kubernetes

package
v1.54.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 25, 2022 License: Apache-2.0 Imports: 48 Imported by: 156

Documentation

Index

Constants

View Source
const (
	// Kubernetes Controllers
	ConfigMapType             = "ConfigMap"
	CronJobType               = "CronJob"
	DaemonSetType             = "DaemonSet"
	DeploymentType            = "Deployment"
	DeploymentConfigType      = "DeploymentConfig"
	EndpointsType             = "Endpoints"
	JobType                   = "Job"
	PodType                   = "Pod"
	ReplicationControllerType = "ReplicationController"
	ReplicaSetType            = "ReplicaSet"
	ServiceType               = "Service"
	StatefulSetType           = "StatefulSet"

	DestinationRules    = "destinationrules"
	DestinationRuleType = "DestinationRule"

	Gateways    = "gateways"
	GatewayType = "Gateway"

	EnvoyFilters    = "envoyfilters"
	EnvoyFilterType = "EnvoyFilter"

	Sidecars    = "sidecars"
	SidecarType = "Sidecar"

	ServiceEntries   = "serviceentries"
	ServiceEntryType = "ServiceEntry"

	VirtualServices    = "virtualservices"
	VirtualServiceType = "VirtualService"

	WorkloadEntries   = "workloadentries"
	WorkloadEntryType = "WorkloadEntry"

	WorkloadGroups    = "workloadgroups"
	WorkloadGroupType = "WorkloadGroup"

	// Authorization PeerAuthentications
	AuthorizationPolicies     = "authorizationpolicies"
	AuthorizationPoliciesType = "AuthorizationPolicy"

	// Peer Authentications
	PeerAuthentications     = "peerauthentications"
	PeerAuthenticationsType = "PeerAuthentication"

	// Request Authentications
	RequestAuthentications     = "requestauthentications"
	RequestAuthenticationsType = "RequestAuthentication"
)
View Source
const DefaultServiceAccountPath = "/var/run/secrets/kubernetes.io/serviceaccount/token"
View Source
const RemoteSecretData = "/kiali-remote-secret/kiali"

Variables

View Source
var (
	NetworkingGroupVersionV1Alpha3 = schema.GroupVersion{
		Group:   "networking.istio.io",
		Version: "v1alpha3",
	}
	ApiNetworkingVersionV1Alpha3 = NetworkingGroupVersionV1Alpha3.Group + "/" + NetworkingGroupVersionV1Alpha3.Version

	NetworkingGroupVersionV1Beta1 = schema.GroupVersion{
		Group:   "networking.istio.io",
		Version: "v1beta1",
	}
	ApiNetworkingVersionV1Beta1 = NetworkingGroupVersionV1Beta1.Group + "/" + NetworkingGroupVersionV1Beta1.Version

	SecurityGroupVersion = schema.GroupVersion{
		Group:   "security.istio.io",
		Version: "v1beta1",
	}
	ApiSecurityVersion = SecurityGroupVersion.Group + "/" + SecurityGroupVersion.Version

	PluralType = map[string]string{

		Gateways:         GatewayType,
		VirtualServices:  VirtualServiceType,
		DestinationRules: DestinationRuleType,
		ServiceEntries:   ServiceEntryType,
		Sidecars:         SidecarType,
		WorkloadEntries:  WorkloadEntryType,
		WorkloadGroups:   WorkloadGroupType,
		EnvoyFilters:     EnvoyFilterType,

		AuthorizationPolicies:  AuthorizationPoliciesType,
		PeerAuthentications:    PeerAuthenticationsType,
		RequestAuthentications: RequestAuthenticationsType,
	}

	ResourceTypesToAPI = map[string]string{
		DestinationRules:       NetworkingGroupVersionV1Beta1.Group,
		EnvoyFilters:           NetworkingGroupVersionV1Alpha3.Group,
		Gateways:               NetworkingGroupVersionV1Beta1.Group,
		ServiceEntries:         NetworkingGroupVersionV1Beta1.Group,
		Sidecars:               NetworkingGroupVersionV1Beta1.Group,
		VirtualServices:        NetworkingGroupVersionV1Beta1.Group,
		WorkloadEntries:        NetworkingGroupVersionV1Beta1.Group,
		WorkloadGroups:         NetworkingGroupVersionV1Beta1.Group,
		AuthorizationPolicies:  SecurityGroupVersion.Group,
		PeerAuthentications:    SecurityGroupVersion.Group,
		RequestAuthentications: SecurityGroupVersion.Group,
	}
)
View Source
var KialiToken string

Functions

func ConfigClient

func ConfigClient() (*rest.Config, error)

ConfigClient return a client with the correct configuration Returns configuration if Kiali is in Cluster when InCluster is true Returns configuration if Kiali is not int Cluster when InCluster is false It returns an error on any problem

func DestinationRuleHasMTLSEnabled added in v1.31.0

func DestinationRuleHasMTLSEnabled(destinationRule *networking_v1beta1.DestinationRule) (bool, string)

func DestinationRuleHasMTLSEnabledForHost added in v0.16.0

func DestinationRuleHasMTLSEnabledForHost(expectedHost string, destinationRule *networking_v1beta1.DestinationRule) (bool, string)

func DestinationRuleHasMeshWideMTLSEnabled added in v0.16.0

func DestinationRuleHasMeshWideMTLSEnabled(destinationRule *networking_v1beta1.DestinationRule) (bool, string)

func DestinationRuleHasNamespaceWideMTLSEnabled added in v0.16.0

func DestinationRuleHasNamespaceWideMTLSEnabled(namespace string, destinationRule *networking_v1beta1.DestinationRule) (bool, string)

func FilterAuthorizationPoliciesBySelector added in v1.44.0

func FilterAuthorizationPoliciesBySelector(workloadSelector string, authorizationpolicies []*security_v1beta1.AuthorizationPolicy) []*security_v1beta1.AuthorizationPolicy

func FilterByHost

func FilterByHost(host, hostNamespace, serviceName, svcNamespace string) bool

FilterByHost returns true if a (host, hostNamespace) combination is making reference to a (serviceName, svcNamespace) combination. Presumably, the host is part of the definition of some Istio Resource. Thus, it can take the form of "host", "host.namespace" or "host.namespace.svc", or the FQDN "host.namespace.svc.<identity_domain_suffix>". For the cases where the host argument takes the simplistic form of only "host", you need to provide the hostNamespace argument, which should be set to the namespace of the involved Istio Resource. For the other cases, it is safe to omit it. The other arguments are always mandatory.

func FilterByRegistryService added in v1.44.0

func FilterByRegistryService(namespace string, hostname string, registryService *RegistryService) bool

func FilterDestinationRulesByHostname added in v1.44.0

func FilterDestinationRulesByHostname(allDr []*networking_v1beta1.DestinationRule, hostname string) []*networking_v1beta1.DestinationRule

func FilterDestinationRulesByNamespaces added in v1.45.0

func FilterDestinationRulesByNamespaces(namespaces []string, allDr []*networking_v1beta1.DestinationRule) []*networking_v1beta1.DestinationRule

func FilterDestinationRulesByService added in v1.44.0

func FilterDestinationRulesByService(allDr []*networking_v1beta1.DestinationRule, namespace string, serviceName string) []*networking_v1beta1.DestinationRule

func FilterEnvoyFiltersBySelector added in v1.44.0

func FilterEnvoyFiltersBySelector(workloadSelector string, envoyfilters []*networking_v1alpha3.EnvoyFilter) []*networking_v1alpha3.EnvoyFilter

func FilterGatewaysBySelector added in v1.44.0

func FilterGatewaysBySelector(workloadSelector string, gateways []*networking_v1beta1.Gateway) []*networking_v1beta1.Gateway

func FilterGatewaysByVirtualServices added in v1.44.0

func FilterGatewaysByVirtualServices(allGws []*networking_v1beta1.Gateway, allVs []*networking_v1beta1.VirtualService) []*networking_v1beta1.Gateway

func FilterPeerAuthenticationByNamespace added in v1.45.0

func FilterPeerAuthenticationByNamespace(namespace string, peerauthentications []*security_v1beta1.PeerAuthentication) []*security_v1beta1.PeerAuthentication

func FilterPeerAuthenticationsBySelector added in v1.44.0

func FilterPeerAuthenticationsBySelector(workloadSelector string, peerauthentications []*security_v1beta1.PeerAuthentication) []*security_v1beta1.PeerAuthentication

func FilterPodsByController added in v1.44.0

func FilterPodsByController(controllerName string, controllerType string, allPods []core_v1.Pod) []core_v1.Pod

func FilterPodsByEndpoints added in v1.44.0

func FilterPodsByEndpoints(endpoints *core_v1.Endpoints, unfiltered []core_v1.Pod) []core_v1.Pod

FilterPodsByEndpoints performs a second pass was selector may return too many data This case happens when a "nil" selector (such as one of default/kubernetes service) is used

func FilterPodsBySelector added in v1.44.0

func FilterPodsBySelector(selector labels.Selector, allPods []core_v1.Pod) []core_v1.Pod

func FilterPodsByService added in v1.44.0

func FilterPodsByService(s *core_v1.Service, allPods []core_v1.Pod) []core_v1.Pod

FilterPodsByService returns a subpart of pod list filtered according service selector

func FilterRequestAuthenticationsBySelector added in v1.44.0

func FilterRequestAuthenticationsBySelector(workloadSelector string, requestauthentications []*security_v1beta1.RequestAuthentication) []*security_v1beta1.RequestAuthentication

func FilterServiceEntriesByHostname added in v1.44.0

func FilterServiceEntriesByHostname(serviceEntries []*networking_v1beta1.ServiceEntry, hostname string) []*networking_v1beta1.ServiceEntry

func FilterServicesByLabels added in v1.34.1

func FilterServicesByLabels(selector labels.Selector, allServices []core_v1.Service) []core_v1.Service

func FilterSidecarsBySelector added in v1.44.0

func FilterSidecarsBySelector(workloadSelector string, sidecars []*networking_v1beta1.Sidecar) []*networking_v1beta1.Sidecar

func FilterVirtualServiceByRoute added in v1.44.0

func FilterVirtualServiceByRoute(vs *networking_v1beta1.VirtualService, service string, namespace string) bool

func FilterVirtualServicesByHostname added in v1.44.0

func FilterVirtualServicesByHostname(allVs []*networking_v1beta1.VirtualService, hostname string) []*networking_v1beta1.VirtualService

func FilterVirtualServicesByService added in v1.44.0

func FilterVirtualServicesByService(allVs []*networking_v1beta1.VirtualService, namespace string, serviceName string) []*networking_v1beta1.VirtualService

func GatewayNames added in v0.7.0

func GatewayNames(gateways []*networking_v1beta1.Gateway) map[string]struct{}

GatewayNames extracts the gateway names for easier matching

func GetKialiToken added in v0.21.0

func GetKialiToken() (string, error)

func HasMatchingRegistryService added in v1.44.0

func HasMatchingRegistryService(namespace string, host string, registryServices []*RegistryService) bool

HasMatchingRegistryService returns true when the FDQN of the host (from given namespace) param matches with one registry service of the registryServices param.

func HasMatchingServiceEntries added in v1.15.0

func HasMatchingServiceEntries(service string, serviceEntries map[string][]string) bool

func HasMatchingServices added in v1.15.0

func HasMatchingServices(service string, services []core_v1.Service) bool

func HasMatchingVirtualServices added in v1.22.1

func HasMatchingVirtualServices(host Host, virtualServices []*networking_v1beta1.VirtualService) bool

func HasMatchingWorkloads added in v1.15.0

func HasMatchingWorkloads(service string, workloadList []labels.Set) bool

func HostWithinWildcardHost added in v1.22.1

func HostWithinWildcardHost(subdomain, wildcardDomain string) bool

func MatchPortAppProtocolWithValidProtocols added in v1.44.0

func MatchPortAppProtocolWithValidProtocols(appProtocol *string) bool

func MatchPortNameRule added in v0.19.0

func MatchPortNameRule(portName, protocol string) bool

func MatchPortNameWithValidProtocols added in v0.19.0

func MatchPortNameWithValidProtocols(portName string) bool

func NewNotFound added in v0.7.0

func NewNotFound(name, group, resource string) error

NewNotFound is a helper method to create a NotFound error similar as used by the kubernetes client. This method helps upper layers to send a explicit NotFound error without querying the backend.

func ParseTwoPartHost added in v1.15.0

func ParseTwoPartHost(host Host) (string, string)

func PeerAuthnHasMTLSEnabled added in v1.18.1

func PeerAuthnHasMTLSEnabled(peerAuthn *security_v1beta1.PeerAuthentication) (bool, string)

func PeerAuthnHasStrictMTLS added in v1.18.1

func PeerAuthnHasStrictMTLS(peerAuthn *security_v1beta1.PeerAuthentication) bool

func PeerAuthnMTLSMode added in v1.31.0

func PeerAuthnMTLSMode(peerAuthn *security_v1beta1.PeerAuthentication) (bool, string)

func ServiceEntryHostnames added in v0.7.0

func ServiceEntryHostnames(serviceEntries []*networking_v1beta1.ServiceEntry) map[string][]string

ServiceEntryHostnames returns a list of hostnames defined in the ServiceEntries Specs. Key in the resulting map is the protocol (in lowercase) + hostname exported for test

func UseRemoteCreds added in v1.23.0

func UseRemoteCreds(remoteSecret *RemoteSecret) (*rest.Config, error)

Point the k8s client to a remote cluster's API server

func ValidatePort added in v0.15.0

func ValidatePort(portDef *api_networking_v1beta1.Port) bool

ValidaPort parses the Istio Port definition and validates the naming scheme

Types

type ClientFactory added in v0.16.0

type ClientFactory interface {
	GetClient(authInfo *api.AuthInfo) (ClientInterface, error)
}

ClientFactory interface for the clientFactory object

func GetClientFactory added in v0.17.0

func GetClientFactory() (ClientFactory, error)

GetClientFactory returns the client factory. Creates a new one if necessary

type ClientInterface added in v1.20.0

type ClientInterface interface {
	GetServerVersion() (*version.Info, error)
	GetToken() string
	GetAuthInfo() *api.AuthInfo
	IsOpenShift() bool
	K8SClientInterface
	IstioClientInterface
	OSClientInterface
}

ClientInterface for mocks (only mocked function are necessary here)

type ClusterDump added in v1.28.0

type ClusterDump struct {
	DynamicClusters []EnvoyClusterWrapper `mapstructure:"dynamic_active_clusters"`
	StaticClusters  []EnvoyClusterWrapper `mapstructure:"static_clusters"`
}

type ConfigDump added in v1.28.0

type ConfigDump struct {
	Configs []interface{} `json:"configs"`
}

Root of ConfigDump

func (*ConfigDump) GetClusters added in v1.28.0

func (cd *ConfigDump) GetClusters() (*ClusterDump, error)

func (*ConfigDump) GetConfig added in v1.28.0

func (cd *ConfigDump) GetConfig(objectType string) map[string]interface{}

func (*ConfigDump) GetListeners added in v1.28.0

func (cd *ConfigDump) GetListeners() (*ListenerDump, error)

func (*ConfigDump) GetRoutes added in v1.28.0

func (cd *ConfigDump) GetRoutes() (*RouteDump, error)

type DynamicListener added in v1.28.0

type DynamicListener struct {
	Name        string         `mapstructure:"name"`
	ActiveState StaticListener `mapstructure:"active_state"`
}

type EnvoyCluster added in v1.28.0

type EnvoyCluster struct {
	Name     string         `mapstructure:"name"`
	Type     string         `mapstructure:"type"`
	Metadata *EnvoyMetadata `mapstructure:"metadata,omitempty"`
}

type EnvoyClusterWrapper added in v1.28.0

type EnvoyClusterWrapper struct {
	Cluster EnvoyCluster `mapstructure:"cluster"`
}

type EnvoyFilterChain added in v1.28.0

type EnvoyFilterChain struct {
	Filters          []EnvoyListenerFilter `mapstructure:"filters"`
	FilterChainMatch *FilterChainMatch     `mapstructure:"filter_chain_match"`
}

type EnvoyListener added in v1.28.0

type EnvoyListener struct {
	Address struct {
		SocketAddress struct {
			Address   string  `mapstructure:"address"`
			PortValue float64 `mapstructure:"port_value"`
		} `mapstructure:"socket_address"`
	} `mapstructure:"address"`
	FilterChains       []EnvoyFilterChain `mapstructure:"filter_chains,omitempty"`
	DefaultFilterChain *EnvoyFilterChain  `mapstructure:"default_filter_chain,omitempty"`
}

type EnvoyListenerFilter added in v1.28.0

type EnvoyListenerFilter struct {
	Name        string `mapstructure:"name"`
	TypedConfig struct {
		Type        string       `mapstructure:"@type"`
		Cluster     string       `mapstructure:"cluster"`
		RouteConfig *RouteConfig `mapstructure:"route_config,omitempty"`
		Rds         *struct {
			RouteConfigName string `mapstructure:"route_config_name"`
		} `mapstructure:"rds,omitempty"`
	} `mapstructure:"typed_config"`
}

type EnvoyMetadata added in v1.28.0

type EnvoyMetadata struct {
	FilterMetadata *struct {
		Istio *struct {
			Config string `mapstructure:"config,omitempty"`
		} `mapstructure:"istio,omitempty"`
	} `mapstructure:"filter_metadata,omitempty"`
}

type EnvoyRouteConfig added in v1.28.0

type EnvoyRouteConfig struct {
	RouteConfig *RouteConfig `mapstructure:"route_config,omitempty"`
}

type FilterChainMatch added in v1.28.0

type FilterChainMatch struct {
	ApplicationProtocols []string `mapstructure:"application_protocols,omitempty"`
	TransportProtocol    string   `mapstructure:"transport_protocol,omitempty"`
	ServerNames          []string `mapstructure:"server_names,omitempty"`
	DestinationPort      *int32   `mapstructure:"destination_port,omitempty"`
	PrefixRanges         []struct {
		AddressPrefix string `mapstructure:"address_prefix"`
		PrefixLen     int    `mapstructure:"prefix_len"`
	} `mapstructure:"prefix_ranges"`
}

type Host added in v0.15.0

type Host struct {
	Service   string `json:"service"`
	Namespace string `json:"namespace"`
	Cluster   string `json:"cluster"`
	// CompleteInput is true when Service, Namespace and Cluster fields are present.
	// It is true for simple service names and FQDN services.
	// It is false for service.namespace format and service entries.
	CompleteInput bool `json:"complete_input"`
}

Host represents the FQDN format for Istio hostnames

func GetHost added in v1.12.0

func GetHost(hostName, namespace string, clusterNamespaces []string) Host

GetHost parses hostName and returns a Host struct. It considers Namespaces in the cluster to be more accurate when deciding if the hostName is a ServiceEntry or a service.namespace host definition.

func ParseGatewayAsHost added in v1.19.0

func ParseGatewayAsHost(gateway, currentNamespace string) Host

func ParseHost added in v0.15.0

func ParseHost(hostName, namespace string) Host

ParseHost takes as an input a hostname (simple or full FQDN), namespace and clusterName and returns a parsed Host struct

func (Host) IsWildcard added in v1.40.0

func (h Host) IsWildcard() bool

func (Host) String added in v0.15.0

func (h Host) String() string

String outputs a full FQDN version of the Host

type IstioClientInterface

type IstioClientInterface interface {
	Istio() istio.Interface

	GetProxyStatus() ([]*ProxyStatus, error)
	GetConfigDump(namespace, podName string) (*ConfigDump, error)
	SetProxyLogLevel(namespace, podName, level string) error
	GetRegistryConfiguration() (*RegistryConfiguration, error)
	GetRegistryEndpoints() ([]*RegistryEndpoint, error)
	GetRegistryServices() ([]*RegistryService, error)
}

type IstioEndpoint added in v1.44.0

type IstioEndpoint struct {
	Service   string `json:"svc"`
	Endpoints []struct {
		Service     IstioService `json:"service,omitempty"`
		ServicePort struct {
			Name     string `json:"name,omitempty"`
			Port     uint32 `json:"port,omitempty"`
			Protocol string `json:"protocol,omitempty"`
		} `json:"servicePort,omitempty"`
		Endpoint struct {
			Labels          map[string]string `json:"Labels,omitempty"`
			Address         string            `json:"Address,omitempty"`
			ServicePortName string            `json:"ServicePortName,omitempty"`
			// EnvoyEndpoint is not mapped into the model
			ServiceAccount string `json:"ServiceAccount,omitempty"`
			Network        string `json:"Network,omitempty"`
			Locality       struct {
				Label     string `json:"Label,omitempty"`
				ClusterID string `json:"ClusterID,omitempty"`
			} `json:"Locality,omitempty"`
			EndpointPort uint32 `json:"EndpointPort,omitempty"`
			LbWeight     uint32 `json:"LbWeight,omitempty"`
			TLSMode      string `json:"TLSMode,omitempty"`
			Namespace    string `json:"Namespace,omitempty"`
			WorkloadName string `json:"WorkloadName,omitempty"`
			HostName     string `json:"HostName,omitempty"`
			SubDomain    string `json:"SubDomain,omitempty"`
		} `json:"endpoint"`
	} `json:"ep"`
}

type IstioMeshConfig added in v1.18.1

type IstioMeshConfig struct {
	DisableMixerHttpReports bool  `yaml:"disableMixerHttpReports,omitempty"`
	EnableAutoMtls          *bool `yaml:"enableAutoMtls,omitempty"`
}

func GetIstioConfigMap added in v1.23.0

func GetIstioConfigMap(istioConfig *core_v1.ConfigMap) (*IstioMeshConfig, error)

func (IstioMeshConfig) GetEnableAutoMtls added in v1.18.1

func (imc IstioMeshConfig) GetEnableAutoMtls() bool

type IstioService added in v1.44.0

type IstioService struct {
	Attributes struct {
		// ServiceRegistry values:
		// Kubernetes: 	is a service registry backed by k8s API server
		// External: 	is a service registry for externally provided ServiceEntries
		// Federation:  special case when registry is provided from a federated environment
		ServiceRegistry string            `json:"ServiceRegistry,omitempty"`
		Name            string            `json:"Name,omitempty"`
		Namespace       string            `json:"Namespace,omitempty"`
		Labels          map[string]string `json:"Labels,omitempty"`
		// UID is present in Istio 1.11.x but not in 1.12.x
		UID string `json:"UID,omitempty"`
		// ExportTo key values:
		// ".":		Private implies namespace local config
		// "*":		Public implies config is visible to all
		// "~":		None implies service is visible to no one. Used for services only
		ExportTo       map[string]bool   `json:"ExportTo,omitempty"`
		LabelSelectors map[string]string `json:"LabelSelectors,omitempty"`
	} `json:"Attributes,omitempty"`
	Ports []struct {
		Name     string `json:"name,omitempty"`
		Port     int    `json:"port"`
		Protocol string `json:"protocol,omitempty"`
	} `json:"ports"`
	ServiceAccounts []string  `json:"serviceAccounts,omitempty"`
	CreationTime    time.Time `json:"creationTime,omitempty"`
	Hostname        string    `json:"hostname"`
	// Address is present in Istio 1.11.x but not in 1.12.x
	Address              string `json:"address,omitempty"`
	AutoAllocatedAddress string `json:"autoAllocatedAddress,omitempty"`
	// ClusterVIPs defined in Istio 1.11.x
	ClusterVIPs11 map[string]string `json:"cluster-vips,omitempty"`
	// ClusterVIPs defined in Istio 1.12.x
	ClusterVIPs12 struct {
		Addresses map[string][]string `json:"Addresses,omitempty"`
	} `json:"clusterVIPs,omitempty"`
	// Resolution values, as the debug endpoint doesn't perform a conversion
	// 0:	ClientSideLB
	// 1:   DNSLB
	// 2:   Passthrough
	Resolution   int  `json:"Resolution,omitempty"`
	MeshExternal bool `json:"MeshExternal,omitempty"`
}

Mapped from https://github.com/istio/istio/blob/master/pilot/pkg/model/service.go It's a helper to fetch the /debug/registryz results before to parse it to the Kiali's Service model Not all fields from /debug/registryz are mapped, only those needed by Kiali There may be differences between Istio 1.11.x and 1.12.x to be addressed case by case in the mapping

type K8SClient added in v1.20.0

type K8SClient struct {
	ClientInterface
	// contains filtered or unexported fields
}

K8SClient is the client struct for Kubernetes and Istio APIs It hides the way it queries each API

func NewClientFromConfig added in v0.9.0

func NewClientFromConfig(config *rest.Config) (*K8SClient, error)

NewClientFromConfig creates a new client to the Kubernetes and Istio APIs. It takes the assumption that Istio is deployed into the cluster. It hides the access to Kubernetes/Openshift credentials. It hides the low level use of the API of Kubernetes and Istio, it should be considered as an implementation detail. It returns an error on any problem.

func (*K8SClient) ForwardGetRequest added in v1.38.1

func (in *K8SClient) ForwardGetRequest(namespace, podName string, localPort, destinationPort int, path string) ([]byte, error)

func (*K8SClient) GetClusterServicesByLabels added in v1.34.1

func (in *K8SClient) GetClusterServicesByLabels(labelsSelector string) ([]core_v1.Service, error)

GetClusterServicesByLabels fetches and returns all services in the whole cluster that match the optional labelSelector. This is using the cluster-wide call to fetch the services. The client will need to be created with an account that has cluster-wide privileges to list services.

func (*K8SClient) GetConfigDump added in v1.28.0

func (in *K8SClient) GetConfigDump(namespace, podName string) (*ConfigDump, error)

func (*K8SClient) GetConfigMap added in v1.20.0

func (in *K8SClient) GetConfigMap(namespace, name string) (*core_v1.ConfigMap, error)

GetConfigMap fetches and returns the specified ConfigMap definition from the cluster

func (*K8SClient) GetCronJobs added in v1.20.0

func (in *K8SClient) GetCronJobs(namespace string) ([]batch_v1.CronJob, error)

func (*K8SClient) GetDaemonSet added in v1.33.0

func (in *K8SClient) GetDaemonSet(namespace string, name string) (*apps_v1.DaemonSet, error)

func (*K8SClient) GetDaemonSets added in v1.33.0

func (in *K8SClient) GetDaemonSets(namespace string) ([]apps_v1.DaemonSet, error)

func (*K8SClient) GetDeployment added in v1.20.0

func (in *K8SClient) GetDeployment(namespace, name string) (*apps_v1.Deployment, error)

GetDeployment returns the definition of a specific deployment. It returns an error on any problem.

func (*K8SClient) GetDeploymentConfig added in v1.20.0

func (in *K8SClient) GetDeploymentConfig(namespace, name string) (*osapps_v1.DeploymentConfig, error)

GetDeployment returns the definition of a specific deployment. It returns an error on any problem.

func (*K8SClient) GetDeploymentConfigs added in v1.20.0

func (in *K8SClient) GetDeploymentConfigs(namespace string) ([]osapps_v1.DeploymentConfig, error)

GetDeployments returns an array of deployments for a given namespace. An empty labelSelector will fetch all Deployments for a namespace. It returns an error on any problem.

func (*K8SClient) GetDeployments added in v1.20.0

func (in *K8SClient) GetDeployments(namespace string) ([]apps_v1.Deployment, error)

GetDeployments returns an array of deployments for a given namespace. It returns an error on any problem.

func (*K8SClient) GetEndpoints added in v1.20.0

func (in *K8SClient) GetEndpoints(namespace, name string) (*core_v1.Endpoints, error)

GetEndpoints return the list of endpoint of a specific service. It returns an error on any problem.

func (*K8SClient) GetJobs added in v1.20.0

func (in *K8SClient) GetJobs(namespace string) ([]batch_v1.Job, error)

func (*K8SClient) GetK8sApi added in v1.20.0

func (client *K8SClient) GetK8sApi() *kube.Clientset

GetK8sApi returns the clientset referencing all K8s rest clients

func (*K8SClient) GetNamespace added in v1.20.0

func (in *K8SClient) GetNamespace(namespace string) (*core_v1.Namespace, error)

GetNamespace fetches and returns the specified namespace definition from the cluster

func (*K8SClient) GetNamespaces added in v1.20.0

func (in *K8SClient) GetNamespaces(labelSelector string) ([]core_v1.Namespace, error)

GetNamespaces returns a list of all namespaces of the cluster. It returns a list of all namespaces of the cluster. It returns an error on any problem.

func (*K8SClient) GetPod added in v1.20.0

func (in *K8SClient) GetPod(namespace, name string) (*core_v1.Pod, error)

GetPod returns the pod definitions for a given pod name. It returns an error on any problem.

func (*K8SClient) GetPodPortForwarder added in v1.38.1

func (in *K8SClient) GetPodPortForwarder(namespace, name, portMap string) (*httputil.PortForwarder, error)

GetPodPortForwarder returns a port-forwarder struct which represents an open server forwarding request to the requested pod and port namespace: name of the namespace where the pod lives in. name: name of the pod living in the namespace portMap: ports open by the forwarder. Local port and destination port. Format: "80:8080" (local:destination) It returns both a portforwarder and an error (if present)

func (*K8SClient) GetPods added in v1.20.0

func (in *K8SClient) GetPods(namespace, labelSelector string) ([]core_v1.Pod, error)

GetPods returns the pods definitions for a given set of labels. An empty labelSelector will fetch all pods found per a namespace. It returns an error on any problem.

func (*K8SClient) GetProject added in v1.20.0

func (in *K8SClient) GetProject(name string) (*osproject_v1.Project, error)

GetProject fetches and returns the definition of the project with the specified name by querying the cluster API. GetProject will fail if the underlying cluster is not Openshift.

func (*K8SClient) GetProjects added in v1.20.0

func (in *K8SClient) GetProjects(labelSelector string) ([]osproject_v1.Project, error)

func (*K8SClient) GetProxyStatus added in v1.25.0

func (in *K8SClient) GetProxyStatus() ([]*ProxyStatus, error)

func (*K8SClient) GetRegistryConfiguration added in v1.44.0

func (in *K8SClient) GetRegistryConfiguration() (*RegistryConfiguration, error)

func (*K8SClient) GetRegistryEndpoints added in v1.44.0

func (in *K8SClient) GetRegistryEndpoints() ([]*RegistryEndpoint, error)

func (*K8SClient) GetRegistryServices added in v1.44.0

func (in *K8SClient) GetRegistryServices() ([]*RegistryService, error)

func (*K8SClient) GetReplicaSets added in v1.20.0

func (in *K8SClient) GetReplicaSets(namespace string) ([]apps_v1.ReplicaSet, error)

GetReplicaSets returns the ReplicaSets for the namespace. For any given Owner (i.e. Deployment), only the most recent ReplicaSet will be included in the returned list. When an owning Deployment is configured with revisionHistoryLimit > 0, then k8s may return multiple ReplicaSets for the same Deployment (current and older revisions). see also: ./cache/kubernetes.go

func (*K8SClient) GetReplicationControllers added in v1.20.0

func (in *K8SClient) GetReplicationControllers(namespace string) ([]core_v1.ReplicationController, error)

func (*K8SClient) GetRoute added in v1.20.0

func (in *K8SClient) GetRoute(namespace, name string) (*osroutes_v1.Route, error)

GetRoute returns the external URL endpoint of a specific route name. It returns an error on any problem.

func (*K8SClient) GetSecret added in v1.40.0

func (in *K8SClient) GetSecret(namespace, name string) (*core_v1.Secret, error)

GetSecret fetches and returns the specified Secret definition from the cluster

func (*K8SClient) GetSecrets added in v1.29.0

func (in *K8SClient) GetSecrets(namespace string, labelSelector string) ([]core_v1.Secret, error)

GetSecrets returns a list of secrets for a given namespace. If selectorLabels is defined, the list will only contain services matching the specified label selector.

func (*K8SClient) GetSelfSubjectAccessReview added in v1.20.0

func (in *K8SClient) GetSelfSubjectAccessReview(ctx context.Context, namespace, api, resourceType string, verbs []string) ([]*auth_v1.SelfSubjectAccessReview, error)

GetSelfSubjectAccessReview provides information on Kiali permissions

func (*K8SClient) GetServerVersion added in v1.20.0

func (in *K8SClient) GetServerVersion() (*version.Info, error)

GetServerVersion fetches and returns information about the version Kubernetes that is running

func (*K8SClient) GetService added in v1.20.0

func (in *K8SClient) GetService(namespace, name string) (*core_v1.Service, error)

GetService returns the definition of a specific service. It returns an error on any problem.

func (*K8SClient) GetServices added in v1.20.0

func (in *K8SClient) GetServices(namespace string, selectorLabels map[string]string) ([]core_v1.Service, error)

GetServices returns a list of services for a given namespace. If selectorLabels is defined the list of services is filtered for those that matches Services selector labels. It returns an error on any problem. NOTE: The selectorLabels argument is NOT to find services matching the given labels. Assume selectorLabels are the labels of a Deployment. If this imaginary Deployment is selected by the Service (because of its Selector), then that service is returned; else it's omitted.

func (*K8SClient) GetServicesByLabels added in v1.31.0

func (in *K8SClient) GetServicesByLabels(namespace string, labelsSelector string) ([]core_v1.Service, error)

func (*K8SClient) GetStatefulSet added in v1.20.0

func (in *K8SClient) GetStatefulSet(namespace string, name string) (*apps_v1.StatefulSet, error)

func (*K8SClient) GetStatefulSets added in v1.20.0

func (in *K8SClient) GetStatefulSets(namespace string) ([]apps_v1.StatefulSet, error)

func (*K8SClient) GetToken added in v1.20.0

func (client *K8SClient) GetToken() string

GetToken returns the BearerToken used from the config

func (*K8SClient) GetTokenSubject added in v1.29.0

func (in *K8SClient) GetTokenSubject(authInfo *api.AuthInfo) (string, error)

GetTokenSubject returns the subject of the authInfo using the TokenReview api

func (*K8SClient) IsOpenShift added in v1.20.0

func (in *K8SClient) IsOpenShift() bool

func (*K8SClient) Istio added in v1.42.0

func (in *K8SClient) Istio() istio.Interface

func (*K8SClient) SetProxyLogLevel added in v1.41.0

func (in *K8SClient) SetProxyLogLevel(namespace, pod, level string) error

func (*K8SClient) StreamPodLogs added in v1.53.0

func (in *K8SClient) StreamPodLogs(namespace, name string, opts *core_v1.PodLogOptions) (io.ReadCloser, error)

StreamPodLogs opens a connection to progressively fetch the logs of a pod. Callers must make sure to properly close the returned io.ReadCloser. It returns an error on any problem.

func (*K8SClient) UpdateNamespace added in v1.22.1

func (in *K8SClient) UpdateNamespace(namespace string, jsonPatch string) (*core_v1.Namespace, error)

func (*K8SClient) UpdateProject added in v1.22.1

func (in *K8SClient) UpdateProject(namespace string, jsonPatch string) (*osproject_v1.Project, error)

func (*K8SClient) UpdateService added in v1.30.0

func (in *K8SClient) UpdateService(namespace string, name string, jsonPatch string) error

func (*K8SClient) UpdateWorkload added in v1.22.0

func (in *K8SClient) UpdateWorkload(namespace string, workloadName string, workloadType string, jsonPatch string) error

type K8SClientInterface added in v1.20.0

type K8SClientInterface interface {
	ForwardGetRequest(namespace, podName string, localPort, destinationPort int, path string) ([]byte, error)
	GetClusterServicesByLabels(labelsSelector string) ([]core_v1.Service, error)
	GetConfigMap(namespace, name string) (*core_v1.ConfigMap, error)
	GetCronJobs(namespace string) ([]batch_v1.CronJob, error)
	GetDaemonSet(namespace string, name string) (*apps_v1.DaemonSet, error)
	GetDaemonSets(namespace string) ([]apps_v1.DaemonSet, error)
	GetDeployment(namespace string, name string) (*apps_v1.Deployment, error)
	GetDeployments(namespace string) ([]apps_v1.Deployment, error)
	GetDeploymentConfig(namespace string, name string) (*osapps_v1.DeploymentConfig, error)
	GetDeploymentConfigs(namespace string) ([]osapps_v1.DeploymentConfig, error)
	GetEndpoints(namespace string, name string) (*core_v1.Endpoints, error)
	GetJobs(namespace string) ([]batch_v1.Job, error)
	GetNamespace(namespace string) (*core_v1.Namespace, error)
	GetNamespaces(labelSelector string) ([]core_v1.Namespace, error)
	GetPod(namespace, name string) (*core_v1.Pod, error)
	GetPods(namespace, labelSelector string) ([]core_v1.Pod, error)
	GetPodPortForwarder(namespace, podName, portMap string) (*httputil.PortForwarder, error)
	GetReplicationControllers(namespace string) ([]core_v1.ReplicationController, error)
	GetReplicaSets(namespace string) ([]apps_v1.ReplicaSet, error)
	GetSecret(namespace, name string) (*core_v1.Secret, error)
	GetSecrets(namespace string, labelSelector string) ([]core_v1.Secret, error)
	GetSelfSubjectAccessReview(ctx context.Context, namespace, api, resourceType string, verbs []string) ([]*auth_v1.SelfSubjectAccessReview, error)
	GetService(namespace string, name string) (*core_v1.Service, error)
	GetServices(namespace string, selectorLabels map[string]string) ([]core_v1.Service, error)
	GetServicesByLabels(namespace string, labelsSelector string) ([]core_v1.Service, error)
	GetStatefulSet(namespace string, name string) (*apps_v1.StatefulSet, error)
	GetStatefulSets(namespace string) ([]apps_v1.StatefulSet, error)
	GetTokenSubject(authInfo *api.AuthInfo) (string, error)
	StreamPodLogs(namespace, name string, opts *core_v1.PodLogOptions) (io.ReadCloser, error)
	UpdateNamespace(namespace string, jsonPatch string) (*core_v1.Namespace, error)
	UpdateService(namespace string, name string, jsonPatch string) error
	UpdateWorkload(namespace string, name string, workloadType string, jsonPatch string) error
}

type ListenerDump added in v1.28.0

type ListenerDump struct {
	DynamicListeners []DynamicListener `mapstructure:"dynamic_listeners"`
	StaticListeners  []StaticListener  `mapstructure:"static_listeners"`
}

type MTLSDetails added in v0.15.0

type MTLSDetails struct {
	DestinationRules        []*networking_v1beta1.DestinationRule `json:"destinationrules"`
	MeshPeerAuthentications []*security_v1beta.PeerAuthentication `json:"meshpeerauthentications"`
	PeerAuthentications     []*security_v1beta.PeerAuthentication `json:"peerauthentications"`
	EnabledAutoMtls         bool                                  `json:"enabledautomtls"`
}

MTLSDetails is a wrapper to group all Istio objects related to non-local mTLS configurations

type OSClientInterface added in v1.20.0

type OSClientInterface interface {
	GetProject(project string) (*osproject_v1.Project, error)
	GetProjects(labelSelector string) ([]osproject_v1.Project, error)
	GetRoute(namespace string, name string) (*osroutes_v1.Route, error)
	UpdateProject(project string, jsonPatch string) (*osproject_v1.Project, error)
}

type PodLogs added in v0.18.0

type PodLogs struct {
	Logs string `json:"logs,omitempty"`
}

type ProxyStatus added in v1.25.0

type ProxyStatus struct {
	SyncStatus
	// contains filtered or unexported fields
}

type RBACDetails added in v0.17.0

type RBACDetails struct {
	AuthorizationPolicies []*security_v1beta.AuthorizationPolicy `json:"authorizationpolicies"`
}

RBACDetails is a wrapper for objects related to Istio RBAC (Role Based Access Control)

type RegistryConfiguration added in v1.44.0

type RegistryConfiguration struct {
	// Networking
	DestinationRules []*networking_v1beta1.DestinationRule
	EnvoyFilters     []*networking_v1alpha3.EnvoyFilter
	Gateways         []*networking_v1beta1.Gateway
	ServiceEntries   []*networking_v1beta1.ServiceEntry
	Sidecars         []*networking_v1beta1.Sidecar
	VirtualServices  []*networking_v1beta1.VirtualService
	WorkloadEntries  []*networking_v1beta1.WorkloadEntry
	WorkloadGroups   []*networking_v1beta1.WorkloadGroup
	// Security
	AuthorizationPolicies  []*security_v1beta.AuthorizationPolicy
	PeerAuthentications    []*security_v1beta.PeerAuthentication
	RequestAuthentications []*security_v1beta.RequestAuthentication
}

RegistryConfiguration will hold the Istio configuration required for Kiali validations Resources not used (i.e. EnvoyFilters) are not added, those will require update them in the future

func ParseRegistryConfig added in v1.44.0

func ParseRegistryConfig(config map[string][]byte) (*RegistryConfiguration, error)

type RegistryEndpoint added in v1.44.0

type RegistryEndpoint struct {
	IstioEndpoint
	// contains filtered or unexported fields
}

func ParseRegistryEndpoints added in v1.44.0

func ParseRegistryEndpoints(endpoints map[string][]byte) ([]*RegistryEndpoint, error)

type RegistryService added in v1.35.0

type RegistryService struct {
	IstioService
	// contains filtered or unexported fields
}

func FilterRegistryServicesBySelector added in v1.45.0

func FilterRegistryServicesBySelector(selector labels.Selector, namespace string, registryServices []*RegistryService) []*RegistryService

func FilterRegistryServicesByServices added in v1.44.0

func FilterRegistryServicesByServices(registryServices []*RegistryService, services []core_v1.Service) []*RegistryService

Filter Istio registry that are not persent as kubernetes services

func ParseRegistryServices added in v1.44.0

func ParseRegistryServices(registries map[string][]byte) ([]*RegistryService, error)

type RegistryStatus added in v1.35.0

type RegistryStatus struct {
	Configuration *RegistryConfiguration
	Endpoints     []*RegistryEndpoint
	Services      []*RegistryService
}

type RemoteSecret added in v1.23.0

type RemoteSecret struct {
	APIVersion string                        `yaml:"apiVersion"`
	Clusters   []RemoteSecretClusterListItem `yaml:"clusters"`
	Contexts   []struct {
		Context struct {
			Cluster string `yaml:"cluster"`
			User    string `yaml:"user"`
		} `yaml:"context"`
		Name string `yaml:"name"`
	} `yaml:"contexts"`
	CurrentContext string `yaml:"current-context"`
	Kind           string `yaml:"kind"`
	Preferences    struct {
	} `yaml:"preferences"`
	Users []RemoteSecretUser `yaml:"users"`
}

func GetRemoteSecret added in v1.23.0

func GetRemoteSecret(path string) (*RemoteSecret, error)

func ParseRemoteSecretBytes added in v1.29.0

func ParseRemoteSecretBytes(secretBytes []byte) (*RemoteSecret, error)

ParseRemoteSecretBytes parses a raw file containing a <Kubeconfig file> and returns the parsed file in a RemoteSecret structure.

type RemoteSecretCluster added in v1.23.0

type RemoteSecretCluster struct {
	CertificateAuthorityData string `yaml:"certificate-authority-data"`
	Server                   string `yaml:"server"`
}

type RemoteSecretClusterListItem added in v1.23.0

type RemoteSecretClusterListItem struct {
	Cluster RemoteSecretCluster `yaml:"cluster"`
	Name    string              `yaml:"name"`
}

type RemoteSecretUser added in v1.29.0

type RemoteSecretUser struct {
	Name string                `yaml:"name"`
	User RemoteSecretUserToken `yaml:"user"`
}

type RemoteSecretUserToken added in v1.29.0

type RemoteSecretUserToken struct {
	Token string `yaml:"token"`
}

type RouteConfig added in v1.28.0

type RouteConfig struct {
	Name         string              `mapstructure:"name"`
	VirtualHosts []VirtualHostFilter `mapstructure:"virtual_hosts,omitempty"`
}

type RouteDump added in v1.28.0

type RouteDump struct {
	DynamicRouteConfigs []EnvoyRouteConfig `mapstructure:"dynamic_route_configs"`
	StaticRouteConfigs  []EnvoyRouteConfig `mapstructure:"static_route_configs"`
}

type StaticListener added in v1.28.0

type StaticListener struct {
	LastUpdated string        `mapstructure:"last_updated"`
	VersionInfo string        `mapstructure:"version_info"`
	Listener    EnvoyListener `mapstructure:"listener"`
}

type SyncStatus added in v1.25.0

type SyncStatus struct {
	ProxyID       string `json:"proxy,omitempty"`
	ProxyVersion  string `json:"proxy_version,omitempty"`
	IstioVersion  string `json:"istio_version,omitempty"`
	ClusterSent   string `json:"cluster_sent,omitempty"`
	ClusterAcked  string `json:"cluster_acked,omitempty"`
	ListenerSent  string `json:"listener_sent,omitempty"`
	ListenerAcked string `json:"listener_acked,omitempty"`
	RouteSent     string `json:"route_sent,omitempty"`
	RouteAcked    string `json:"route_acked,omitempty"`
	EndpointSent  string `json:"endpoint_sent,omitempty"`
	EndpointAcked string `json:"endpoint_acked,omitempty"`
}

SyncStatus is the synchronization status between Pilot and a given Envoy

type VirtualHostFilter added in v1.28.0

type VirtualHostFilter struct {
	Domains []string `mapstructure:"domains,omitempty"`
	Name    string   `mapstructure:"name,omitempty"`
	Routes  []struct {
		Name     string                 `mapstructure:"name"`
		Match    map[string]interface{} `mapstructure:"match"`
		Metadata *EnvoyMetadata         `mapstructure:"metadata,omitempty"`
		Route    *struct {
			Cluster string `mapstructure:"cluster,omitempty"`
		} `mapstructure:"route,omitempty"`
	} `mapstructure:"routes,omitempty"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL