Documentation ¶
Index ¶
- Constants
- func EnsureKonnectConnection(ctx context.Context, client *kong.Client, logger logr.Logger) error
- func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error)
- type Client
- func (c *Client) AdminAPIClient() *kong.Client
- func (c *Client) AttachPodReference(podNN k8stypes.NamespacedName)
- func (c *Client) BaseRootURL() string
- func (c *Client) GetKongVersion(ctx context.Context) (string, error)
- func (c *Client) IsKonnect() bool
- func (c *Client) IsReady(ctx context.Context) error
- func (c *Client) KonnectControlPlane() string
- func (c *Client) LastConfigSHA() []byte
- func (c *Client) NodeID(ctx context.Context) (string, error)
- func (c *Client) PluginSchemaStore() *util.PluginSchemaStore
- func (c *Client) PodReference() (k8stypes.NamespacedName, bool)
- func (c *Client) SetLastConfigSHA(s []byte)
- type ClientFactory
- type Clock
- type DiscoveredAdminAPI
- type Discoverer
- type HTTPClientOpts
- type HeaderRoundTripper
- type KongClientNotReadyError
- type KongGatewayUnsupportedVersionError
- type KonnectBackoffStrategy
- type KonnectClient
- type KonnectConfig
- type TLSClientConfig
- type UpdateBackoffStrategy
Constants ¶
const ( KonnectBackoffInitialInterval = time.Second * 3 KonnectBackoffMaxInterval = time.Minute * 15 KonnectBackoffMultiplier = 2 )
const (
HeaderNameAdminToken = "Kong-Admin-Token"
)
Variables ¶
This section is empty.
Functions ¶
func EnsureKonnectConnection ¶
EnsureKonnectConnection ensures that the client is able to connect to Konnect.
func MakeHTTPClient ¶
func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error)
MakeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is a wrapper around raw *kong.Client. It's advised to pass this wrapper across the codebase, and fallback to the underlying *kong.Client only when it's passed to external functions that require it. Also, where it's possible, use a specific Abstract*Service interfaces that *kong.Client includes. Each Client holds its own PluginSchemaStore to cache plugins' schemas as they may theoretically differ between instances.
func NewClient ¶
NewClient creates an Admin API client that is to be used with a regular Admin API exposed by Kong Gateways.
func NewKongClientForWorkspace ¶
func NewKongClientForWorkspace( ctx context.Context, adminURL string, wsName string, httpClient *http.Client, ) (*Client, error)
NewKongClientForWorkspace returns a Kong API client for a given root API URL and workspace. It ensures that the client is ready to be used by performing a status check, returns KongClientNotReadyError if not or KongGatewayUnsupportedVersionError if it can't check Kong Gateway's version or it is not >= 3.4.1. If the workspace does not already exist, NewKongClientForWorkspace will create it.
func NewTestClient ¶
NewTestClient creates a client for test purposes.
func (*Client) AdminAPIClient ¶
AdminAPIClient returns an underlying go-kong's Admin API client.
func (*Client) AttachPodReference ¶
func (c *Client) AttachPodReference(podNN k8stypes.NamespacedName)
AttachPodReference allows attaching a Pod reference to the client. Should be used in case we know what Pod the client will communicate with (e.g. when the gateway service discovery is used).
func (*Client) BaseRootURL ¶
BaseRootURL returns a base address used for communicating with the Admin API.
func (*Client) GetKongVersion ¶
GetKongVersion returns version of the kong gateway.
func (*Client) IsKonnect ¶
IsKonnect tells if a client is used for communication with Konnect Control Plane Admin API.
func (*Client) KonnectControlPlane ¶
KonnectControlPlane gets a unique identifier of a Konnect's Control Plane that config should be synchronised with. Empty in case of non-Konnect clients.
func (*Client) LastConfigSHA ¶
LastConfigSHA returns a checksum of the last successful configuration push.
func (*Client) PluginSchemaStore ¶
func (c *Client) PluginSchemaStore() *util.PluginSchemaStore
PluginSchemaStore returns client's PluginSchemaStore.
func (*Client) PodReference ¶
func (c *Client) PodReference() (k8stypes.NamespacedName, bool)
PodReference returns an optional reference to the Pod the client communicates with.
func (*Client) SetLastConfigSHA ¶
SetLastConfigSHA overrides last config SHA.
type ClientFactory ¶
type ClientFactory struct {
// contains filtered or unexported fields
}
func NewClientFactoryForWorkspace ¶
func NewClientFactoryForWorkspace(workspace string, httpClientOpts HTTPClientOpts, adminToken string) ClientFactory
func (ClientFactory) CreateAdminAPIClient ¶
func (cf ClientFactory) CreateAdminAPIClient(ctx context.Context, discoveredAdminAPI DiscoveredAdminAPI) (*Client, error)
type DiscoveredAdminAPI ¶
type DiscoveredAdminAPI struct { Address string PodRef k8stypes.NamespacedName }
DiscoveredAdminAPI represents an Admin API discovered from a Kubernetes Service.
type Discoverer ¶
type Discoverer struct {
// contains filtered or unexported fields
}
func NewDiscoverer ¶
func NewDiscoverer( adminAPIPortNames sets.Set[string], dnsStrategy cfgtypes.DNSStrategy, ) (*Discoverer, error)
func (*Discoverer) AdminAPIsFromEndpointSlice ¶
func (d *Discoverer) AdminAPIsFromEndpointSlice( endpoints discoveryv1.EndpointSlice, ) (sets.Set[DiscoveredAdminAPI], error)
AdminAPIsFromEndpointSlice returns a list of Admin APIs when given an EndpointSlice.
func (*Discoverer) GetAdminAPIsForService ¶
func (d *Discoverer) GetAdminAPIsForService( ctx context.Context, kubeClient client.Client, service k8stypes.NamespacedName, ) (sets.Set[DiscoveredAdminAPI], error)
GetAdminAPIsForService performs an endpoint lookup, using provided kubeClient to list provided Admin API Service EndpointSlices. The retrieved EndpointSlices' ports are compared with the provided portNames set.
type HTTPClientOpts ¶
type HTTPClientOpts struct { // Disable verification of TLS certificate of Kong's Admin endpoint. TLSSkipVerify bool // SNI name to use to verify the certificate presented by Kong in TLS. TLSServerName string // Path to PEM-encoded CA certificate file to verify Kong's Admin SSL certificate. CACertPath string // PEM-encoded CA certificate to verify Kong's Admin SSL certificate. CACert string // Array of headers added to every Admin API call. Headers []string // TLSClient is TLS client config. TLSClient TLSClientConfig }
HTTPClientOpts defines parameters that configure an HTTP client.
type HeaderRoundTripper ¶
type HeaderRoundTripper struct {
// contains filtered or unexported fields
}
HeaderRoundTripper injects Headers into requests made via RT.
type KongClientNotReadyError ¶
type KongClientNotReadyError struct {
Err error
}
KongClientNotReadyError is returned when the Kong client is not ready to be used yet. This can happen if the Kong Admin API is not reachable, or if it's reachable but `GET /status` does not return 200.
func (KongClientNotReadyError) Error ¶
func (e KongClientNotReadyError) Error() string
func (KongClientNotReadyError) Unwrap ¶
func (e KongClientNotReadyError) Unwrap() error
type KongGatewayUnsupportedVersionError ¶
type KongGatewayUnsupportedVersionError struct {
// contains filtered or unexported fields
}
func (KongGatewayUnsupportedVersionError) Error ¶
func (e KongGatewayUnsupportedVersionError) Error() string
type KonnectBackoffStrategy ¶
type KonnectBackoffStrategy struct {
// contains filtered or unexported fields
}
KonnectBackoffStrategy keeps track of Konnect config push backoffs.
It takes into account: - a regular exponential backoff that is incremented on every Update failure, - a last failed configuration hash (where we skip Update until a config changes).
It's important to note that KonnectBackoffStrategy can use the latter (config hash) because of the nature of the one-directional integration where KIC is the only component responsible for populating configuration of Konnect's Control Plane. In case that changes in the future (e.g. manual modifications to parts of the configuration are allowed on Konnect side for some reason), we might have to drop this part of the backoff strategy.
func NewKonnectBackoffStrategy ¶
func NewKonnectBackoffStrategy(clock Clock) *KonnectBackoffStrategy
func (*KonnectBackoffStrategy) CanUpdate ¶
func (s *KonnectBackoffStrategy) CanUpdate(configHash []byte) (bool, string)
func (*KonnectBackoffStrategy) RegisterUpdateFailure ¶
func (s *KonnectBackoffStrategy) RegisterUpdateFailure(err error, configHash []byte)
func (*KonnectBackoffStrategy) RegisterUpdateSuccess ¶
func (s *KonnectBackoffStrategy) RegisterUpdateSuccess()
type KonnectClient ¶
type KonnectClient struct { Client // contains filtered or unexported fields }
func NewKongClientForKonnectControlPlane ¶
func NewKongClientForKonnectControlPlane(c KonnectConfig) (*KonnectClient, error)
func NewKonnectClient ¶
func NewKonnectClient(c *kong.Client, controlPlane string) *KonnectClient
NewKonnectClient creates an Admin API client that is to be used with a Konnect Control Plane Admin API.
func (*KonnectClient) BackoffStrategy ¶
func (c *KonnectClient) BackoffStrategy() UpdateBackoffStrategy
type KonnectConfig ¶
type KonnectConfig struct { // TODO https://github.com/Kong/kubernetes-ingress-controller/issues/3922 // ConfigSynchronizationEnabled is the only toggle we had prior to the addition of the license agent. // We likely want to combine these into a single Konnect toggle or piggyback off other Konnect functionality. ConfigSynchronizationEnabled bool ControlPlaneID string Address string RefreshNodePeriod time.Duration TLSClient TLSClientConfig LicenseSynchronizationEnabled bool InitialLicensePollingPeriod time.Duration LicensePollingPeriod time.Duration }
type TLSClientConfig ¶
type TLSClientConfig struct { // Cert is a client certificate. Cert string // CertFile is a client certificate file path. CertFile string // Key is a client key. Key string // KeyFile is a client key file path. KeyFile string }
TLSClientConfig contains TLS client certificate and client key to be used when connecting with Admin APIs. It's validated with manager.validateClientTLS before passing it further down. It guarantees that only the allowed combinations of variables will be passed: - only one of Cert / CertFile, - only one of Key / KeyFile, - if any of Cert / CertFile is set, one of Key / KeyFile has to be set, - if any of Key / KeyFile is set, one of Cert / CertFile has to be set.
func (TLSClientConfig) IsZero ¶
func (c TLSClientConfig) IsZero() bool
type UpdateBackoffStrategy ¶
type UpdateBackoffStrategy interface { // CanUpdate tells whether we're allowed to make an update attempt for a given config hash. // In case it returns false, the second return value is a human-readable explanation of why the update cannot // be performed at this point in time. CanUpdate([]byte) (bool, string) // RegisterUpdateSuccess resets the backoff strategy, effectively making it allow next update straight away. RegisterUpdateSuccess() // RegisterUpdateFailure registers an update failure along with its failure reason passed as a generic error, and // a config hash that we failed to push. RegisterUpdateFailure(failureReason error, configHash []byte) }
UpdateBackoffStrategy keeps state of an update backoff strategy.