Documentation ¶
Index ¶
- func CacheCARoots(c *cache.Cache) proxycfg.CARoots
- func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain
- func CacheConfigEntry(c *cache.Cache) proxycfg.ConfigEntry
- func CacheConfigEntryList(c *cache.Cache) proxycfg.ConfigEntryList
- func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters
- func CacheExportedPeeredServices(c *cache.Cache) proxycfg.ExportedPeeredServices
- func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways
- func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices
- func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks
- func CacheIntentionUpstreams(c *cache.Cache) proxycfg.IntentionUpstreams
- func CacheIntentionUpstreamsDestination(c *cache.Cache) proxycfg.IntentionUpstreams
- func CacheIntentions(c *cache.Cache) proxycfg.Intentions
- func CacheInternalServiceDump(c *cache.Cache) proxycfg.InternalServiceDump
- func CachePeeredUpstreams(c *cache.Cache) proxycfg.PeeredUpstreams
- func CachePeeringList(c *cache.Cache) proxycfg.PeeringList
- func CachePrepraredQuery(c *cache.Cache) proxycfg.PreparedQuery
- func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig
- func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices
- func CacheServiceList(c *cache.Cache) proxycfg.ServiceList
- func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle
- func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList
- func ClientHealth(client *health.Client) proxycfg.Health
- func LocalLeafCerts(m *leafcert.Manager) proxycfg.LeafCertificate
- func ServerCompiledDiscoveryChain(deps ServerDataSourceDeps, remoteSource proxycfg.CompiledDiscoveryChain) proxycfg.CompiledDiscoveryChain
- func ServerConfigEntry(deps ServerDataSourceDeps) proxycfg.ConfigEntry
- func ServerConfigEntryList(deps ServerDataSourceDeps) proxycfg.ConfigEntryList
- func ServerExportedPeeredServices(deps ServerDataSourceDeps) proxycfg.ExportedPeeredServices
- func ServerFederationStateListMeshGateways(deps ServerDataSourceDeps) proxycfg.FederationStateListMeshGateways
- func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices
- func ServerHTTPChecks(deps ServerDataSourceDeps, nodeName string, cacheSource proxycfg.HTTPChecks, ...) proxycfg.HTTPChecks
- func ServerHealth(deps ServerDataSourceDeps, remoteSource proxycfg.Health) proxycfg.Health
- func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health) *serverHealthBlocking
- func ServerIntentionUpstreams(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams
- func ServerIntentionUpstreamsDestination(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams
- func ServerIntentions(deps ServerDataSourceDeps) proxycfg.Intentions
- func ServerInternalServiceDump(deps ServerDataSourceDeps, remoteSource proxycfg.InternalServiceDump) proxycfg.InternalServiceDump
- func ServerPeeredUpstreams(deps ServerDataSourceDeps) proxycfg.PeeredUpstreams
- func ServerPeeringList(deps ServerDataSourceDeps) proxycfg.PeeringList
- func ServerResolvedServiceConfig(deps ServerDataSourceDeps, remoteSource proxycfg.ResolvedServiceConfig) proxycfg.ResolvedServiceConfig
- func ServerServiceList(deps ServerDataSourceDeps, remoteSource proxycfg.ServiceList) proxycfg.ServiceList
- func ServerTrustBundle(deps ServerDataSourceDeps) proxycfg.TrustBundle
- func ServerTrustBundleList(deps ServerDataSourceDeps) proxycfg.TrustBundleList
- type ServerDataSourceDeps
- type Store
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CacheCARoots ¶
CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from the agent cache.
Note: there isn't a server-local equivalent of this data source because "agentless" proxies obtain certificates via SDS served by consul-dataplane. If SDS is not supported on consul-dataplane, data is sourced from the server agent cache even for "agentless" proxies.
func CacheCompiledDiscoveryChain ¶
func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain
CacheCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain interface by sourcing data from the agent cache.
func CacheConfigEntry ¶
func CacheConfigEntry(c *cache.Cache) proxycfg.ConfigEntry
CacheConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing data from the agent cache.
func CacheConfigEntryList ¶
func CacheConfigEntryList(c *cache.Cache) proxycfg.ConfigEntryList
CacheConfigEntryList satisfies the proxycfg.ConfigEntryList interface by sourcing data from the agent cache.
func CacheDatacenters ¶
func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters
CacheDatacenters satisfies the proxycfg.Datacenters interface by sourcing data from the agent cache.
Note: there isn't a server-local equivalent of this data source because it relies on polling (so a more efficient method isn't available).
func CacheExportedPeeredServices ¶
func CacheExportedPeeredServices(c *cache.Cache) proxycfg.ExportedPeeredServices
CacheExportedPeeredServices satisfies the proxycfg.ExportedPeeredServices interface by sourcing data from the agent cache.
func CacheFederationStateListMeshGateways ¶
func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways
CacheFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways interface by sourcing data from the agent cache.
func CacheGatewayServices ¶
func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices
CacheGatewayServices satisfies the proxycfg.GatewayServices interface by sourcing data from the agent cache.
func CacheHTTPChecks ¶
func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks
CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing data from the agent cache.
func CacheIntentionUpstreams ¶
func CacheIntentionUpstreams(c *cache.Cache) proxycfg.IntentionUpstreams
CacheIntentionUpstreams satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given service, inferred from intentions, from the agent cache.
func CacheIntentionUpstreamsDestination ¶
func CacheIntentionUpstreamsDestination(c *cache.Cache) proxycfg.IntentionUpstreams
CacheIntentionUpstreamsDestination satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given destination, inferred from intentions, from the agent cache.
func CacheIntentions ¶
func CacheIntentions(c *cache.Cache) proxycfg.Intentions
CacheIntentions satisfies the proxycfg.Intentions interface by sourcing data from the agent cache.
func CacheInternalServiceDump ¶
func CacheInternalServiceDump(c *cache.Cache) proxycfg.InternalServiceDump
CacheInternalServiceDump satisfies the proxycfg.InternalServiceDump interface by sourcing data from the agent cache.
func CachePeeredUpstreams ¶
func CachePeeredUpstreams(c *cache.Cache) proxycfg.PeeredUpstreams
CachePeeredUpstreams satisfies the proxycfg.PeeredUpstreams interface by sourcing data from the agent cache.
func CachePeeringList ¶
func CachePeeringList(c *cache.Cache) proxycfg.PeeringList
CachePeeringList satisfies the proxycfg.PeeringList interface by sourcing data from the agent cache.
func CachePrepraredQuery ¶
func CachePrepraredQuery(c *cache.Cache) proxycfg.PreparedQuery
CachePrepraredQuery satisfies the proxycfg.PreparedQuery interface by sourcing data from the agent cache.
Note: there isn't a server-local equivalent of this data source because it relies on polling (so a more efficient method isn't available).
func CacheResolvedServiceConfig ¶
func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig
CacheResolvedServiceConfig satisfies the proxycfg.ResolvedServiceConfig interface by sourcing data from the agent cache.
func CacheServiceGateways ¶
func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices
CacheServiceGateways satisfies the proxycfg.ServiceGateways interface by sourcing data from the agent cache.
func CacheServiceList ¶
func CacheServiceList(c *cache.Cache) proxycfg.ServiceList
CacheServiceList satisfies the proxycfg.ServiceList interface by sourcing data from the agent cache.
func CacheTrustBundle ¶
func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle
CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing data from the agent cache.
func CacheTrustBundleList ¶
func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList
CacheTrustBundleList satisfies the proxycfg.TrustBundleList interface by sourcing data from the agent cache.
func ClientHealth ¶
ClientHealth satisfies the proxycfg.Health interface by sourcing data from the given health.Client.
func LocalLeafCerts ¶
func LocalLeafCerts(m *leafcert.Manager) proxycfg.LeafCertificate
LocalLeafCerts satisfies the proxycfg.LeafCertificate interface by sourcing data from the given leafcert.Manager.
func ServerCompiledDiscoveryChain ¶
func ServerCompiledDiscoveryChain(deps ServerDataSourceDeps, remoteSource proxycfg.CompiledDiscoveryChain) proxycfg.CompiledDiscoveryChain
ServerCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain interface by sourcing data from a blocking query against the server's state store.
Requests for services in remote datacenters will be delegated to the given remoteSource (i.e. CacheCompiledDiscoveryChain).
func ServerConfigEntry ¶
func ServerConfigEntry(deps ServerDataSourceDeps) proxycfg.ConfigEntry
ServerConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).
func ServerConfigEntryList ¶
func ServerConfigEntryList(deps ServerDataSourceDeps) proxycfg.ConfigEntryList
ServerConfigEntryList satisfies the proxycfg.ConfigEntry interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).
func ServerExportedPeeredServices ¶
func ServerExportedPeeredServices(deps ServerDataSourceDeps) proxycfg.ExportedPeeredServices
ServerExportedPeeredServices satisifies the proxycfg.ExportedPeeredServices interface by sourcing data from a blocking query against the server's state store.
func ServerFederationStateListMeshGateways ¶
func ServerFederationStateListMeshGateways(deps ServerDataSourceDeps) proxycfg.FederationStateListMeshGateways
ServerFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways interface by sourcing data from a blocking query against the server's state store.
func ServerGatewayServices ¶
func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices
ServerGatewayServices satisfies the proxycfg.GatewayServices interface by sourcing data from a blocking query against the server's state store.
func ServerHTTPChecks ¶
func ServerHTTPChecks(deps ServerDataSourceDeps, nodeName string, cacheSource proxycfg.HTTPChecks, localState *local.State) proxycfg.HTTPChecks
ServerHTTPChecks satisifies the proxycfg.HTTPChecks interface. It sources data from the server agent cache if the service exists in the local state, else it is a no-op since the checks can only be performed by local agents.
func ServerHealth ¶
func ServerHealth(deps ServerDataSourceDeps, remoteSource proxycfg.Health) proxycfg.Health
ServerHealth satisfies the proxycfg.Health interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).
Requests for services in remote datacenters will be delegated to the given remoteSource (i.e. ClientHealth).
func ServerHealthBlocking ¶
func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health) *serverHealthBlocking
ServerHealthBlocking exists due to a bug with the streaming backend and its interaction with ACLs. Whenever an exported-services config entry is modified, this is effectively an ACL change. Assume the following situation:
- no services are exported
- an upstream watch to service X is spawned
- the streaming backend filters out data for service X (because it's not exported yet)
- service X is finally exported
In this situation, the streaming backend does not trigger a refresh of its data. This means that any events that were supposed to have been received prior to the export are NOT backfilled, and the watches never see service X spawning.
We currently have decided to not trigger a stream refresh in this situation due to the potential for a thundering herd effect (touching exports would cause a re-fetch of all watches for that partition, potentially). Therefore, this local blocking-query approach exists for agentless.
It's also worth noting that the streaming subscription is currently bypassed most of the time with agentful, because proxycfg has a `req.Source.Node != ""` which prevents the `streamingEnabled` check from passing. This means that while agents should technically have this same issue, they don't experience it with mesh health watches.
func ServerIntentionUpstreams ¶
func ServerIntentionUpstreams(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams
ServerIntentionUpstreams satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given service, inferred from intentions, from the server's state store.
func ServerIntentionUpstreamsDestination ¶
func ServerIntentionUpstreamsDestination(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams
ServerIntentionUpstreamsDestination satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given destination, inferred from intentions, from the server's state store.
func ServerIntentions ¶
func ServerIntentions(deps ServerDataSourceDeps) proxycfg.Intentions
ServerIntentions satisfies the proxycfg.Intentions interface by sourcing data from local materialized views (backed by EventPublisher subscriptions).
func ServerInternalServiceDump ¶
func ServerInternalServiceDump(deps ServerDataSourceDeps, remoteSource proxycfg.InternalServiceDump) proxycfg.InternalServiceDump
ServerInternalServiceDump satisfies the proxycfg.InternalServiceDump interface by sourcing data from a blocking query against the server's state store.
func ServerPeeredUpstreams ¶
func ServerPeeredUpstreams(deps ServerDataSourceDeps) proxycfg.PeeredUpstreams
ServerPeeredUpstreams satisfies the proxycfg.PeeredUpstreams interface by sourcing data from a blocking query against the server's state store.
func ServerPeeringList ¶
func ServerPeeringList(deps ServerDataSourceDeps) proxycfg.PeeringList
ServerPeeringList satisfies the proxycfg.PeeringList interface by sourcing data from a blocking query against the server's state store.
func ServerResolvedServiceConfig ¶
func ServerResolvedServiceConfig(deps ServerDataSourceDeps, remoteSource proxycfg.ResolvedServiceConfig) proxycfg.ResolvedServiceConfig
ServerResolvedServiceConfig satisfies the proxycfg.ResolvedServiceConfig interface by sourcing data from a blocking query against the server's state store.
func ServerServiceList ¶
func ServerServiceList(deps ServerDataSourceDeps, remoteSource proxycfg.ServiceList) proxycfg.ServiceList
func ServerTrustBundle ¶
func ServerTrustBundle(deps ServerDataSourceDeps) proxycfg.TrustBundle
ServerTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing data from a blocking query against the server's state store.
func ServerTrustBundleList ¶
func ServerTrustBundleList(deps ServerDataSourceDeps) proxycfg.TrustBundleList
ServerTrustBundleList satisfies the proxycfg.TrustBundle interface by sourcing data from a blocking query against the server's state store.
Types ¶
type ServerDataSourceDeps ¶
type ServerDataSourceDeps struct { Datacenter string ViewStore *submatview.Store EventPublisher *stream.EventPublisher Logger hclog.Logger ACLResolver submatview.ACLResolver GetStore func() Store }
ServerDataSourceDeps contains the dependencies needed for sourcing data from server-local sources (e.g. materialized views).
type Store ¶
type Store interface { watch.StateStore ExportedServicesForAllPeersByName(ws memdb.WatchSet, dc string, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error) FederationStateList(ws memdb.WatchSet) (uint64, []*structs.FederationState, error) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) IntentionMatchOne(ws memdb.WatchSet, entry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, destinationType structs.IntentionTargetType) (uint64, structs.SimplifiedIntentions, error) IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error) ReadResolvedServiceConfigEntries(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, upstreamIDs []structs.ServiceID, proxyMode structs.ProxyMode) (uint64, *configentry.ResolvedServiceConfigSet, error) ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error) PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error) PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error) VirtualIPsForAllImportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []state.ServiceVirtualIP, error) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error) }
Store is the state store interface required for server-local data sources.
Source Files ¶
- config_entry.go
- discovery_chain.go
- exported_peered_services.go
- federation_state_list_mesh_gateways.go
- gateway_services.go
- glue.go
- health.go
- health_blocking.go
- intention_upstreams.go
- intentions.go
- intentions_ce.go
- internal_service_dump.go
- leafcerts.go
- peered_upstreams.go
- peering_list.go
- resolved_service_config.go
- service_http_checks.go
- service_list.go
- trust_bundle.go