proxy

package
v0.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 40 Imported by: 2

Documentation

Overview

Package proxy provides a reverse proxy that accepts client certificates and forwards Common Name and Organizations to backend API servers in HTTP headers. The proxy terminates client TLS and communicates with API servers via mTLS. Traffic is routed based on paths.

An example configuration:

  • path: /services/ backend: https://localhost:6444 backend_server_ca: certs/kcp-ca-cert.pem proxy_client_cert: certs/proxy-client-cert.pem proxy_client_key: certs/proxy-client-key.pem
  • path: / backend: https://localhost:6443 backend_server_ca: certs/kcp-ca-cert.pem proxy_client_cert: certs/proxy-client-cert.pem proxy_client_key: certs/proxy-client-key.pem

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHandler

func NewHandler(ctx context.Context, o *proxyoptions.Options, index index.Index) (http.Handler, error)

func ShardURLFrom

func ShardURLFrom(ctx context.Context) *url.URL

func WithProxyAuthHeaders

func WithProxyAuthHeaders(delegate http.Handler, userHeader, groupHeader string, extraHeaderPrefix string) http.HandlerFunc

WithProxyAuthHeaders does client cert termination by extracting the user and groups and passing them through access headers to the shard.

func WithShardURL

func WithShardURL(parent context.Context, shardURL *url.URL) context.Context

Types

type CompletedConfig added in v0.9.0

type CompletedConfig struct {
	// contains filtered or unexported fields
}

type Config added in v0.9.0

type Config struct {
	Options *proxyoptions.Options

	ExtraConfig
}

func NewConfig added in v0.9.0

func NewConfig(ctx context.Context, opts *proxyoptions.Options) (*Config, error)

NewConfig returns a new Config for the given options.

func (*Config) Complete added in v0.9.0

func (c *Config) Complete() (CompletedConfig, error)

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type ExtraConfig added in v0.9.0

type ExtraConfig struct {
	// resolveIdentities is to be called on server start until it succeeds. It injects the kcp
	// resource identities into the rest.Config used by the client. Only after it succeeds,
	// the clients can wildcard-list/watch most kcp resources.
	ResolveIdentities func(ctx context.Context) error
	RootShardConfig   *rest.Config
	ShardsConfig      *rest.Config

	AuthenticationInfo    genericapiserver.AuthenticationInfo
	ServingInfo           *genericapiserver.SecureServingInfo
	AdditionalAuthEnabled bool
}

type HttpHandler added in v0.24.0

type HttpHandler struct {
	// contains filtered or unexported fields
}

func (*HttpHandler) ServeHTTP added in v0.24.0

func (h *HttpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type PathMapping

type PathMapping struct {
	Path              string `json:"path"`
	Backend           string `json:"backend"`
	BackendServerCA   string `json:"backend_server_ca"`
	ProxyClientCert   string `json:"proxy_client_cert"`
	ProxyClientKey    string `json:"proxy_client_key"`
	UserHeader        string `json:"user_header,omitempty"`
	GroupHeader       string `json:"group_header,omitempty"`
	ExtraHeaderPrefix string `json:"extra_header_prefix"`
}

PathMapping describes how to route traffic from a path to a backend server. Each Path is registered with the DefaultServeMux with a handler that delegates to the specified backend.

type Server added in v0.9.0

type Server struct {
	CompletedConfig
	Handler                  http.Handler
	IndexController          *index.Controller
	KcpSharedInformerFactory kcpinformers.SharedScopedInformerFactory
}

func NewServer added in v0.9.0

func NewServer(ctx context.Context, c CompletedConfig) (*Server, error)

func (*Server) PrepareRun added in v0.9.0

func (s *Server) PrepareRun(ctx context.Context) (preparedServer, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL