nginx

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2018 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TLS Secret
	TLS = iota
	// JWK Secret
	JWK
)
View Source
const DefaultServerSecretName = "default"

DefaultServerSecretName is the filename of the Secret with a TLS cert and a key for the default server

View Source
const JWTKey = "jwk"

JWTKey is the key of the data field of a Secret where the JWK must be stored.

View Source
const JWTKeyAnnotation = "nginx.com/jwt-key"

JWTKeyAnnotation is the annotation where the Secret with a JWK is specified.

View Source
const TLSSecretFileMode = 0600

TLSSecretFileMode defines the default filemode for files with TLS Secrets

Variables

This section is empty.

Functions

func GenerateCertAndKeyFileContent added in v1.0.0

func GenerateCertAndKeyFileContent(secret *api_v1.Secret) []byte

GenerateCertAndKeyFileContent generates a pem file content from the secret

func GetMapKeyAsBool added in v0.6.0

func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error)

GetMapKeyAsBool searches the map for the given key and parses the key as bool

func GetMapKeyAsInt added in v0.6.0

func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int64, bool, error)

GetMapKeyAsInt tries to find and parse a key in a map as int64

func GetMapKeyAsStringSlice added in v0.7.0

func GetMapKeyAsStringSlice(m map[string]string, key string, context apiObject, delimiter string) ([]string, bool, error)

GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter

func GetSecretKind added in v1.0.0

func GetSecretKind(secret *api_v1.Secret) (int, error)

GetSecretKind returns the kind of the Secret.

func ParseLBMethod added in v1.2.0

func ParseLBMethod(method string) (string, error)

ParseLBMethod parses method and matches it to a corresponding load balancing method in NGINX. An error is returned if method is not valid

func ParseLBMethodForPlus added in v1.2.0

func ParseLBMethodForPlus(method string) (string, error)

ParseLBMethodForPlus parses method and matches it to a corresponding load balancing method in NGINX Plus. An error is returned if method is not valid

func ParseSlowStart added in v1.3.0

func ParseSlowStart(s string) (string, error)

ParseSlowStart ensures that the slow_start value in the annotation is valid.

func ValidateJWKSecret added in v1.0.0

func ValidateJWKSecret(secret *api_v1.Secret) error

ValidateJWKSecret validates the secret. If it is valid, the function returns nil.

func ValidateTLSSecret added in v1.0.0

func ValidateTLSSecret(secret *api_v1.Secret) error

ValidateTLSSecret validates the secret. If it is valid, the function returns nil.

Types

type Config

type Config struct {
	LocationSnippets              []string
	ServerSnippets                []string
	ServerTokens                  string
	ProxyConnectTimeout           string
	ProxyReadTimeout              string
	ClientMaxBodySize             string
	HTTP2                         bool
	RedirectToHTTPS               bool
	SSLRedirect                   bool
	MainMainSnippets              []string
	MainHTTPSnippets              []string
	MainServerNamesHashBucketSize string
	MainServerNamesHashMaxSize    string
	MainLogFormat                 string
	ProxyBuffering                bool
	ProxyBuffers                  string
	ProxyBufferSize               string
	ProxyMaxTempFileSize          string
	ProxyProtocol                 bool
	ProxyHideHeaders              []string
	ProxyPassHeaders              []string
	HSTS                          bool
	HSTSMaxAge                    int64
	HSTSIncludeSubdomains         bool
	LBMethod                      string
	MainWorkerProcesses           string
	MainWorkerCPUAffinity         string
	MainWorkerShutdownTimeout     string
	MainWorkerConnections         string
	MainWorkerRlimitNofile        string
	Keepalive                     int64
	MaxFails                      int64
	FailTimeout                   string
	HealthCheckEnabled            bool
	HealthCheckMandatory          bool
	HealthCheckMandatoryQueue     int64
	SlowStart                     string

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool

	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	MainServerSSLProtocols           string
	MainServerSSLPreferServerCiphers bool
	MainServerSSLCiphers             string
	MainServerSSLDHParam             string
	MainServerSSLDHParamFileContent  *string

	MainTemplate    *string
	IngressTemplate *string

	JWTRealm    string
	JWTKey      string
	JWTToken    string
	JWTLoginURL string

	Ports    []int
	SSLPorts []int
}

Config holds NGINX configuration parameters

func NewDefaultConfig

func NewDefaultConfig() *Config

NewDefaultConfig creates a Config with default values

func ParseConfigMap added in v1.3.0

func ParseConfigMap(cfgm *api_v1.ConfigMap, nginxPlus bool) *Config

ParseConfigMap Parse ConfigMap to Config

type Configurator

type Configurator struct {
	// contains filtered or unexported fields
}

Configurator transforms an Ingress resource into NGINX Configuration

func NewConfigurator

func NewConfigurator(nginx *NginxController, config *Config, nginxAPI *plus.NginxAPIController, templateExecutor *TemplateExecutor) *Configurator

NewConfigurator creates a new Configurator

func (*Configurator) AddOrUpdateDHParam added in v0.7.0

func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)

AddOrUpdateDHParam creates a dhparam file with the content of the string.

func (*Configurator) AddOrUpdateDefaultServerTLSSecret added in v1.0.0

func (cnf *Configurator) AddOrUpdateDefaultServerTLSSecret(secret *api_v1.Secret) error

AddOrUpdateDefaultServerTLSSecret creates or updates a file with a TLS cert and a key from the secret for the default server.

func (*Configurator) AddOrUpdateIngress

func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) error

AddOrUpdateIngress adds or updates NGINX configuration for the Ingress resource

func (*Configurator) AddOrUpdateMergableIngress added in v1.2.0

func (cnf *Configurator) AddOrUpdateMergableIngress(mergeableIngs *MergeableIngresses) error

AddOrUpdateMergableIngress adds or updates NGINX configuration for the Ingress resources with Mergeable Types

func (*Configurator) AddOrUpdateSecret added in v1.0.0

func (cnf *Configurator) AddOrUpdateSecret(secret *api_v1.Secret) error

AddOrUpdateSecret creates or updates a file with the content of the secret

func (*Configurator) DeleteIngress

func (cnf *Configurator) DeleteIngress(key string) error

DeleteIngress deletes NGINX configuration for the Ingress resource

func (*Configurator) DeleteSecret added in v1.0.0

func (cnf *Configurator) DeleteSecret(key string, ings []extensions.Ingress) error

DeleteSecret deletes the file associated with the secret and the configuration files for the Ingress resources. NGINX is reloaded only when len(ings) > 0

func (*Configurator) HasIngress added in v1.1.0

func (cnf *Configurator) HasIngress(ing *extensions.Ingress) bool

HasIngress checks if the Ingress resource is present in NGINX configuration

func (*Configurator) HasMinion added in v1.3.0

func (cnf *Configurator) HasMinion(master *extensions.Ingress, minion *extensions.Ingress) bool

HasMinion checks if the minion Ingress resource of the master is present in NGINX configuration

func (*Configurator) UpdateConfig

func (cnf *Configurator) UpdateConfig(config *Config, ingExes []*IngressEx, mergeableIngs map[string]*MergeableIngresses) error

UpdateConfig updates NGINX Configuration parameters

func (*Configurator) UpdateEndpoints

func (cnf *Configurator) UpdateEndpoints(ingEx *IngressEx) error

UpdateEndpoints updates endpoints in NGINX configuration for the Ingress resource

func (*Configurator) UpdateEndpointsMergeableIngress added in v1.2.0

func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergeableIngs *MergeableIngresses) error

UpdateEndpointsMergeableIngress updates endpoints in NGINX configuration for a mergeable Ingress resource

type HealthCheck added in v1.3.0

type HealthCheck struct {
	UpstreamName   string
	URI            string
	Interval       int32
	Fails          int32
	Passes         int32
	Scheme         string
	Mandatory      bool
	Headers        map[string]string
	TimeoutSeconds int64
}

HealthCheck describes an active HTTP health check

type IngressEx

type IngressEx struct {
	Ingress      *extensions.Ingress
	TLSSecrets   map[string]*api_v1.Secret
	JWTKey       *api_v1.Secret
	Endpoints    map[string][]string
	HealthChecks map[string]*api_v1.Probe
}

IngressEx holds an Ingress along with Secrets and Endpoints of the services that are referenced in this Ingress

type IngressNginxConfig

type IngressNginxConfig struct {
	Upstreams []Upstream
	Servers   []Server
	Keepalive string
}

IngressNginxConfig describes an NGINX configuration

type JWTAuth added in v1.3.0

type JWTAuth struct {
	Key                  string
	Realm                string
	Token                string
	RedirectLocationName string
}

JWTAuth holds JWT authentication configuration

type JWTRedirectLocation added in v1.3.0

type JWTRedirectLocation struct {
	Name     string
	LoginURL string
}

JWTRedirectLocation describes a location for redirecting client requests to a login URL for JWT Authentication

type Location

type Location struct {
	LocationSnippets     []string
	Path                 string
	Upstream             Upstream
	ProxyConnectTimeout  string
	ProxyReadTimeout     string
	ClientMaxBodySize    string
	Websocket            bool
	Rewrite              string
	SSL                  bool
	GRPC                 bool
	ProxyBuffering       bool
	ProxyBuffers         string
	ProxyBufferSize      string
	ProxyMaxTempFileSize string
	JWTAuth              *JWTAuth

	// Used for mergeable types
	IngressResource string
}

Location describes an NGINX location

type MergeableIngresses added in v1.2.0

type MergeableIngresses struct {
	Master  *IngressEx
	Minions []*IngressEx
}

type NginxController

type NginxController struct {
	// contains filtered or unexported fields
}

NginxController updates NGINX configuration, starts and reloads NGINX

func NewNginxController

func NewNginxController(nginxConfPath string, local bool) *NginxController

NewNginxController creates a NGINX controller

func (*NginxController) AddOrUpdateDHParam added in v0.7.0

func (nginx *NginxController) AddOrUpdateDHParam(dhparam string) (string, error)

AddOrUpdateDHParam creates the servers dhparam.pem file

func (*NginxController) AddOrUpdateSecretFile added in v1.0.0

func (nginx *NginxController) AddOrUpdateSecretFile(name string, content []byte, mode os.FileMode) string

AddOrUpdateSecretFile creates a file with the specified name, content and mode.

func (*NginxController) DeleteIngress

func (nginx *NginxController) DeleteIngress(name string)

DeleteIngress deletes the configuration file, which corresponds for the specified ingress from NGINX conf directory

func (*NginxController) DeleteSecretFile added in v1.0.0

func (nginx *NginxController) DeleteSecretFile(name string)

DeleteSecretFile the file with a Secret

func (*NginxController) Quit added in v1.0.0

func (nginx *NginxController) Quit()

Quit shutdowns NGINX gracefully

func (*NginxController) Reload

func (nginx *NginxController) Reload() error

Reload reloads NGINX

func (*NginxController) Start

func (nginx *NginxController) Start(done chan error)

Start starts NGINX

func (*NginxController) UpdateIngressConfigFile added in v1.3.0

func (nginx *NginxController) UpdateIngressConfigFile(name string, cfg []byte)

UpdateIngressConfigFile writes the Ingress configuration file to the filesystem

func (*NginxController) UpdateMainConfigFile

func (nginx *NginxController) UpdateMainConfigFile(cfg []byte)

UpdateMainConfigFile writes the main NGINX configuration file to the filesystem

type NginxMainConfig

type NginxMainConfig struct {
	ServerNamesHashBucketSize string
	ServerNamesHashMaxSize    string
	LogFormat                 string
	HealthStatus              bool
	MainSnippets              []string
	HTTPSnippets              []string
	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	SSLProtocols           string
	SSLPreferServerCiphers bool
	SSLCiphers             string
	SSLDHParam             string
	HTTP2                  bool
	ServerTokens           string
	ProxyProtocol          bool
	WorkerProcesses        string
	WorkerCPUAffinity      string
	WorkerShutdownTimeout  string
	WorkerConnections      string
	WorkerRlimitNofile     string
}

NginxMainConfig describe the main NGINX configuration file

func GenerateNginxMainConfig added in v1.3.0

func GenerateNginxMainConfig(config *Config) *NginxMainConfig

GenerateNginxMainConfig generate NginxMainConfig from Config

type Server

type Server struct {
	ServerSnippets        []string
	Name                  string
	ServerTokens          string
	Locations             []Location
	SSL                   bool
	SSLCertificate        string
	SSLCertificateKey     string
	GRPCOnly              bool
	StatusZone            string
	HTTP2                 bool
	RedirectToHTTPS       bool
	SSLRedirect           bool
	ProxyProtocol         bool
	HSTS                  bool
	HSTSMaxAge            int64
	HSTSIncludeSubdomains bool
	ProxyHideHeaders      []string
	ProxyPassHeaders      []string

	HealthChecks map[string]HealthCheck

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool

	JWTAuth              *JWTAuth
	JWTRedirectLocations []JWTRedirectLocation

	Ports    []int
	SSLPorts []int

	// Used for mergeable types
	IngressResource string
}

Server describes an NGINX server

type TemplateExecutor added in v1.3.0

type TemplateExecutor struct {
	HealthStatus bool
	// contains filtered or unexported fields
}

TemplateExecutor executes NGINX configuration templates

func NewTemplateExecutor added in v1.3.0

func NewTemplateExecutor(mainTemplatePath string, ingressTemplatePath string, healthStatus bool) (*TemplateExecutor, error)

NewTemplateExecutor creates a TemplateExecutor

func (*TemplateExecutor) ExecuteIngressConfigTemplate added in v1.3.0

func (te *TemplateExecutor) ExecuteIngressConfigTemplate(cfg *IngressNginxConfig) ([]byte, error)

ExecuteIngressConfigTemplate generates the content of a NGINX configuration file for an Ingress resource

func (*TemplateExecutor) ExecuteMainConfigTemplate added in v1.3.0

func (te *TemplateExecutor) ExecuteMainConfigTemplate(cfg *NginxMainConfig) ([]byte, error)

ExecuteMainConfigTemplate generates the content of the main NGINX configuration file

func (*TemplateExecutor) UpdateIngressTemplate added in v1.3.0

func (te *TemplateExecutor) UpdateIngressTemplate(templateString *string) error

UpdateIngressTemplate updates the ingress template

func (*TemplateExecutor) UpdateMainTemplate added in v1.3.0

func (te *TemplateExecutor) UpdateMainTemplate(templateString *string) error

UpdateMainTemplate updates the main NGINX template

type Upstream

type Upstream struct {
	Name            string
	UpstreamServers []UpstreamServer
	StickyCookie    string
	LBMethod        string
	Queue           int64
	QueueTimeout    int64
}

Upstream describes an NGINX upstream

func NewUpstreamWithDefaultServer

func NewUpstreamWithDefaultServer(name string) Upstream

NewUpstreamWithDefaultServer creates an upstream with the default server. proxy_pass to an upstream with the default server returns 502. We use it for services that have no endpoints

type UpstreamServer

type UpstreamServer struct {
	Address     string
	Port        string
	MaxFails    int64
	FailTimeout string
	SlowStart   string
}

UpstreamServer describes a server in an NGINX upstream

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL