adminapi

package
v3.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2023 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KonnectBackoffInitialInterval = time.Second * 3
	KonnectBackoffMaxInterval     = time.Minute * 15
	KonnectBackoffMultiplier      = 2
)
View Source
const (
	HeaderNameAdminToken = "Kong-Admin-Token"
)

Variables

This section is empty.

Functions

func EnsureKonnectConnection

func EnsureKonnectConnection(ctx context.Context, client *kong.Client, logger logr.Logger) error

EnsureKonnectConnection ensures that the client is able to connect to Konnect.

func MakeHTTPClient

func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error)

MakeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client is a wrapper around raw *kong.Client. It's advised to pass this wrapper across the codebase, and fallback to the underlying *kong.Client only when it's passed to external functions that require it. Also, where it's possible, use a specific Abstract*Service interfaces that *kong.Client includes. Each Client holds its own PluginSchemaStore to cache plugins' schemas as they may theoretically differ between instances.

func NewClient

func NewClient(c *kong.Client) *Client

NewClient creates an Admin API client that is to be used with a regular Admin API exposed by Kong Gateways.

func NewKongClientForWorkspace

func NewKongClientForWorkspace(
	ctx context.Context, adminURL string, wsName string, httpClient *http.Client,
) (*Client, error)

NewKongClientForWorkspace returns a Kong API client for a given root API URL and workspace. It ensures that the client is ready to be used by performing a status check, returns KongClientNotReadyError if not or KongGatewayUnsupportedVersionError if it can't check Kong Gateway's version or it is not >= 3.4.1. If the workspace does not already exist, NewKongClientForWorkspace will create it.

func NewTestClient

func NewTestClient(address string) (*Client, error)

NewTestClient creates a client for test purposes.

func (*Client) AdminAPIClient

func (c *Client) AdminAPIClient() *kong.Client

AdminAPIClient returns an underlying go-kong's Admin API client.

func (*Client) AttachPodReference

func (c *Client) AttachPodReference(podNN k8stypes.NamespacedName)

AttachPodReference allows attaching a Pod reference to the client. Should be used in case we know what Pod the client will communicate with (e.g. when the gateway service discovery is used).

func (*Client) BaseRootURL

func (c *Client) BaseRootURL() string

BaseRootURL returns a base address used for communicating with the Admin API.

func (*Client) GetKongVersion

func (c *Client) GetKongVersion(ctx context.Context) (string, error)

GetKongVersion returns version of the kong gateway.

func (*Client) IsKonnect

func (c *Client) IsKonnect() bool

IsKonnect tells if a client is used for communication with Konnect Control Plane Admin API.

func (*Client) IsReady

func (c *Client) IsReady(ctx context.Context) error

IsReady returns nil if the Admin API is ready to serve requests.

func (*Client) KonnectControlPlane

func (c *Client) KonnectControlPlane() string

KonnectControlPlane gets a unique identifier of a Konnect's Control Plane that config should be synchronised with. Empty in case of non-Konnect clients.

func (*Client) LastConfigSHA

func (c *Client) LastConfigSHA() []byte

LastConfigSHA returns a checksum of the last successful configuration push.

func (*Client) NodeID

func (c *Client) NodeID(ctx context.Context) (string, error)

func (*Client) PluginSchemaStore

func (c *Client) PluginSchemaStore() *util.PluginSchemaStore

PluginSchemaStore returns client's PluginSchemaStore.

func (*Client) PodReference

func (c *Client) PodReference() (k8stypes.NamespacedName, bool)

PodReference returns an optional reference to the Pod the client communicates with.

func (*Client) SetLastConfigSHA

func (c *Client) SetLastConfigSHA(s []byte)

SetLastConfigSHA overrides last config SHA.

type ClientFactory

type ClientFactory struct {
	// contains filtered or unexported fields
}

func NewClientFactoryForWorkspace

func NewClientFactoryForWorkspace(workspace string, httpClientOpts HTTPClientOpts, adminToken string) ClientFactory

func (ClientFactory) CreateAdminAPIClient

func (cf ClientFactory) CreateAdminAPIClient(ctx context.Context, discoveredAdminAPI DiscoveredAdminAPI) (*Client, error)

type Clock

type Clock interface {
	Now() time.Time
}

type DiscoveredAdminAPI

type DiscoveredAdminAPI struct {
	Address string
	PodRef  k8stypes.NamespacedName
}

DiscoveredAdminAPI represents an Admin API discovered from a Kubernetes Service.

type Discoverer

type Discoverer struct {
	// contains filtered or unexported fields
}

func NewDiscoverer

func NewDiscoverer(
	adminAPIPortNames sets.Set[string],
	dnsStrategy cfgtypes.DNSStrategy,
) (*Discoverer, error)

func (*Discoverer) AdminAPIsFromEndpointSlice

func (d *Discoverer) AdminAPIsFromEndpointSlice(
	endpoints discoveryv1.EndpointSlice,
) (sets.Set[DiscoveredAdminAPI], error)

AdminAPIsFromEndpointSlice returns a list of Admin APIs when given an EndpointSlice.

func (*Discoverer) GetAdminAPIsForService

func (d *Discoverer) GetAdminAPIsForService(
	ctx context.Context,
	kubeClient client.Client,
	service k8stypes.NamespacedName,
) (sets.Set[DiscoveredAdminAPI], error)

GetAdminAPIsForService performs an endpoint lookup, using provided kubeClient to list provided Admin API Service EndpointSlices. The retrieved EndpointSlices' ports are compared with the provided portNames set.

type HTTPClientOpts

type HTTPClientOpts struct {
	// Disable verification of TLS certificate of Kong's Admin endpoint.
	TLSSkipVerify bool
	// SNI name to use to verify the certificate presented by Kong in TLS.
	TLSServerName string
	// Path to PEM-encoded CA certificate file to verify Kong's Admin SSL certificate.
	CACertPath string
	// PEM-encoded CA certificate to verify Kong's Admin SSL certificate.
	CACert string
	// Array of headers added to every Admin API call.
	Headers []string
	// TLSClient is TLS client config.
	TLSClient TLSClientConfig
}

HTTPClientOpts defines parameters that configure an HTTP client.

type HeaderRoundTripper

type HeaderRoundTripper struct {
	// contains filtered or unexported fields
}

HeaderRoundTripper injects Headers into requests made via RT.

func (*HeaderRoundTripper) RoundTrip

func (t *HeaderRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip satisfies the RoundTripper interface.

type KongClientNotReadyError

type KongClientNotReadyError struct {
	Err error
}

KongClientNotReadyError is returned when the Kong client is not ready to be used yet. This can happen if the Kong Admin API is not reachable, or if it's reachable but `GET /status` does not return 200.

func (KongClientNotReadyError) Error

func (e KongClientNotReadyError) Error() string

func (KongClientNotReadyError) Unwrap

func (e KongClientNotReadyError) Unwrap() error

type KongGatewayUnsupportedVersionError

type KongGatewayUnsupportedVersionError struct {
	// contains filtered or unexported fields
}

func (KongGatewayUnsupportedVersionError) Error

type KonnectBackoffStrategy

type KonnectBackoffStrategy struct {
	// contains filtered or unexported fields
}

KonnectBackoffStrategy keeps track of Konnect config push backoffs.

It takes into account: - a regular exponential backoff that is incremented on every Update failure, - a last failed configuration hash (where we skip Update until a config changes).

It's important to note that KonnectBackoffStrategy can use the latter (config hash) because of the nature of the one-directional integration where KIC is the only component responsible for populating configuration of Konnect's Control Plane. In case that changes in the future (e.g. manual modifications to parts of the configuration are allowed on Konnect side for some reason), we might have to drop this part of the backoff strategy.

func NewKonnectBackoffStrategy

func NewKonnectBackoffStrategy(clock Clock) *KonnectBackoffStrategy

func (*KonnectBackoffStrategy) CanUpdate

func (s *KonnectBackoffStrategy) CanUpdate(configHash []byte) (bool, string)

func (*KonnectBackoffStrategy) RegisterUpdateFailure

func (s *KonnectBackoffStrategy) RegisterUpdateFailure(err error, configHash []byte)

func (*KonnectBackoffStrategy) RegisterUpdateSuccess

func (s *KonnectBackoffStrategy) RegisterUpdateSuccess()

type KonnectClient

type KonnectClient struct {
	Client
	// contains filtered or unexported fields
}

func NewKongClientForKonnectControlPlane

func NewKongClientForKonnectControlPlane(c KonnectConfig) (*KonnectClient, error)

func NewKonnectClient

func NewKonnectClient(c *kong.Client, controlPlane string) *KonnectClient

NewKonnectClient creates an Admin API client that is to be used with a Konnect Control Plane Admin API.

func (*KonnectClient) BackoffStrategy

func (c *KonnectClient) BackoffStrategy() UpdateBackoffStrategy

type KonnectConfig

type KonnectConfig struct {
	// TODO https://github.com/Kong/kubernetes-ingress-controller/issues/3922
	// ConfigSynchronizationEnabled is the only toggle we had prior to the addition of the license agent.
	// We likely want to combine these into a single Konnect toggle or piggyback off other Konnect functionality.
	ConfigSynchronizationEnabled bool
	ControlPlaneID               string
	Address                      string
	RefreshNodePeriod            time.Duration
	TLSClient                    TLSClientConfig

	LicenseSynchronizationEnabled bool
	InitialLicensePollingPeriod   time.Duration
	LicensePollingPeriod          time.Duration
}

type TLSClientConfig

type TLSClientConfig struct {
	// Cert is a client certificate.
	Cert string
	// CertFile is a client certificate file path.
	CertFile string

	// Key is a client key.
	Key string
	// KeyFile is a client key file path.
	KeyFile string
}

TLSClientConfig contains TLS client certificate and client key to be used when connecting with Admin APIs. It's validated with manager.validateClientTLS before passing it further down. It guarantees that only the allowed combinations of variables will be passed: - only one of Cert / CertFile, - only one of Key / KeyFile, - if any of Cert / CertFile is set, one of Key / KeyFile has to be set, - if any of Key / KeyFile is set, one of Cert / CertFile has to be set.

func (TLSClientConfig) IsZero

func (c TLSClientConfig) IsZero() bool

type UpdateBackoffStrategy

type UpdateBackoffStrategy interface {
	// CanUpdate tells whether we're allowed to make an update attempt for a given config hash.
	// In case it returns false, the second return value is a human-readable explanation of why the update cannot
	// be performed at this point in time.
	CanUpdate([]byte) (bool, string)

	// RegisterUpdateSuccess resets the backoff strategy, effectively making it allow next update straight away.
	RegisterUpdateSuccess()

	// RegisterUpdateFailure registers an update failure along with its failure reason passed as a generic error, and
	// a config hash that we failed to push.
	RegisterUpdateFailure(failureReason error, configHash []byte)
}

UpdateBackoffStrategy keeps state of an update backoff strategy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL