddOrUpdateResourcesThatUseDosProtected(ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error)

AddOrUpdateResourcesThatUseDosProtected updates Ingresses and VirtualServers that use DoS resources.

func (*Configurator) AddOrUpdateSecret 

func (cnf *Configurator) AddOrUpdateSecret(secret *api_v1.Secret) string

AddOrUpdateSecret adds or updates a secret.

func (*Configurator) AddOrUpdateSpecialTLSSecrets 

func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, secretNames []string) error

AddOrUpdateSpecialTLSSecrets adds or updates a file with a TLS cert and a key from a Special TLS Secret (eg. DefaultServerSecret, WildcardTLSSecret).

func (*Configurator) AddOrUpdateSpiffeCerts 

func (cnf *Configurator) AddOrUpdateSpiffeCerts(svidResponse *workloadapi.X509Context) error

AddOrUpdateSpiffeCerts writes Spiffe certs and keys to disk and reloads NGINX

func (*Configurator) AddOrUpdateTransportServer 

func (cnf *Configurator) AddOrUpdateTransportServer(transportServerEx *TransportServerEx) (Warnings, error)

AddOrUpdateTransportServer adds or updates NGINX configuration for the TransportServer resource. It is a responsibility of the caller to check that the TransportServer references an existing listener.

func (*Configurator) AddOrUpdateVirtualServer 

func (cnf *Configurator) AddOrUpdateVirtualServer(virtualServerEx *VirtualServerEx) (Warnings, error)

AddOrUpdateVirtualServer adds or updates NGINX configuration for the VirtualServer resource.

func (*Configurator) AddOrUpdateVirtualServers 

func (cnf *Configurator) AddOrUpdateVirtualServers(virtualServerExes []*VirtualServerEx) (Warnings, error)

AddOrUpdateVirtualServers adds or updates NGINX configuration for multiple VirtualServer resources.

func (*Configurator) BatchDeleteIngresses 

func (cnf *Configurator) BatchDeleteIngresses(deletedKeys []string) []error

BatchDeleteIngresses takes a list of Ingress resource keys, deletes their configuration, and reloads once

func (*Configurator) BatchDeleteVirtualServers 

func (cnf *Configurator) BatchDeleteVirtualServers(deletedKeys []string) []error

BatchDeleteVirtualServers takes a list of VirtualServer resource keys, deletes their configuration, and reloads once

func (*Configurator) DeleteAppProtectDosLogConf 

func (cnf *Configurator) DeleteAppProtectDosLogConf(resource *unstructured.Unstructured)

DeleteAppProtectDosLogConf updates Ingresses and VirtualServers that use AP Log Configuration after that policy is deleted

func (*Configurator) DeleteAppProtectDosPolicy 

func (cnf *Configurator) DeleteAppProtectDosPolicy(resource *unstructured.Unstructured)

DeleteAppProtectDosPolicy updates Ingresses and VirtualServers that use AP Dos Policy after that policy is deleted

func (*Configurator) DeleteAppProtectLogConf 

func (cnf *Configurator) DeleteAppProtectLogConf(resource *unstructured.Unstructured, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error)

DeleteAppProtectLogConf updates Ingresses and VirtualServers that use AP Log Configuration after that policy is deleted

func (*Configurator) DeleteAppProtectPolicy 

func (cnf *Configurator) DeleteAppProtectPolicy(resource *unstructured.Unstructured, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error)

DeleteAppProtectPolicy updates Ingresses and VirtualServers that use AP Policy after that policy is deleted

func (*Configurator) DeleteIngress 

func (cnf *Configurator) DeleteIngress(key string, skipReload bool) error

DeleteIngress deletes NGINX configuration for the Ingress resource.

func (*Configurator) DeleteSecret 

func (cnf *Configurator) DeleteSecret(key string)

DeleteSecret deletes a secret.

func (*Configurator) DeleteTransportServer 

func (cnf *Configurator) DeleteTransportServer(key string) error

DeleteTransportServer deletes NGINX configuration for the TransportServer resource.

func (*Configurator) DeleteVirtualServer 

func (cnf *Configurator) DeleteVirtualServer(key string, skipReload bool) error

DeleteVirtualServer deletes NGINX configuration for the VirtualServer resource.

func (*Configurator) DisableReloads 

func (cnf *Configurator) DisableReloads()

DisableReloads disables NGINX reloads meaning that configuration changes will not be followed by a reload.

func (*Configurator) DynamicSSLReloadEnabled 

func (cnf *Configurator) DynamicSSLReloadEnabled() bool

DynamicSSLReloadEnabled is used to check if dynamic reloading of SSL certificates is enabled

func (*Configurator) EnableReloads 

func (cnf *Configurator) EnableReloads()

EnableReloads enables NGINX reloads meaning that configuration changes will be followed by a reload.

func (*Configurator) GetIngressCounts 

func (cnf *Configurator) GetIngressCounts() map[string]int

GetIngressCounts returns the total count of Ingress resources that are handled by the Ingress Controller grouped by their type

func (*Configurator) GetVirtualServerCounts 

func (cnf *Configurator) GetVirtualServerCounts() (vsCount int, vsrCount int)

GetVirtualServerCounts returns the total count of VS/VSR resources that are handled by the Ingress Controller

func (*Configurator) GetVirtualServerRoutesForVirtualServer 

func (cnf *Configurator) GetVirtualServerRoutesForVirtualServer(key string) []*conf_v1.VirtualServerRoute

GetVirtualServerRoutesForVirtualServer returns the virtualServerRoutes that a virtualServer references, if that virtualServer exists

func (*Configurator) HasIngress 

func (cnf *Configurator) HasIngress(ing *networking.Ingress) bool

HasIngress checks if the Ingress resource is present in NGINX configuration.

func (*Configurator) HasMinion 

func (cnf *Configurator) HasMinion(master *networking.Ingress, minion *networking.Ingress) bool

HasMinion checks if the minion Ingress resource of the master is present in NGINX configuration.

func (*Configurator) IsResolverConfigured 

func (cnf *Configurator) IsResolverConfigured() bool

IsResolverConfigured checks if a DNS resolver is present in NGINX configuration.

func (*Configurator) RefreshAppProtectUserSigs 

func (cnf *Configurator) RefreshAppProtectUserSigs(
	userSigs []*unstructured.Unstructured, delPols []string, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx,
) (Warnings, error)

RefreshAppProtectUserSigs writes all valid UDS files to fs and reloads NGINX

func (*Configurator) ReloadForBatchUpdates 

func (cnf *Configurator) ReloadForBatchUpdates(batchReloadsEnabled bool) error

ReloadForBatchUpdates reloads NGINX after a batch event.

func (*Configurator) StreamUpstreamsForName 

func (cnf *Configurator) StreamUpstreamsForName(name string) []string

StreamUpstreamsForName takes a name and returns stream upstreams associated with this name. The name represents TS's (TransportServer) action name.

func (*Configurator) UpdateConfig 

func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, resources ExtendedResources) (Warnings, error)

UpdateConfig updates NGINX configuration parameters.

func (*Configurator) UpdateEndpoints 

func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error

UpdateEndpoints updates endpoints in NGINX configuration for the Ingress resources.

func (*Configurator) UpdateEndpointsForTransportServers 

func (cnf *Configurator) UpdateEndpointsForTransportServers(transportServerExes []*TransportServerEx) error

UpdateEndpointsForTransportServers updates endpoints in NGINX configuration for the TransportServer resources.

func (*Configurator) UpdateEndpointsForVirtualServers 

func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*VirtualServerEx) error

UpdateEndpointsForVirtualServers updates endpoints in NGINX configuration for the VirtualServer resources.

func (*Configurator) UpdateEndpointsMergeableIngress 

func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*MergeableIngresses) error

UpdateEndpointsMergeableIngress updates endpoints in NGINX configuration for a mergeable Ingress resource.

func (*Configurator) UpdateTransportServers 

func (cnf *Configurator) UpdateTransportServers(updatedTSExes []*TransportServerEx, deletedKeys []string) []error

UpdateTransportServers updates TransportServers.

func (*Configurator) UpdateVirtualServers 

func (cnf *Configurator) UpdateVirtualServers(updatedVSExes []*VirtualServerEx, deletedKeys []string) []error

UpdateVirtualServers updates VirtualServers.

func (*Configurator) UpstreamsForHost 

func (cnf *Configurator) UpstreamsForHost(hostname string) []string

UpstreamsForHost takes a hostname and returns upstreams for the given hostname.

type ConfiguratorParams 

type ConfiguratorParams struct {
	NginxManager              nginx.Manager
	StaticCfgParams           *StaticConfigParams
	Config                    *ConfigParams
	TemplateExecutor          *version1.TemplateExecutor
	TemplateExecutorV2        *version2.TemplateExecutor
	LabelUpdater              collector.LabelUpdater
	LatencyCollector          latCollector.LatencyCollector
	IsPlus                    bool
	IsPrometheusEnabled       bool
	IsWildcardEnabled         bool
	IsLatencyMetricsEnabled   bool
	IsDynamicSSLReloadEnabled bool
	NginxVersion              nginx.Version
}

ConfiguratorParams is a collection of parameters used for the NewConfigurator() function

type DosEx 

type DosEx struct {
	DosProtected *v1beta1.DosProtectedResource
	DosPolicy    *unstructured.Unstructured
	DosLogConf   *unstructured.Unstructured
}

DosEx holds a DosProtectedResource and the dos policy and log confs it references.

type ExtendedResources 

type ExtendedResources struct {
	IngressExes         []*IngressEx
	MergeableIngresses  []*MergeableIngresses
	VirtualServerExes   []*VirtualServerEx
	TransportServerExes []*TransportServerEx
}

ExtendedResources holds all extended configuration resources, for which Configurator configures NGINX.

type GlobalConfigParams 

type GlobalConfigParams struct {
	Listeners map[string]Listener
}

GlobalConfigParams holds global configuration parameters. For now, it only holds listeners. GlobalConfigParams should replace ConfigParams in the future.

func NewDefaultGlobalConfigParams 

func NewDefaultGlobalConfigParams() *GlobalConfigParams

NewDefaultGlobalConfigParams creates a GlobalConfigParams with default values.

func NewGlobalConfigParamsWithTLSPassthrough 

func NewGlobalConfigParamsWithTLSPassthrough() *GlobalConfigParams

NewGlobalConfigParamsWithTLSPassthrough creates new GlobalConfigParams with enabled TLS Passthrough listener.

type IngressEx 

type IngressEx struct {
	Ingress          *networking.Ingress
	Endpoints        map[string][]string
	HealthChecks     map[string]*api_v1.Probe
	ExternalNameSvcs map[string]bool
	PodsByIP         map[string]PodInfo
	ValidHosts       map[string]bool
	ValidMinionPaths map[string]bool
	AppProtectPolicy *unstructured.Unstructured
	AppProtectLogs   []AppProtectLog
	DosEx            *DosEx
	SecretRefs       map[string]*secrets.SecretReference
}

IngressEx holds an Ingress along with the resources that are referenced in this Ingress.

func (*IngressEx) String 

func (ingEx *IngressEx) String() string

type JWTKey 

type JWTKey struct {
	Name   string
	Secret *api_v1.Secret
}

JWTKey represents a secret that holds JSON Web Key.

type Listener 

type Listener struct {
	Port     int
	Protocol string
}

Listener represents a listener that can be used in a TransportServer resource.

type MergeableIngresses 

type MergeableIngresses struct {
	Master  *IngressEx
	Minions []*IngressEx
}

MergeableIngresses is a mergeable ingress of a master and minions.

type MeshPodOwner 

type MeshPodOwner struct {
	// OwnerType is one of the following: statefulset, daemonset, deployment.
	OwnerType string
	// OwnerName is the name of the statefulset, daemonset, or deployment.
	OwnerName string
}

MeshPodOwner contains the type and name of the K8s resource that owns the pod. This owner information is needed for NGINX Service Mesh metrics.

type NginxCfgParams 

type NginxCfgParams struct {
	// contains filtered or unexported fields
}

NginxCfgParams is a collection of parameters used by generateNginxCfg() and generateNginxCfgForMergeableIngresses()

type PodInfo 

type PodInfo struct {
	Name string
	MeshPodOwner
}

PodInfo contains the name of the Pod and the MeshPodOwner information which is used for NGINX Service Mesh metrics.

type ResourceOperation 

type ResourceOperation func(resource *v1beta1.DosProtectedResource, ingExes []*IngressEx, mergeableIngresses []*MergeableIngresses, vsExes []*VirtualServerEx) (Warnings, error)

ResourceOperation represents a function that changes configuration in relation to an unstructured resource.

type StaticConfigParams 

type StaticConfigParams struct {
	DisableIPV6                    bool
	DefaultHTTPListenerPort        int
	DefaultHTTPSListenerPort       int
	HealthStatus                   bool
	HealthStatusURI                string
	NginxStatus                    bool
	NginxStatusAllowCIDRs          []string
	NginxStatusPort                int
	StubStatusOverUnixSocketForOSS bool
	TLSPassthrough                 bool
	TLSPassthroughPort             int
	EnableSnippets                 bool
	NginxServiceMesh               bool
	EnableInternalRoutes           bool
	MainAppProtectLoadModule       bool
	MainAppProtectDosLoadModule    bool
	InternalRouteServerName        string
	EnableLatencyMetrics           bool
	EnableOIDC                     bool
	SSLRejectHandshake             bool
	EnableCertManager              bool
	DynamicSSLReload               bool
	StaticSSLPath                  string
	NginxVersion                   nginx.Version
}

StaticConfigParams holds immutable NGINX configuration parameters that affect the main NGINX config.

type TransportServerEx 

type TransportServerEx struct {
	ListenerPort     int
	TransportServer  *conf_v1.TransportServer
	Endpoints        map[string][]string
	PodsByIP         map[string]string
	ExternalNameSvcs map[string]bool
	DisableIPV6      bool
	SecretRefs       map[string]*secrets.SecretReference
}

TransportServerEx holds a TransportServer along with the resources referenced by it.

func (*TransportServerEx) String 

func (tsEx *TransportServerEx) String() string

type VirtualServerEx 

type VirtualServerEx struct {
	VirtualServer       *conf_v1.VirtualServer
	HTTPPort            int
	HTTPSPort           int
	Endpoints           map[string][]string
	VirtualServerRoutes []*conf_v1.VirtualServerRoute
	ExternalNameSvcs    map[string]bool
	Policies            map[string]*conf_v1.Policy
	PodsByIP            map[string]PodInfo
	SecretRefs          map[string]*secrets.SecretReference
	ApPolRefs           map[string]*unstructured.Unstructured
	LogConfRefs         map[string]*unstructured.Unstructured
	DosProtectedRefs    map[string]*unstructured.Unstructured
	DosProtectedEx      map[string]*DosEx
}

VirtualServerEx holds a VirtualServer along with the resources that are referenced in this VirtualServer.

func (*VirtualServerEx) String 

func (vsx *VirtualServerEx) String() string

type Warnings 

type Warnings map[runtime.Object][]string

Warnings stores a list of warnings for a given runtime k8s object in a map

func (Warnings) Add 

func (w Warnings) Add(warnings Warnings)

Add adds new Warnings to the map

func (Warnings) AddWarning 

func (w Warnings) AddWarning(obj runtime.Object, msg string)

AddWarning Adds a warning for the specified object.

func (Warnings) AddWarningf 

func (w Warnings) AddWarningf(obj runtime.Object, msgFmt string, args ...interface{})

AddWarningf Adds a warning for the specified object using the provided format and arguments.

Source Files

View all Source files

Directories

Path Synopsis
Package commonhelpers contains template helpers used in v1 and v2
 Package commonhelpers contains template helpers used in v1 and v2

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.