adminapi

package
v2.12.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KonnectBackoffInitialInterval = time.Second * 3
	KonnectBackoffMaxInterval     = time.Minute * 15
	KonnectBackoffMultiplier      = 2
)
View Source
const (
	HeaderNameAdminToken = "Kong-Admin-Token"
)

Variables

This section is empty.

Functions

func EnsureKonnectConnection added in v2.9.0

func EnsureKonnectConnection(ctx context.Context, client *kong.Client, logger logr.Logger) error

EnsureKonnectConnection ensures that the client is able to connect to Konnect.

func MakeHTTPClient

func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error)

MakeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.

Types

type Client added in v2.9.0

type Client struct {
	// contains filtered or unexported fields
}

Client is a wrapper around raw *kong.Client. It's advised to pass this wrapper across the codebase, and fallback to the underlying *kong.Client only when it's passed to external functions that require it. Also, where it's possible, use a specific Abstract*Service interfaces that *kong.Client includes. Each Client holds its own PluginSchemaStore to cache plugins' schemas as they may theoretically differ between instances.

func NewClient added in v2.9.0

func NewClient(c *kong.Client) *Client

NewClient creates an Admin API client that is to be used with a regular Admin API exposed by Kong Gateways.

func NewKongClientForWorkspace added in v2.9.0

func NewKongClientForWorkspace(ctx context.Context, adminURL string, wsName string,
	httpclient *http.Client,
) (*Client, error)

NewKongClientForWorkspace returns a Kong API client for a given root API URL and workspace. It ensures that the client is ready to be used by performing a status check, returns KongClientNotReadyError if not. If the workspace does not already exist, NewKongClientForWorkspace will create it.

func NewTestClient added in v2.9.0

func NewTestClient(address string) (*Client, error)

NewTestClient creates a client for test purposes.

func (*Client) AdminAPIClient added in v2.9.0

func (c *Client) AdminAPIClient() *kong.Client

AdminAPIClient returns an underlying go-kong's Admin API client.

func (*Client) AttachPodReference added in v2.9.0

func (c *Client) AttachPodReference(podNN k8stypes.NamespacedName)

AttachPodReference allows attaching a Pod reference to the client. Should be used in case we know what Pod the client will communicate with (e.g. when the gateway service discovery is used).

func (*Client) BaseRootURL added in v2.9.0

func (c *Client) BaseRootURL() string

BaseRootURL returns a base address used for communicating with the Admin API.

func (*Client) GetKongVersion added in v2.9.0

func (c *Client) GetKongVersion(ctx context.Context) (string, error)

GetKongVersion returns version of the kong gateway.

func (*Client) IsKonnect added in v2.9.0

func (c *Client) IsKonnect() bool

IsKonnect tells if a client is used for communication with Konnect Runtime Group Admin API.

func (*Client) IsReady added in v2.11.0

func (c *Client) IsReady(ctx context.Context) error

IsReady returns nil if the Admin API is ready to serve requests.

func (*Client) KonnectRuntimeGroup added in v2.9.0

func (c *Client) KonnectRuntimeGroup() string

KonnectRuntimeGroup gets a unique identifier of a Konnect's Runtime Group that config should be synchronised with. Empty in case of non-Konnect clients.

func (*Client) LastConfigSHA added in v2.9.0

func (c *Client) LastConfigSHA() []byte

LastConfigSHA returns a checksum of the last successful configuration push.

func (*Client) NodeID added in v2.10.0

func (c *Client) NodeID(ctx context.Context) (string, error)

func (*Client) PluginSchemaStore added in v2.9.0

func (c *Client) PluginSchemaStore() *util.PluginSchemaStore

PluginSchemaStore returns client's PluginSchemaStore.

func (*Client) PodReference added in v2.9.0

func (c *Client) PodReference() (k8stypes.NamespacedName, bool)

PodReference returns an optional reference to the Pod the client communicates with.

func (*Client) SetLastConfigSHA added in v2.9.0

func (c *Client) SetLastConfigSHA(s []byte)

SetLastConfigSHA overrides last config SHA.

type ClientFactory added in v2.9.0

type ClientFactory struct {
	// contains filtered or unexported fields
}

func NewClientFactoryForWorkspace added in v2.9.0

func NewClientFactoryForWorkspace(workspace string, httpClientOpts HTTPClientOpts, adminToken string) ClientFactory

func (ClientFactory) CreateAdminAPIClient added in v2.9.0

func (cf ClientFactory) CreateAdminAPIClient(ctx context.Context, discoveredAdminAPI DiscoveredAdminAPI) (*Client, error)

type Clock added in v2.10.0

type Clock interface {
	Now() time.Time
}

type DiscoveredAdminAPI added in v2.9.0

type DiscoveredAdminAPI struct {
	Address string
	PodRef  k8stypes.NamespacedName
}

DiscoveredAdminAPI represents an Admin API discovered from a Kubernetes Service.

type Discoverer added in v2.11.0

type Discoverer struct {
	// contains filtered or unexported fields
}

func NewDiscoverer added in v2.11.0

func NewDiscoverer(
	adminAPIPortNames sets.Set[string],
	dnsStrategy cfgtypes.DNSStrategy,
) (*Discoverer, error)

func (*Discoverer) AdminAPIsFromEndpointSlice added in v2.11.0

func (d *Discoverer) AdminAPIsFromEndpointSlice(
	endpoints discoveryv1.EndpointSlice,
) (sets.Set[DiscoveredAdminAPI], error)

AdminAPIsFromEndpointSlice returns a list of Admin APIs when given an EndpointSlice.

func (*Discoverer) GetAdminAPIsForService added in v2.11.0

func (d *Discoverer) GetAdminAPIsForService(
	ctx context.Context,
	kubeClient client.Client,
	service k8stypes.NamespacedName,
) (sets.Set[DiscoveredAdminAPI], error)

GetAdminAPIsForService performs an endpoint lookup, using provided kubeClient to list provided Admin API Service EndpointSlices. The retrieved EndpointSlices' ports are compared with the provided portNames set.

type HTTPClientOpts

type HTTPClientOpts struct {
	// Disable verification of TLS certificate of Kong's Admin endpoint.
	TLSSkipVerify bool
	// SNI name to use to verify the certificate presented by Kong in TLS.
	TLSServerName string
	// Path to PEM-encoded CA certificate file to verify Kong's Admin SSL certificate.
	CACertPath string
	// PEM-encoded CA certificate to verify Kong's Admin SSL certificate.
	CACert string
	// Array of headers added to every Admin API call.
	Headers []string
	// TLSClient is TLS client config.
	TLSClient TLSClientConfig
}

HTTPClientOpts defines parameters that configure an HTTP client.

type HeaderRoundTripper

type HeaderRoundTripper struct {
	// contains filtered or unexported fields
}

HeaderRoundTripper injects Headers into requests made via RT.

func (*HeaderRoundTripper) RoundTrip

func (t *HeaderRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip satisfies the RoundTripper interface.

type KongClientNotReadyError added in v2.11.0

type KongClientNotReadyError struct {
	Err error
}

KongClientNotReadyError is returned when the Kong client is not ready to be used yet. This can happen if the Kong Admin API is not reachable, or if it's reachable but `GET /status` does not return 200.

func (KongClientNotReadyError) Error added in v2.11.0

func (e KongClientNotReadyError) Error() string

func (KongClientNotReadyError) Unwrap added in v2.11.0

func (e KongClientNotReadyError) Unwrap() error

type KonnectBackoffStrategy added in v2.10.0

type KonnectBackoffStrategy struct {
	// contains filtered or unexported fields
}

KonnectBackoffStrategy keeps track of Konnect config push backoffs.

It takes into account: - a regular exponential backoff that is incremented on every Update failure, - a last failed configuration hash (where we skip Update until a config changes).

It's important to note that KonnectBackoffStrategy can use the latter (config hash) because of the nature of the one-directional integration where KIC is the only component responsible for populating configuration of Konnect's Runtime Group. In case that changes in the future (e.g. manual modifications to parts of the configuration are allowed on Konnect side for some reason), we might have to drop this part of the backoff strategy.

func NewKonnectBackoffStrategy added in v2.10.0

func NewKonnectBackoffStrategy(clock Clock) *KonnectBackoffStrategy

func (*KonnectBackoffStrategy) CanUpdate added in v2.10.0

func (s *KonnectBackoffStrategy) CanUpdate(configHash []byte) (bool, string)

func (*KonnectBackoffStrategy) RegisterUpdateFailure added in v2.10.0

func (s *KonnectBackoffStrategy) RegisterUpdateFailure(err error, configHash []byte)

func (*KonnectBackoffStrategy) RegisterUpdateSuccess added in v2.10.0

func (s *KonnectBackoffStrategy) RegisterUpdateSuccess()

type KonnectClient added in v2.10.0

type KonnectClient struct {
	Client
	// contains filtered or unexported fields
}

func NewKongClientForKonnectRuntimeGroup added in v2.9.0

func NewKongClientForKonnectRuntimeGroup(c KonnectConfig) (*KonnectClient, error)

func NewKonnectClient added in v2.9.0

func NewKonnectClient(c *kong.Client, runtimeGroup string) *KonnectClient

NewKonnectClient creates an Admin API client that is to be used with a Konnect Runtime Group Admin API.

func (*KonnectClient) BackoffStrategy added in v2.10.0

func (c *KonnectClient) BackoffStrategy() UpdateBackoffStrategy

type KonnectConfig added in v2.9.0

type KonnectConfig struct {
	// TODO https://github.com/Kong/kubernetes-ingress-controller/issues/3922
	// ConfigSynchronizationEnabled is the only toggle we had prior to the addition of the license agent.
	// We likely want to combine these into a single Konnect toggle or piggyback off other Konnect functionality.
	ConfigSynchronizationEnabled bool
	RuntimeGroupID               string
	Address                      string
	RefreshNodePeriod            time.Duration
	TLSClient                    TLSClientConfig

	LicenseSynchronizationEnabled bool
	InitialLicensePollingPeriod   time.Duration
	LicensePollingPeriod          time.Duration
}

type TLSClientConfig added in v2.9.0

type TLSClientConfig struct {
	// Cert is a client certificate.
	Cert string
	// CertFile is a client certificate file path.
	CertFile string

	// Key is a client key.
	Key string
	// KeyFile is a client key file path.
	KeyFile string
}

TLSClientConfig contains TLS client certificate and client key to be used when connecting with Admin APIs. It's validated with manager.validateClientTLS before passing it further down. It guarantees that only the allowed combinations of variables will be passed: - only one of Cert / CertFile, - only one of Key / KeyFile, - if any of Cert / CertFile is set, one of Key / KeyFile has to be set, - if any of Key / KeyFile is set, one of Cert / CertFile has to be set.

func (TLSClientConfig) IsZero added in v2.9.0

func (c TLSClientConfig) IsZero() bool

type UpdateBackoffStrategy added in v2.10.0

type UpdateBackoffStrategy interface {
	// CanUpdate tells whether we're allowed to make an update attempt for a given config hash.
	// In case it returns false, the second return value is a human-readable explanation of why the update cannot
	// be performed at this point in time.
	CanUpdate([]byte) (bool, string)

	// RegisterUpdateSuccess resets the backoff strategy, effectively making it allow next update straight away.
	RegisterUpdateSuccess()

	// RegisterUpdateFailure registers an update failure along with its failure reason passed as a generic error, and
	// a config hash that we failed to push.
	RegisterUpdateFailure(failureReason error, configHash []byte)
}

UpdateBackoffStrategy keeps state of an update backoff strategy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL