config

package
v1.20.0-snapshot.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 12, 2020 License: Apache-2.0 Imports: 11 Imported by: 169

Documentation

Index

Constants

View Source
const (
	// External services auth
	EnvGrafanaPassword    = "GRAFANA_PASSWORD"
	EnvGrafanaToken       = "GRAFANA_TOKEN"
	EnvPrometheusPassword = "PROMETHEUS_PASSWORD"
	EnvPrometheusToken    = "PROMETHEUS_TOKEN"
	EnvTracingPassword    = "TRACING_PASSWORD"
	EnvTracingToken       = "TRACING_TOKEN"

	// Login Token signing key used to prepare the token for user login
	EnvLoginTokenSigningKey = "LOGIN_TOKEN_SIGNING_KEY"
)

Environment variables that can override the ConfigMap yaml values

View Source
const (
	IstioVersionSupported   = ">= 1.0"
	MaistraVersionSupported = ">= 0.7.0"
	OSSMVersionSupported    = ">= 1.0"
)

The versions that Kiali requires

View Source
const (
	AuthStrategyOpenshift = "openshift"
	AuthStrategyLogin     = "login"
	AuthStrategyAnonymous = "anonymous"
	AuthStrategyLDAP      = "ldap"
	AuthStrategyToken     = "token"
	AuthStrategyOpenId    = "openid"

	TokenCookieName             = "kiali-token"
	AuthStrategyOpenshiftIssuer = "kiali-openshift"
	AuthStrategyLoginIssuer     = "kiali-login"
	AuthStrategyTokenIssuer     = "kiali-token"
	AuthStrategyLDAPIssuer      = "kiali-ldap"
	AuthStrategyOpenIdIssuer    = "kiali-open-id"

	// These constants are used for external services auth (Prometheus, Grafana ...) ; not for Kiali auth
	AuthTypeBasic  = "basic"
	AuthTypeBearer = "bearer"
	AuthTypeNone   = "none"
)

The valid auth strategies and values for cookie handling

View Source
const (
	LoginSecretUsername   = "/kiali-secret/username"
	LoginSecretPassphrase = "/kiali-secret/passphrase"
)

the paths we expect the login secret to be located

View Source
const (
	IstioMultiClusterHostSuffix = "global"
)

Variables

This section is empty.

Functions

func GetIstioNamespaces added in v1.4.0

func GetIstioNamespaces(exclude []string) []string

GetIstioNamespaces returns all Istio namespaces, less the exclusions

func GetSignedTokenString added in v0.16.0

func GetSignedTokenString(claims jwt.Claims) (string, error)

func GetSigningKey added in v1.0.10

func GetSigningKey() string

func IsIstioNamespace added in v1.4.0

func IsIstioNamespace(namespace string) bool

IsIstioNamespace returns true if the namespace is the default istio namespace or an Istio component namespace

func Marshal

func Marshal(conf *Config) (yamlString string, err error)

Marshal converts the Config object and returns its YAML string.

func SaveToFile

func SaveToFile(filename string, conf *Config) (err error)

SaveToFile converts the Config object and stores its YAML string into the given file, overwriting any data that is in the file.

func Set

func Set(conf *Config)

Set the global Config This function should not be called outside of main or tests. If possible keep config unmutated and use globals and/or appstate package for mutable states to avoid concurrent writes risk.

func ValidateSigningKey added in v1.17.0

func ValidateSigningKey(signingKey string, authStrategy string) error

func ValidateToken

func ValidateToken(tokenString string) (string, error)

ValidateToken checks if the input token is still valid

Types

type AdditionalDisplayItem added in v1.10.0

type AdditionalDisplayItem struct {
	Annotation     string `yaml:"annotation"`
	IconAnnotation string `yaml:"icon_annotation"`
	Title          string `yaml:"title"`
}

AdditionalDisplayItem holds some display-related configuration, like which annotations are to be displayed

type ApiConfig added in v0.9.1

type ApiConfig struct {
	Namespaces ApiNamespacesConfig
}

ApiConfig contains API specific configuration.

type ApiNamespacesConfig added in v0.9.1

type ApiNamespacesConfig struct {
	Exclude       []string
	LabelSelector string `yaml:"label_selector,omitempty" json:"labelSelector"`
}

ApiNamespacesConfig provides a list of regex strings defining namespaces to blacklist.

type Auth added in v0.21.0

type Auth struct {
	CAFile             string `yaml:"ca_file"`
	InsecureSkipVerify bool   `yaml:"insecure_skip_verify"`
	Password           string `yaml:"password"`
	Token              string `yaml:"token"`
	Type               string `yaml:"type"`
	UseKialiToken      bool   `yaml:"use_kiali_token"`
	Username           string `yaml:"username"`
}

Auth provides authentication data for external services

func (*Auth) Obfuscate added in v1.13.0

func (a *Auth) Obfuscate()

type AuthConfig added in v0.16.0

type AuthConfig struct {
	LDAP     LDAPConfig   `yaml:"ldap,omitempty"`
	OpenId   OpenIdConfig `yaml:"openid,omitempty"`
	Strategy string       `yaml:"strategy,omitempty"`
}

AuthConfig provides details on how users are to authenticate

type Config

type Config struct {
	AdditionalDisplayDetails []AdditionalDisplayItem  `yaml:"additional_display_details,omitempty"`
	API                      ApiConfig                `yaml:"api,omitempty"`
	Auth                     AuthConfig               `yaml:"auth,omitempty"`
	Deployment               DeploymentConfig         `yaml:"deployment,omitempty"`
	Extensions               Extensions               `yaml:"extensions,omitempty"`
	ExternalServices         ExternalServices         `yaml:"external_services,omitempty"`
	Identity                 security.Identity        `yaml:",omitempty"`
	InCluster                bool                     `yaml:"in_cluster,omitempty"`
	InstallationTag          string                   `yaml:"installation_tag,omitempty"`
	IstioComponentNamespaces IstioComponentNamespaces `yaml:"istio_component_namespaces,omitempty"`
	IstioLabels              IstioLabels              `yaml:"istio_labels,omitempty"`
	IstioNamespace           string                   `yaml:"istio_namespace,omitempty"` // default component namespace
	KubernetesConfig         KubernetesConfig         `yaml:"kubernetes_config,omitempty"`
	LoginToken               LoginToken               `yaml:"login_token,omitempty"`
	Server                   Server                   `yaml:",omitempty"`
}

Config defines full YAML configuration.

func Get

func Get() (conf *Config)

Get the global Config

func LoadFromFile

func LoadFromFile(filename string) (conf *Config, err error)

LoadFromFile reads the YAML from the given file, parses the content, and returns its Config object representation.

func NewConfig

func NewConfig() (c *Config)

NewConfig creates a default Config struct

func Unmarshal

func Unmarshal(yamlString string) (conf *Config, err error)

Unmarshal parses the given YAML string and returns its Config object representation.

func (Config) String

func (conf Config) String() (str string)

String marshals the given Config into a YAML string WARNING: do NOT use the result of this function to retrieve any configuration: some fields are obfuscated for security reasons.

type DeploymentConfig added in v0.21.0

type DeploymentConfig struct {
	AccessibleNamespaces []string `yaml:"accessible_namespaces"`
	Namespace            string   `yaml:"namespace,omitempty"` // Kiali deployment namespace
}

DeploymentConfig provides details on how Kiali was deployed.

type Extensions added in v1.14.0

type Extensions struct {
	ThreeScale ThreeScaleConfig `yaml:"threescale,omitempty"`
	Iter8      Iter8Config      `yaml:"iter_8,omitempty"`
}

Extensions struct describes configuration for Kiali add-ons (extensions) New add-on/extension configuration should create a specif config and be located under this

type ExternalServices

type ExternalServices struct {
	Grafana    GrafanaConfig    `yaml:"grafana,omitempty"`
	Istio      IstioConfig      `yaml:"istio,omitempty"`
	Prometheus PrometheusConfig `yaml:"prometheus,omitempty"`
	Tracing    TracingConfig    `yaml:"tracing,omitempty"`
}

ExternalServices holds configurations for other systems that Kiali depends on

type GrafanaConfig

type GrafanaConfig struct {
	Auth         Auth                     `yaml:"auth"`
	Dashboards   []GrafanaDashboardConfig `yaml:"dashboards"`
	Enabled      bool                     `yaml:"enabled"` // Enable or disable Grafana support in Kiali
	InClusterURL string                   `yaml:"in_cluster_url"`
	URL          string                   `yaml:"url"`
}

GrafanaConfig describes configuration used for Grafana links

type GrafanaDashboardConfig added in v1.5.0

type GrafanaDashboardConfig struct {
	Name      string                 `yaml:"name"`
	Variables GrafanaVariablesConfig `yaml:"variables"`
}

type GrafanaVariablesConfig added in v1.5.0

type GrafanaVariablesConfig struct {
	App       string `yaml:"app" json:"app,omitempty"`
	Namespace string `yaml:"namespace" json:"namespace,omitempty"`
	Service   string `yaml:"service" json:"service,omitempty"`
	Version   string `yaml:"version" json:"version,omitempty"`
	Workload  string `yaml:"workload" json:"workload,omitempty"`
}

type IanaClaims added in v0.16.0

type IanaClaims struct {
	SessionId string `json:"sid,omitempty"`
	jwt.StandardClaims
}

Structured version of Claims Section, as referenced at https://tools.ietf.org/html/rfc7519#section-4.1 See examples for how to use this with your own claim types

func GetTokenClaimsIfValid added in v0.16.0

func GetTokenClaimsIfValid(tokenString string) (*IanaClaims, error)

type IstioComponentNamespaces added in v1.4.0

type IstioComponentNamespaces map[string]string

IstioComponentNamespaces holds the component-specific Istio namespaces. Any missing component defaults to the namespace configured for IstioNamespace (which itself defaults to 'istio-system').

type IstioConfig

type IstioConfig struct {
	IstioStatusEnabled     bool   `yaml:"istio_status_enabled,omitempty"`
	IstioIdentityDomain    string `yaml:"istio_identity_domain,omitempty"`
	IstioSidecarAnnotation string `yaml:"istio_sidecar_annotation,omitempty"`
	UrlServiceVersion      string `yaml:"url_service_version"`
}

IstioConfig describes configuration used for istio links

type IstioLabels added in v0.7.0

type IstioLabels struct {
	AppLabelName     string `yaml:"app_label_name,omitempty" json:"appLabelName"`
	VersionLabelName string `yaml:"version_label_name,omitempty" json:"versionLabelName"`
}

IstioLabels holds configuration about the labels required by Istio

type Iter8Config added in v1.15.0

type Iter8Config struct {
	Enabled bool `yaml:"enabled"`
}

type KubernetesConfig added in v0.9.0

type KubernetesConfig struct {
	Burst int `yaml:"burst,omitempty"`
	// Cache duration expressed in seconds
	// Cache uses watchers to sync with the backend, after a CacheDuration watchers are closed and re-opened
	CacheDuration int `yaml:"cache_duration,omitempty"`
	// Enable cache for kubernetes and istio resources
	CacheEnabled bool `yaml:"cache_enabled,omitempty"`
	// Kiali can cache VirtualService,DestinationRule,Gateway and ServiceEntry Istio resources if they are present
	// on this list of Istio types. Other Istio types are not yet supported.
	CacheIstioTypes []string `yaml:"cache_istio_types,omitempty"`
	// List of namespaces or regex defining namespaces to include in a cache
	CacheNamespaces []string `yaml:"cache_namespaces,omitempty"`
	// Cache duration expressed in seconds
	// Kiali cache list of namespaces per user, this is typically short lived cache compared with the duration of the
	// namespace cache defined by previous CacheDuration parameter
	CacheTokenNamespaceDuration int `yaml:"cache_token_namespace_duration,omitempty"`
	// List of controllers that won't be used for Workload calculation
	// Kiali queries Deployment,ReplicaSet,ReplicationController,DeploymentConfig,StatefulSet,Job and CronJob controllers
	// Deployment and ReplicaSet will be always queried, but ReplicationController,DeploymentConfig,StatefulSet,Job and CronJobs
	// can be skipped from Kiali workloads query if they are present in this list
	ExcludeWorkloads []string `yaml:"excluded_workloads,omitempty"`
	QPS              float32  `yaml:"qps,omitempty"`
}

KubernetesConfig holds the k8s client, caching and performance configuration

type LDAPConfig added in v1.4.0

type LDAPConfig struct {
	LDAPBase               string `yaml:"ldap_base,omitempty"`
	LDAPBindDN             string `yaml:"ldap_bind_dn,omitempty"`
	LDAPInsecureSkipVerify bool   `yaml:"ldap_insecure_skip_verify,omitempty"`
	LDAPGroupFilter        string `yaml:"ldap_group_filter,omitempty"`
	LDAPHost               string `yaml:"ldap_host,omitempty"`
	LDAPMailIDKey          string `yaml:"ldap_mail_id_key,omitempty"`
	LDAPMemberOfKey        string `yaml:"ldap_member_of_key,omitempty"`
	LDAPPort               int    `yaml:"ldap_port,omitempty"`
	LDAPRoleFilter         string `yaml:"ldap_role_filter,omitempty"`
	LDAPSearchFilter       string `yaml:"ldap_search_filter,omitempty"`
	LDAPUserFilter         string `yaml:"ldap_user_filter,omitempty"`
	LDAPUserIDKey          string `yaml:"ldap_user_id_key,omitempty"`
	LDAPUseSSL             bool   `yaml:"ldap_use_ssl,omitempty"`
}

LDAPConfig provides the details of the LDAP related configuration

type LoginToken added in v0.6.0

type LoginToken struct {
	ExpirationSeconds int64  `yaml:"expiration_seconds,omitempty"`
	SigningKey        string `yaml:"signing_key,omitempty"`
}

LoginToken holds config used for generating the Kiali session tokens.

func (*LoginToken) Obfuscate added in v1.13.0

func (lt *LoginToken) Obfuscate()

type OpenIdConfig added in v1.19.0

type OpenIdConfig struct {
	AuthenticationTimeout int      `yaml:"authentication_timeout,omitempty"`
	AuthorizationEndpoint string   `yaml:"authorization_endpoint,omitempty"`
	ClientId              string   `yaml:"client_id,omitempty"`
	InsecureSkipVerifyTLS bool     `yaml:"insecure_skip_verify_tls,omitempty"`
	IssuerUri             string   `yaml:"issuer_uri,omitempty"`
	Scopes                []string `yaml:"scopes,omitempty"`
	UsernameClaim         string   `yaml:"username_claim,omitempty"`
}

OpenIdConfig contains specific configuration for authentication using an OpenID provider

type PrometheusConfig added in v0.18.0

type PrometheusConfig struct {
	Auth             Auth   `yaml:"auth,omitempty"`
	CustomMetricsURL string `yaml:"custom_metrics_url,omitempty"`
	URL              string `yaml:"url,omitempty"`
}

PrometheusConfig describes configuration of the Prometheus component

type Server

type Server struct {
	Address                    string               `yaml:",omitempty"`
	AuditLog                   bool                 `yaml:"audit_log,omitempty"` // When true, allows additional audit logging on Write operations
	CORSAllowAll               bool                 `yaml:"cors_allow_all,omitempty"`
	Credentials                security.Credentials `yaml:",omitempty"`
	GzipEnabled                bool                 `yaml:"gzip_enabled,omitempty"`
	MetricsEnabled             bool                 `yaml:"metrics_enabled,omitempty"`
	MetricsPort                int                  `yaml:"metrics_port,omitempty"`
	Port                       int                  `yaml:",omitempty"`
	StaticContentRootDirectory string               `yaml:"static_content_root_directory,omitempty"`
	WebFQDN                    string               `yaml:"web_fqdn,omitempty"`
	WebRoot                    string               `yaml:"web_root,omitempty"`
	WebSchema                  string               `yaml:"web_schema,omitempty"`
}

Server configuration

type ThreeScaleConfig added in v0.20.0

type ThreeScaleConfig struct {
	AdapterName    string `yaml:"adapter_name"`
	AdapterPort    string `yaml:"adapter_port"`
	AdapterService string `yaml:"adapter_service"`
	Enabled        bool   `yaml:"enabled"`
}

ThreeScaleConfig describes configuration used for 3Scale adapter

type TokenGenerated

type TokenGenerated struct {
	Username  string    `json:"username"`
	Token     string    `json:"token"`
	ExpiresOn time.Time `json:"expiresOn"`
}

func GenerateToken

func GenerateToken(username string) (TokenGenerated, error)

GenerateToken generates a signed token with an expiration of <ExpirationSeconds> seconds

type TracingConfig added in v0.20.0

type TracingConfig struct {
	Auth                 Auth     `yaml:"auth"`
	Enabled              bool     `yaml:"enabled"` // Enable Jaeger in Kiali
	InClusterURL         string   `yaml:"in_cluster_url"`
	NamespaceSelector    bool     `yaml:"namespace_selector"`
	URL                  string   `yaml:"url"`
	WhiteListIstioSystem []string `yaml:"whitelist_istio_system"`
}

TracingConfig describes configuration used for tracing links

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL