k8s

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2021 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// IngressControllerName holds Ingress Controller name
	IngressControllerName = "nginx.org/ingress-controller"
)

Variables

This section is empty.

Functions

func GetK8sVersion added in v1.9.0 

func GetK8sVersion(client kubernetes.Interface) (v *version.Version, err error)

GetK8sVersion returns the running version of k8s

func NewSpiffeController added in v1.7.1 

func NewSpiffeController(sync func(*workload.X509SVIDs), spireAgentAddr string) (*spiffeController, error)

NewSpiffeController creates the spiffeWatcher and the Spiffe Workload API Client, returns an error if the client cannot connect to the Spire Agent.

func ParseNamespaceName 

func ParseNamespaceName(value string) (ns string, name string, err error)

ParseNamespaceName parses the string in the <namespace>/<name> format and returns the name and the namespace. It returns an error in case the string does not follow the <namespace>/<name> format.

func ParseResourceReferenceAnnotation added in v1.8.0 

func ParseResourceReferenceAnnotation(ns, antn string) string

ParseResourceReferenceAnnotation returns a namespace/name string

func ValidateAppProtectLogConf added in v1.8.0 

func ValidateAppProtectLogConf(logConf *unstructured.Unstructured) error

ValidateAppProtectLogConf validates LogConfiguration resource

func ValidateAppProtectLogDestinationAnnotation added in v1.8.0 

func ValidateAppProtectLogDestinationAnnotation(dstAntn string) error

ValidateAppProtectLogDestinationAnnotation validates annotation for log destination configuration

func ValidateAppProtectPolicy added in v1.8.0 

func ValidateAppProtectPolicy(policy *unstructured.Unstructured) error

ValidateAppProtectPolicy validates Policy resource

Types

type AppProtectChange added in v1.10.0 

type AppProtectChange struct {
	// Op is an operation that needs be performed on the resource.
	Op Operation
	// Resource is the target resource.
	Resource interface{}
}

AppProtectChange represents a change in an App Protect resource

type AppProtectConfiguration added in v1.10.0 

type AppProtectConfiguration struct {
	Policies map[string]*AppProtectPolicyEx
	LogConfs map[string]*AppProtectLogConfEx
	UserSigs map[string]*AppProtectUserSigEx
}

AppProtectConfiguration holds representations of App Protect cluster resources

func NewAppProtectConfiguration added in v1.10.0 

func NewAppProtectConfiguration() *AppProtectConfiguration

NewAppProtectConfiguration creates a new AppProtectConfiguration

func (*AppProtectConfiguration) AddOrUpdateLogConf added in v1.10.0 

func (apc *AppProtectConfiguration) AddOrUpdateLogConf(logconfObj *unstructured.Unstructured) (changes []AppProtectChange, problems []AppProtectProblem)

AddOrUpdateLogConf adds or updates App Protect Log Configuration to App Protect Configuration

func (*AppProtectConfiguration) AddOrUpdatePolicy added in v1.10.0 

func (apc *AppProtectConfiguration) AddOrUpdatePolicy(policyObj *unstructured.Unstructured) (changes []AppProtectChange, problems []AppProtectProblem)

AddOrUpdatePolicy adds or updates an App Protect Policy to App Protect Configuration

func (*AppProtectConfiguration) AddOrUpdateUserSig added in v1.10.0 

func (apc *AppProtectConfiguration) AddOrUpdateUserSig(userSigObj *unstructured.Unstructured) (change AppProtectUserSigChange, problems []AppProtectProblem)

AddOrUpdateUserSig adds or updates App Protect User Defined Signature to App Protect Configuration

func (*AppProtectConfiguration) DeleteLogConf added in v1.10.0 

func (apc *AppProtectConfiguration) DeleteLogConf(key string) (changes []AppProtectChange, problems []AppProtectProblem)

DeleteLogConf deletes an App Protect Log Configuration from App Protect Configuration

func (*AppProtectConfiguration) DeletePolicy added in v1.10.0 

func (apc *AppProtectConfiguration) DeletePolicy(key string) (changes []AppProtectChange, problems []AppProtectProblem)

DeletePolicy deletes an App Protect Policy from App Protect Configuration

func (*AppProtectConfiguration) DeleteUserSig added in v1.10.0 

func (apc *AppProtectConfiguration) DeleteUserSig(key string) (change AppProtectUserSigChange, problems []AppProtectProblem)

DeleteUserSig deletes an App Protect User Defined Signature from App Protect Configuration

func (*AppProtectConfiguration) GetAppResource added in v1.10.0 

func (apc *AppProtectConfiguration) GetAppResource(kind, key string) (*unstructured.Unstructured, error)

GetAppResource returns a pointer to an App Protect resource

type AppProtectLogConfEx added in v1.10.0 

type AppProtectLogConfEx struct {
	Obj      *unstructured.Unstructured
	IsValid  bool
	ErrorMsg string
}

AppProtectLogConfEx represents an App Protect Log Configuration cluster resource

type AppProtectPolicyEx added in v1.10.0 

type AppProtectPolicyEx struct {
	Obj           *unstructured.Unstructured
	SignatureReqs []SignatureReq
	IsValid       bool
	ErrorMsg      string
}

AppProtectPolicyEx represents an App Protect policy cluster resource

type AppProtectProblem added in v1.10.0 

type AppProtectProblem struct {
	// Object is a configuration object.
	Object *unstructured.Unstructured
	// Reason tells the reason. It matches the reason in the events of our configuration objects.
	Reason string
	// Messages gives the details about the problem. It matches the message in the events of our configuration objects.
	Message string
}

AppProtectProblem represents a problem with an App Protect resource

type AppProtectUserSigChange added in v1.10.0 

type AppProtectUserSigChange struct {
	PolicyDeletions     []*unstructured.Unstructured
	PolicyAddsOrUpdates []*unstructured.Unstructured
	UserSigs            []*unstructured.Unstructured
}

AppProtectUserSigChange holds resources that are affected by changes in UserSigs

type AppProtectUserSigEx added in v1.10.0 

type AppProtectUserSigEx struct {
	Obj      *unstructured.Unstructured
	Tag      string
	RevTime  *time.Time
	IsValid  bool
	ErrorMsg string
}

AppProtectUserSigEx represents an App Protect User Defined Signature cluster resource

type Configuration added in v1.9.0 

type Configuration struct {
	// contains filtered or unexported fields
}

Configuration represents the configuration of the Ingress Controller - a collection of configuration objects (Ingresses, VirtualServers, VirtualServerRoutes) ready to be transformed into NGINX config. It holds the latest valid state of those objects. The IC needs to ensure that at any point in time the NGINX config on the filesystem reflects the state of the objects in the Configuration.

func NewConfiguration added in v1.9.0 

func NewConfiguration(
	hasCorrectIngressClass func(interface{}) bool,
	isPlus bool,
	appProtectEnabled bool,
	internalRoutesEnabled bool,
	virtualServerValidator *validation.VirtualServerValidator,
) *Configuration

NewConfiguration creates a new Configuration.

func (*Configuration) AddOrUpdateIngress added in v1.9.0 

func (c *Configuration) AddOrUpdateIngress(ing *networking.Ingress) ([]ResourceChange, []ConfigurationProblem)

AddOrUpdateIngress adds or updates the Ingress resource.

func (*Configuration) AddOrUpdateVirtualServer added in v1.9.0 

func (c *Configuration) AddOrUpdateVirtualServer(vs *conf_v1.VirtualServer) ([]ResourceChange, []ConfigurationProblem)

AddOrUpdateVirtualServer adds or updates the VirtualServer resource.

func (*Configuration) AddOrUpdateVirtualServerRoute added in v1.9.0 

func (c *Configuration) AddOrUpdateVirtualServerRoute(vsr *conf_v1.VirtualServerRoute) ([]ResourceChange, []ConfigurationProblem)

AddOrUpdateVirtualServerRoute adds or updates the VirtualServerRoute.

func (*Configuration) DeleteIngress added in v1.9.0 

func (c *Configuration) DeleteIngress(key string) ([]ResourceChange, []ConfigurationProblem)

DeleteIngress deletes an Ingress resource by the key.

func (*Configuration) DeleteVirtualServer added in v1.9.0 

func (c *Configuration) DeleteVirtualServer(key string) ([]ResourceChange, []ConfigurationProblem)

DeleteVirtualServer deletes a VirtualServerResource by the key.

func (*Configuration) DeleteVirtualServerRoute added in v1.9.0 

func (c *Configuration) DeleteVirtualServerRoute(key string) ([]ResourceChange, []ConfigurationProblem)

DeleteVirtualServerRoute deletes a VirtualServerRoute by the key.

func (*Configuration) FindResourcesForAppProtectLogConf added in v1.9.0 

func (c *Configuration) FindResourcesForAppProtectLogConf(logConfNamespace string, logConfName string) []Resource

FindResourcesForAppProtectLogConf finds resources that reference the specified AppProtect LogConf.

func (*Configuration) FindResourcesForAppProtectPolicy added in v1.9.0 

func (c *Configuration) FindResourcesForAppProtectPolicy(policyNamespace string, policyName string) []Resource

FindResourcesForAppProtectPolicy finds resources that reference the specified AppProtect policy.

func (*Configuration) FindResourcesForEndpoints added in v1.9.0 

func (c *Configuration) FindResourcesForEndpoints(endpointsNamespace string, endpointsName string) []Resource

FindResourcesForEndpoints finds resources that reference the specified endpoints.

func (*Configuration) FindResourcesForPolicy added in v1.9.0 

func (c *Configuration) FindResourcesForPolicy(policyNamespace string, policyName string) []Resource

FindResourcesForPolicy finds resources that reference the specified policy.

func (*Configuration) FindResourcesForSecret added in v1.9.0 

func (c *Configuration) FindResourcesForSecret(secretNamespace string, secretName string) []Resource

FindResourcesForSecret finds resources that reference the specified secret.

func (*Configuration) FindResourcesForService added in v1.9.0 

func (c *Configuration) FindResourcesForService(svcNamespace string, svcName string) []Resource

FindResourcesForService finds resources that reference the specified service.

func (*Configuration) GetResources added in v1.9.0 

func (c *Configuration) GetResources() []Resource

GetResources returns all configuration resources.

func (*Configuration) GetResourcesWithFilter added in v1.9.0 

func (c *Configuration) GetResourcesWithFilter(filter resourceFilter) []Resource

GetResourcesWithFilter returns resources using the filter.

type ConfigurationProblem added in v1.9.0 

type ConfigurationProblem struct {
	// Object is a configuration object.
	Object runtime.Object
	// IsError tells if the problem is an error. If it is an error, then it is expected that the status of the object
	// will be updated to the state 'invalid'. Otherwise, the state will be 'warning'.
	IsError bool
	// Reason tells the reason. It matches the reason in the events/status of our configuration objects.
	Reason string
	// Messages gives the details about the problem. It matches the message in the events/status of our configuration objects.
	Message string
}

ConfigurationProblem is a problem associated with a configuration object.

type IngressConfiguration added in v1.10.0 

type IngressConfiguration struct {
	// Ingress holds a regular Ingress or a master Ingress.
	Ingress *networking.Ingress
	// IsMaster is true when the Ingress is a master.
	IsMaster bool
	// Minions contains minions if the Ingress is a master.
	Minions []*MinionConfiguration
	// ValidHosts marks the hosts of the Ingress as valid (true) or invalid (false).
	// Regular Ingress resources can have multiple hosts. It is possible that some of the hosts are taken by other
	// resources. In that case, those hosts will be marked as invalid.
	ValidHosts map[string]bool
	// Warnings includes all the warnings for the resource.
	Warnings []string
	// ChildWarnings includes the warnings of the minions. The key is the namespace/name.
	ChildWarnings map[string][]string
}

IngressConfiguration holds an Ingress resource with its minions. It implements the Resource interface.

func NewMasterIngressConfiguration added in v1.10.0 

func NewMasterIngressConfiguration(ing *networking.Ingress, minions []*MinionConfiguration, childWarnings map[string][]string) *IngressConfiguration

NewMasterIngressConfiguration creates an IngressConfiguration from a master Ingress resource.

func NewRegularIngressConfiguration added in v1.10.0 

func NewRegularIngressConfiguration(ing *networking.Ingress) *IngressConfiguration

NewRegularIngressConfiguration creates an IngressConfiguration from an Ingress resource.

func (*IngressConfiguration) AcquireHost added in v1.10.0 

func (ic *IngressConfiguration) AcquireHost(host string)

AcquireHost acquires the host for this resource.

func (*IngressConfiguration) AddWarning added in v1.10.0 

func (ic *IngressConfiguration) AddWarning(warning string)

AddWarning adds a warning.

func (*IngressConfiguration) GetKeyWithKind added in v1.10.0 

func (ic *IngressConfiguration) GetKeyWithKind() string

GetKeyWithKind returns the key of the resource with its kind. For example, Ingress/my-namespace/my-name.

func (*IngressConfiguration) GetObjectMeta added in v1.10.0 

func (ic *IngressConfiguration) GetObjectMeta() *metav1.ObjectMeta

GetObjectMeta returns the resource ObjectMeta.

func (*IngressConfiguration) IsEqual added in v1.10.0 

func (ic *IngressConfiguration) IsEqual(resource Resource) bool

IsEqual tests if the IngressConfiguration is equal to the resource.

func (*IngressConfiguration) ReleaseHost added in v1.10.0 

func (ic *IngressConfiguration) ReleaseHost(host string)

ReleaseHost releases the host.

func (*IngressConfiguration) Wins added in v1.10.0 

func (ic *IngressConfiguration) Wins(resource Resource) bool

Wins tells if this resource wins over the specified resource.

type LoadBalancerController 

type LoadBalancerController struct {
	// contains filtered or unexported fields
}

LoadBalancerController watches Kubernetes API and reconfigures NGINX via NginxController when needed

func NewLoadBalancerController 

func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalancerController

NewLoadBalancerController creates a controller

func (*LoadBalancerController) AddSyncQueue 

func (lbc *LoadBalancerController) AddSyncQueue(item interface{})

AddSyncQueue enqueues the provided item on the sync queue

func (*LoadBalancerController) EnqueueTransportServerForService added in v1.7.0 

func (lbc *LoadBalancerController) EnqueueTransportServerForService(service *api_v1.Service)

EnqueueTransportServerForService enqueues TransportServers for the given service.

func (*LoadBalancerController) HasCorrectIngressClass added in v1.8.0 

func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool

HasCorrectIngressClass checks if resource ingress class annotation (if exists) or ingressClass string for VS/VSR is matching with ingress controller class

func (*LoadBalancerController) IsExternalServiceForStatus 

func (lbc *LoadBalancerController) IsExternalServiceForStatus(svc *api_v1.Service) bool

IsExternalServiceForStatus matches the service specified by the external-service cli arg

func (*LoadBalancerController) IsExternalServiceKeyForStatus added in v1.9.0 

func (lbc *LoadBalancerController) IsExternalServiceKeyForStatus(key string) bool

IsExternalServiceKeyForStatus matches the service key specified by the external-service cli arg

func (*LoadBalancerController) IsNginxReady added in v1.8.0 

func (lbc *LoadBalancerController) IsNginxReady() bool

IsNginxReady returns ready status of NGINX

func (*LoadBalancerController) Run 

func (lbc *LoadBalancerController) Run()

Run starts the loadbalancer controller

func (*LoadBalancerController) Stop 

func (lbc *LoadBalancerController) Stop()

Stop shutdowns the load balancer controller

func (*LoadBalancerController) UpdateIngressStatusAndEventsOnDelete added in v1.9.0 

func (lbc *LoadBalancerController) UpdateIngressStatusAndEventsOnDelete(ingConfig *IngressConfiguration, changeError string, deleteErr error)

func (*LoadBalancerController) UpdateVirtualServerStatusAndEventsOnDelete added in v1.9.0 

func (lbc *LoadBalancerController) UpdateVirtualServerStatusAndEventsOnDelete(vsConfig *VirtualServerConfiguration, changeError string, deleteErr error)

type MinionConfiguration added in v1.10.0 

type MinionConfiguration struct {
	// Ingress is the Ingress behind a minion.
	Ingress *networking.Ingress
	// ValidPaths marks the paths of the Ingress as valid (true) or invalid (false).
	// Minion Ingress resources can have multiple paths. It is possible that some of the paths are taken by other
	// Minions. In that case, those paths will be marked as invalid.
	ValidPaths map[string]bool
}

MinionConfiguration holds a Minion resource.

func NewMinionConfiguration added in v1.10.0 

func NewMinionConfiguration(ing *networking.Ingress) *MinionConfiguration

NewMinionConfiguration creates a new MinionConfiguration.

type NewLoadBalancerControllerInput 

type NewLoadBalancerControllerInput struct {
	KubeClient                   kubernetes.Interface
	ConfClient                   k8s_nginx.Interface
	DynClient                    dynamic.Interface
	ResyncPeriod                 time.Duration
	Namespace                    string
	NginxConfigurator            *configs.Configurator
	DefaultServerSecret          string
	AppProtectEnabled            bool
	IsNginxPlus                  bool
	IngressClass                 string
	UseIngressClassOnly          bool
	ExternalServiceName          string
	IngressLink                  string
	ControllerNamespace          string
	ReportIngressStatus          bool
	IsLeaderElectionEnabled      bool
	LeaderElectionLockName       string
	WildcardTLSSecret            string
	ConfigMaps                   string
	GlobalConfiguration          string
	AreCustomResourcesEnabled    bool
	EnablePreviewPolicies        bool
	MetricsCollector             collectors.ControllerCollector
	GlobalConfigurationValidator *validation.GlobalConfigurationValidator
	TransportServerValidator     *validation.TransportServerValidator
	VirtualServerValidator       *validation.VirtualServerValidator
	SpireAgentAddress            string
	InternalRoutesEnabled        bool
	IsPrometheusEnabled          bool
	IsLatencyMetricsEnabled      bool
}

NewLoadBalancerControllerInput holds the input needed to call NewLoadBalancerController.

type Operation added in v1.9.0 

type Operation int

Operation defines an operation to perform for a resource. 

const (
	// Delete the config of the resource
	Delete Operation = iota
	// AddOrUpdate the config of the resource
	AddOrUpdate
)

type Resource added in v1.9.0 

type Resource interface {
	GetObjectMeta() *metav1.ObjectMeta
	GetKeyWithKind() string
	AcquireHost(host string)
	ReleaseHost(host string)
	Wins(resource Resource) bool
	AddWarning(warning string)
	IsEqual(resource Resource) bool
}

Resource represents a configuration resource. A Resource can be a top level configuration object: - Regular or Master Ingress - VirtualServer

type ResourceChange added in v1.9.0 

type ResourceChange struct {
	// Op is an operation that needs be performed on the resource.
	Op Operation
	// Resource is the target resource.
	Resource Resource
	// Error is the error associated with the resource.
	Error string
}

ResourceChange represents a change of the resource that needs to be reflected in the NGINX config.

type RevTimes added in v1.10.0 

type RevTimes struct {
	MinRevTime *time.Time
	MaxRevTime *time.Time
}

RevTimes are requirements for signature revision time

type SignatureReq added in v1.10.0 

type SignatureReq struct {
	Tag      string
	RevTimes *RevTimes
}

SignatureReq describes a signature that is Requiered by the policy

type VirtualServerConfiguration added in v1.10.0 

type VirtualServerConfiguration struct {
	VirtualServer       *conf_v1.VirtualServer
	VirtualServerRoutes []*conf_v1.VirtualServerRoute
	Warnings            []string
}

VirtualServerConfiguration holds a VirtualServer along with its VirtualServerRoutes.

func NewVirtualServerConfiguration added in v1.10.0 

func NewVirtualServerConfiguration(vs *conf_v1.VirtualServer, vsrs []*conf_v1.VirtualServerRoute, warnings []string) *VirtualServerConfiguration

NewVirtualServerConfiguration creates a VirtualServerConfiguration.

func (*VirtualServerConfiguration) AcquireHost added in v1.10.0 

func (vsc *VirtualServerConfiguration) AcquireHost(host string)

AcquireHost acquires the host for this resource.

func (*VirtualServerConfiguration) AddWarning added in v1.10.0 

func (vsc *VirtualServerConfiguration) AddWarning(warning string)

AddWarning adds a warning.

func (*VirtualServerConfiguration) GetKeyWithKind added in v1.10.0 

func (vsc *VirtualServerConfiguration) GetKeyWithKind() string

GetKeyWithKind returns the key of the resource with its kind. For example, VirtualServer/my-namespace/my-name.

func (*VirtualServerConfiguration) GetObjectMeta added in v1.10.0 

func (vsc *VirtualServerConfiguration) GetObjectMeta() *metav1.ObjectMeta

GetObjectMeta returns the resource ObjectMeta.

func (*VirtualServerConfiguration) IsEqual added in v1.10.0 

func (vsc *VirtualServerConfiguration) IsEqual(resource Resource) bool

IsEqual tests if the VirtualServerConfiguration is equal to the resource.

func (*VirtualServerConfiguration) ReleaseHost added in v1.10.0 

func (vsc *VirtualServerConfiguration) ReleaseHost(host string)

ReleaseHost releases the host.

func (*VirtualServerConfiguration) Wins added in v1.10.0 

func (vsc *VirtualServerConfiguration) Wins(resource Resource) bool

Wins tells if this resource wins over the specified resource. It is used to determine which resource should win over a host.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.