Documentation ¶
Index ¶
- Constants
- func GenerateCertAndKeyFileContent(secret *api_v1.Secret) []byte
- func GenerateEndpointsKey(serviceNamespace string, serviceName string, subselector map[string]string, ...) string
- func GenerateExternalNameSvcKey(namespace string, service string) string
- func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *ConfigParams) *version1.MainConfig
- func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error)
- func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int, bool, error)
- func GetMapKeyAsInt64(m map[string]string, key string, context apiObject) (int64, bool, error)
- func GetMapKeyAsStringSlice(m map[string]string, key string, context apiObject, delimiter string) ([]string, bool, error)
- func GetMapKeyAsUint64(m map[string]string, key string, context apiObject, nonZero bool) (uint64, bool, error)
- func ParseLBMethod(method string) (string, error)
- func ParseLBMethodForPlus(method string) (string, error)
- func ParseTime(s string) (string, error)
- func VerifyAppProtectThresholds(value string) bool
- type ConfigParams
- type Configurator
- func (cnf *Configurator) AddInternalRouteConfig() error
- func (cnf *Configurator) AddOrUpdateAppProtectResource(resource *unstructured.Unstructured, ingExes []IngressEx, ...) error
- func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)
- func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) error
- func (cnf *Configurator) AddOrUpdateJWKSecret(secret *api_v1.Secret)
- func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIngresses) error
- func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, secretNames []string) error
- func (cnf *Configurator) AddOrUpdateSpiffeCerts(svidResponse *workload.X509SVIDs) error
- func (cnf *Configurator) AddOrUpdateTLSSecret(secret *api_v1.Secret, ingExes []IngressEx, ...) error
- func (cnf *Configurator) AddOrUpdateTransportServer(transportServerEx *TransportServerEx) error
- func (cnf *Configurator) AddOrUpdateVirtualServer(virtualServerEx *VirtualServerEx) (Warnings, error)
- func (cnf *Configurator) AddOrUpdateVirtualServers(virtualServerExes []*VirtualServerEx) (Warnings, error)
- func (cnf *Configurator) CheckIfListenerExists(transportServerListener *conf_v1alpha1.TransportServerListener) bool
- func (cnf *Configurator) DeleteAppProtectLogConf(logConfNamespaceName string, ingExes []IngressEx, ...) error
- func (cnf *Configurator) DeleteAppProtectPolicy(polNamespaceName string, ingExes []IngressEx, ...) error
- func (cnf *Configurator) DeleteIngress(key string) error
- func (cnf *Configurator) DeleteSecret(key string, ingExes []IngressEx, mergeableIngresses []MergeableIngresses, ...) error
- func (cnf *Configurator) DeleteTransportServer(key string) error
- func (cnf *Configurator) DeleteVirtualServer(key string) error
- func (cnf *Configurator) GetIngressCounts() map[string]int
- func (cnf *Configurator) GetVirtualServerCounts() (vsCount int, vsrCount int)
- func (cnf *Configurator) GetVirtualServerRoutesForVirtualServer(key string) []*conf_v1.VirtualServerRoute
- func (cnf *Configurator) HasIngress(ing *networking.Ingress) bool
- func (cnf *Configurator) HasMinion(master *networking.Ingress, minion *networking.Ingress) bool
- func (cnf *Configurator) IsResolverConfigured() bool
- func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, ingExes []*IngressEx, ...) (Warnings, error)
- func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error
- func (cnf *Configurator) UpdateEndpointsForTransportServers(transportServerExes []*TransportServerEx) error
- func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*VirtualServerEx) error
- func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*MergeableIngresses) error
- func (cnf *Configurator) UpdateGlobalConfiguration(globalConfiguration *conf_v1alpha1.GlobalConfiguration, ...) (updatedTransportServerExes []*TransportServerEx, ...)
- type GlobalConfigParams
- type IngressEx
- type JWTKey
- type Listener
- type MergeableIngresses
- type MeshPodOwner
- type PodInfo
- type StaticConfigParams
- type TransportServerEx
- type VirtualServerEx
- type Warnings
Constants ¶
const AppProtectLogConfAnnotation = "appprotect.f5.com/app-protect-security-log"
AppProtectLogConfAnnotation is where the NGINX AppProtect Log Configuration is specified
const AppProtectLogConfDstAnnotation = "appprotect.f5.com/app-protect-security-log-destination"
AppProtectLogConfDstAnnotation is where the NGINX AppProtect Log Configuration is specified
const AppProtectPolicyAnnotation = "appprotect.f5.com/app-protect-policy"
AppProtectPolicyAnnotation is where the NGINX App Protect policy is specified
const DefaultServerSecretName = "default"
DefaultServerSecretName is the filename of the Secret with a TLS cert and a key for the default server.
const JWTKeyAnnotation = "nginx.com/jwt-key"
JWTKeyAnnotation is the annotation where the Secret with a JWK is specified.
const JWTKeyKey = "jwk"
JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.
const WildcardSecretName = "wildcard"
WildcardSecretName is the filename of the Secret with a TLS cert and a key for the ingress resources with TLS termination enabled but not secret defined.
Variables ¶
This section is empty.
Functions ¶
func GenerateCertAndKeyFileContent ¶
GenerateCertAndKeyFileContent generates a pem file content from the TLS secret.
func GenerateEndpointsKey ¶
func GenerateEndpointsKey(serviceNamespace string, serviceName string, subselector map[string]string, port uint16) string
GenerateEndpointsKey generates a key for the Endpoints map in VirtualServerEx.
func GenerateExternalNameSvcKey ¶ added in v1.6.0
GenerateExternalNameSvcKey returns the key to identify an ExternalName service.
func GenerateNginxMainConfig ¶
func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *ConfigParams) *version1.MainConfig
GenerateNginxMainConfig generates MainConfig.
func GetMapKeyAsBool ¶
GetMapKeyAsBool searches the map for the given key and parses the key as bool.
func GetMapKeyAsInt ¶
GetMapKeyAsInt tries to find and parse a key in a map as int.
func GetMapKeyAsInt64 ¶
GetMapKeyAsInt64 tries to find and parse a key in a map as int64.
func GetMapKeyAsStringSlice ¶
func GetMapKeyAsStringSlice(m map[string]string, key string, context apiObject, delimiter string) ([]string, bool, error)
GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter.
func GetMapKeyAsUint64 ¶
func GetMapKeyAsUint64(m map[string]string, key string, context apiObject, nonZero bool) (uint64, bool, error)
GetMapKeyAsUint64 tries to find and parse a key in a map as uint64.
func ParseLBMethod ¶
ParseLBMethod parses method and matches it to a corresponding load balancing method in NGINX. An error is returned if method is not valid.
func ParseLBMethodForPlus ¶
ParseLBMethodForPlus parses method and matches it to a corresponding load balancing method in NGINX Plus. An error is returned if method is not valid.
func ParseTime ¶ added in v1.6.0
ParseTime ensures that the string value in the annotation is a valid time.
func VerifyAppProtectThresholds ¶ added in v1.8.0
VerifyAppProtectThresholds ensures that threshold values are set correctly
Types ¶
type ConfigParams ¶
type ConfigParams struct { ClientMaxBodySize string DefaultServerAccessLogOff bool FailTimeout string HealthCheckEnabled bool HealthCheckMandatory bool HealthCheckMandatoryQueue int64 HSTS bool HSTSBehindProxy bool HSTSIncludeSubdomains bool HSTSMaxAge int64 HTTP2 bool Keepalive int LBMethod string LocationSnippets []string MainAccessLogOff bool MainErrorLogLevel string MainHTTPSnippets []string MainKeepaliveRequests int64 MainKeepaliveTimeout string MainLogFormat []string MainLogFormatEscaping string MainMainSnippets []string MainOpenTracingEnabled bool MainOpenTracingLoadModule bool MainOpenTracingTracer string MainOpenTracingTracerConfig string MainServerNamesHashBucketSize string MainServerNamesHashMaxSize string MainStreamLogFormat []string MainStreamLogFormatEscaping string MainStreamSnippets []string MainWorkerConnections string MainWorkerCPUAffinity string MainWorkerProcesses string MainWorkerRlimitNofile string MainWorkerShutdownTimeout string MaxConns int MaxFails int AppProtectEnable string AppProtectPolicy string AppProtectLogConf string AppProtectLogEnable string MainAppProtectFailureModeAction string MainAppProtectCookieSeed string MainAppProtectCPUThresholds string MainAppProtectPhysicalMemoryThresholds string ProxyBuffering bool ProxyBuffers string ProxyBufferSize string ProxyConnectTimeout string ProxyHideHeaders []string ProxyMaxTempFileSize string ProxyPassHeaders []string ProxyProtocol bool ProxyReadTimeout string ProxySendTimeout string RedirectToHTTPS bool ResolverAddresses []string ResolverIPV6 bool ResolverTimeout string ResolverValid string ServerSnippets []string ServerTokens string SlowStart string SSLRedirect bool UpstreamZoneSize string VariablesHashBucketSize uint64 VariablesHashMaxSize uint64 RealIPHeader string RealIPRecursive bool SetRealIPFrom []string MainServerSSLCiphers string MainServerSSLDHParam string MainServerSSLDHParamFileContent *string MainServerSSLPreferServerCiphers bool MainServerSSLProtocols string IngressTemplate *string VirtualServerTemplate *string MainTemplate *string JWTKey string JWTLoginURL string JWTRealm string JWTToken string Ports []int SSLPorts []int SpiffeServerCerts bool }
ConfigParams holds NGINX configuration parameters that affect the main NGINX config as well as configs for Ingress resources.
func NewDefaultConfigParams ¶
func NewDefaultConfigParams() *ConfigParams
NewDefaultConfigParams creates a ConfigParams with default values.
func ParseConfigMap ¶
func ParseConfigMap(cfgm *v1.ConfigMap, nginxPlus bool, hasAppProtect bool) *ConfigParams
ParseConfigMap parses ConfigMap into ConfigParams.
type Configurator ¶
type Configurator struct {
// contains filtered or unexported fields
}
Configurator configures NGINX.
func NewConfigurator ¶
func NewConfigurator(nginxManager nginx.Manager, staticCfgParams *StaticConfigParams, config *ConfigParams, globalCfgParams *GlobalConfigParams, templateExecutor *version1.TemplateExecutor, templateExecutorV2 *version2.TemplateExecutor, isPlus bool, isWildcardEnabled bool, labelUpdater collector.LabelUpdater, isPrometheusEnabled bool, latencyCollector latCollector.LatencyCollector, isLatencyMetricsEnabled bool) *Configurator
NewConfigurator creates a new Configurator.
func (*Configurator) AddInternalRouteConfig ¶ added in v1.9.0
func (cnf *Configurator) AddInternalRouteConfig() error
AddInternalRouteConfig adds internal route server to NGINX Configuration and reloads NGINX
func (*Configurator) AddOrUpdateAppProtectResource ¶ added in v1.8.0
func (cnf *Configurator) AddOrUpdateAppProtectResource(resource *unstructured.Unstructured, ingExes []IngressEx, mergeableIngresses []MergeableIngresses) error
AddOrUpdateAppProtectResource updates Ingresses that use App Protect Resources
func (*Configurator) AddOrUpdateDHParam ¶
func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)
AddOrUpdateDHParam creates a dhparam file with the content of the string.
func (*Configurator) AddOrUpdateIngress ¶
func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) error
AddOrUpdateIngress adds or updates NGINX configuration for the Ingress resource.
func (*Configurator) AddOrUpdateJWKSecret ¶
func (cnf *Configurator) AddOrUpdateJWKSecret(secret *api_v1.Secret)
func (*Configurator) AddOrUpdateMergeableIngress ¶
func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIngresses) error
AddOrUpdateMergeableIngress adds or updates NGINX configuration for the Ingress resources with Mergeable Types.
func (*Configurator) AddOrUpdateSpecialTLSSecrets ¶
func (cnf *Configurator) AddOrUpdateSpecialTLSSecrets(secret *api_v1.Secret, secretNames []string) error
AddOrUpdateSpecialTLSSecrets adds or updates a file with a TLS cert and a key from a Special TLS Secret (eg. DefaultServerSecret, WildcardTLSSecret).
func (*Configurator) AddOrUpdateSpiffeCerts ¶ added in v1.7.1
func (cnf *Configurator) AddOrUpdateSpiffeCerts(svidResponse *workload.X509SVIDs) error
AddOrUpdateSpiffeCerts writes Spiffe certs and keys to disk and reloads NGINX
func (*Configurator) AddOrUpdateTLSSecret ¶
func (cnf *Configurator) AddOrUpdateTLSSecret(secret *api_v1.Secret, ingExes []IngressEx, mergeableIngresses []MergeableIngresses, virtualServerExes []*VirtualServerEx) error
AddOrUpdateTLSSecret adds or updates a file with the content of the TLS secret.
func (*Configurator) AddOrUpdateTransportServer ¶ added in v1.7.0
func (cnf *Configurator) AddOrUpdateTransportServer(transportServerEx *TransportServerEx) error
AddOrUpdateTransportServer adds or updates NGINX configuration for the TransportServer resource. It is a responsibility of the caller to check that the TransportServer references an existing listener.
func (*Configurator) AddOrUpdateVirtualServer ¶
func (cnf *Configurator) AddOrUpdateVirtualServer(virtualServerEx *VirtualServerEx) (Warnings, error)
AddOrUpdateVirtualServer adds or updates NGINX configuration for the VirtualServer resource.
func (*Configurator) AddOrUpdateVirtualServers ¶ added in v1.8.0
func (cnf *Configurator) AddOrUpdateVirtualServers(virtualServerExes []*VirtualServerEx) (Warnings, error)
AddOrUpdateVirtualServers adds or updates NGINX configuration for multiple VirtualServer resources.
func (*Configurator) CheckIfListenerExists ¶ added in v1.7.0
func (cnf *Configurator) CheckIfListenerExists(transportServerListener *conf_v1alpha1.TransportServerListener) bool
func (*Configurator) DeleteAppProtectLogConf ¶ added in v1.8.0
func (cnf *Configurator) DeleteAppProtectLogConf(logConfNamespaceName string, ingExes []IngressEx, mergeableIngresses []MergeableIngresses) error
DeleteAppProtectLogConf updates Ingresses that use AP Log Configuration after that policy is deleted
func (*Configurator) DeleteAppProtectPolicy ¶ added in v1.8.0
func (cnf *Configurator) DeleteAppProtectPolicy(polNamespaceName string, ingExes []IngressEx, mergeableIngresses []MergeableIngresses) error
DeleteAppProtectPolicy updates Ingresses that use AP Policy after that policy is deleted
func (*Configurator) DeleteIngress ¶
func (cnf *Configurator) DeleteIngress(key string) error
DeleteIngress deletes NGINX configuration for the Ingress resource.
func (*Configurator) DeleteSecret ¶
func (cnf *Configurator) DeleteSecret(key string, ingExes []IngressEx, mergeableIngresses []MergeableIngresses, virtualServerExes []*VirtualServerEx) error
DeleteSecret deletes the file associated with the secret and the configuration files for Ingress and VirtualServer resources. NGINX is reloaded only when the total number of the resources > 0.
func (*Configurator) DeleteTransportServer ¶ added in v1.7.0
func (cnf *Configurator) DeleteTransportServer(key string) error
DeleteTransportServer deletes NGINX configuration for the TransportServer resource.
func (*Configurator) DeleteVirtualServer ¶
func (cnf *Configurator) DeleteVirtualServer(key string) error
DeleteVirtualServer deletes NGINX configuration for the VirtualServer resource.
func (*Configurator) GetIngressCounts ¶
func (cnf *Configurator) GetIngressCounts() map[string]int
GetIngressCounts returns the total count of Ingress resources that are handled by the Ingress Controller grouped by their type
func (*Configurator) GetVirtualServerCounts ¶ added in v1.6.0
func (cnf *Configurator) GetVirtualServerCounts() (vsCount int, vsrCount int)
GetVirtualServerCounts returns the total count of VS/VSR resources that are handled by the Ingress Controller
func (*Configurator) GetVirtualServerRoutesForVirtualServer ¶ added in v1.8.0
func (cnf *Configurator) GetVirtualServerRoutesForVirtualServer(key string) []*conf_v1.VirtualServerRoute
GetVirtualServerRoutesForVirtualServer returns the virtualServerRoutes that a virtualServer references, if that virtualServer exists
func (*Configurator) HasIngress ¶
func (cnf *Configurator) HasIngress(ing *networking.Ingress) bool
HasIngress checks if the Ingress resource is present in NGINX configuration.
func (*Configurator) HasMinion ¶
func (cnf *Configurator) HasMinion(master *networking.Ingress, minion *networking.Ingress) bool
HasMinion checks if the minion Ingress resource of the master is present in NGINX configuration.
func (*Configurator) IsResolverConfigured ¶
func (cnf *Configurator) IsResolverConfigured() bool
IsResolverConfigured checks if a DNS resolver is present in NGINX configuration.
func (*Configurator) UpdateConfig ¶
func (cnf *Configurator) UpdateConfig(cfgParams *ConfigParams, ingExes []*IngressEx, mergeableIngs map[string]*MergeableIngresses, virtualServerExes []*VirtualServerEx) (Warnings, error)
UpdateConfig updates NGINX configuration parameters.
func (*Configurator) UpdateEndpoints ¶
func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error
UpdateEndpoints updates endpoints in NGINX configuration for the Ingress resources.
func (*Configurator) UpdateEndpointsForTransportServers ¶ added in v1.7.0
func (cnf *Configurator) UpdateEndpointsForTransportServers(transportServerExes []*TransportServerEx) error
UpdateEndpointsForTransportServers updates endpoints in NGINX configuration for the TransportServer resources.
func (*Configurator) UpdateEndpointsForVirtualServers ¶
func (cnf *Configurator) UpdateEndpointsForVirtualServers(virtualServerExes []*VirtualServerEx) error
UpdateEndpointsForVirtualServers updates endpoints in NGINX configuration for the VirtualServer resources.
func (*Configurator) UpdateEndpointsMergeableIngress ¶
func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngresses []*MergeableIngresses) error
UpdateEndpointsMergeableIngress updates endpoints in NGINX configuration for a mergeable Ingress resource.
func (*Configurator) UpdateGlobalConfiguration ¶ added in v1.7.0
func (cnf *Configurator) UpdateGlobalConfiguration(globalConfiguration *conf_v1alpha1.GlobalConfiguration, transportServerExes []*TransportServerEx) (updatedTransportServerExes []*TransportServerEx, deletedTransportServerExes []*TransportServerEx, err error)
UpdateGlobalConfiguration updates NGINX config based on the changes to the GlobalConfiguration resource. Currently, changes to the GlobalConfiguration only affect TransportServer resources. As a result of the changes, the configuration for TransportServers is updated and some TransportServers might be removed from NGINX.
type GlobalConfigParams ¶ added in v1.7.0
GlobalConfigParams holds global configuration parameters. For now, it only holds listeners. GlobalConfigParams should replace ConfigParams in the future.
func NewDefaultGlobalConfigParams ¶ added in v1.7.0
func NewDefaultGlobalConfigParams() *GlobalConfigParams
NewDefaultGlobalConfigParams creates a GlobalConfigParams with default values.
func NewGlobalConfigParamsWithTLSPassthrough ¶ added in v1.7.0
func NewGlobalConfigParamsWithTLSPassthrough() *GlobalConfigParams
NewGlobalConfigParamsWithTLSPassthrough creates new GlobalConfigParams with enabled TLS Passthrough listener.
func ParseGlobalConfiguration ¶ added in v1.7.0
func ParseGlobalConfiguration(gc *conf_v1alpha1.GlobalConfiguration, tlsPassthrough bool) *GlobalConfigParams
type IngressEx ¶
type IngressEx struct { Ingress *networking.Ingress TLSSecrets map[string]*api_v1.Secret JWTKey JWTKey Endpoints map[string][]string HealthChecks map[string]*api_v1.Probe ExternalNameSvcs map[string]bool PodsByIP map[string]PodInfo AppProtectPolicy *unstructured.Unstructured AppProtectLogConf *unstructured.Unstructured AppProtectLogDst string }
IngressEx holds an Ingress along with the resources that are referenced in this Ingress.
type Listener ¶ added in v1.7.0
Listener represents a listener that can be used in a TransportServer resource.
type MergeableIngresses ¶
MergeableIngresses is a mergeable ingress of a master and minions.
type MeshPodOwner ¶ added in v1.9.0
type MeshPodOwner struct { // OwnerType is one of the following: statefulset, daemonset, deployment. OwnerType string // OwnerName is the name of the statefulset, daemonset, or deployment. OwnerName string }
MeshPodOwner contains the type and name of the K8s resource that owns the pod. This owner information is needed for NGINX Service Mesh metrics.
type PodInfo ¶ added in v1.9.0
type PodInfo struct { Name string MeshPodOwner }
PodInfo contains the name of the Pod and the MeshPodOwner information which is used for NGINX Service Mesh metrics.
type StaticConfigParams ¶
type StaticConfigParams struct { HealthStatus bool HealthStatusURI string NginxStatus bool NginxStatusAllowCIDRs []string NginxStatusPort int StubStatusOverUnixSocketForOSS bool TLSPassthrough bool EnableSnippets bool NginxServiceMesh bool EnableInternalRoutes bool MainAppProtectLoadModule bool PodName string EnableLatencyMetrics bool }
StaticConfigParams holds immutable NGINX configuration parameters that affect the main NGINX config.
type TransportServerEx ¶ added in v1.7.0
type TransportServerEx struct { TransportServer *conf_v1alpha1.TransportServer Endpoints map[string][]string }
TransportServerEx holds a TransportServer along with the resources referenced by it.
func (*TransportServerEx) String ¶ added in v1.7.0
func (tsEx *TransportServerEx) String() string
type VirtualServerEx ¶
type VirtualServerEx struct { VirtualServer *conf_v1.VirtualServer Endpoints map[string][]string TLSSecret *api_v1.Secret VirtualServerRoutes []*conf_v1.VirtualServerRoute ExternalNameSvcs map[string]bool Policies map[string]*conf_v1alpha1.Policy PodsByIP map[string]PodInfo }
VirtualServerEx holds a VirtualServer along with the resources that are referenced in this VirtualServer.
func (*VirtualServerEx) String ¶
func (vsx *VirtualServerEx) String() string