k8s

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2020 License: Apache-2.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TLS Secret
	TLS = iota
	// JWK Secret
	JWK
)
View Source
const JWTKeyKey = "jwk"

JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.

Variables

This section is empty.

Functions

func GetSecretKind

func GetSecretKind(secret *v1.Secret) (int, error)

GetSecretKind returns the kind of the Secret.

func NewSpiffeController added in v1.7.1

func NewSpiffeController(sync func(*workload.X509SVIDs), spireAgentAddr string) (*spiffeController, error)

NewSpiffeController creates the spiffeWatcher and the Spiffe Workload API Client, returns an error if the client cannot connect to the Spire Agent.

func ParseNamespaceName

func ParseNamespaceName(value string) (ns string, name string, err error)

ParseNamespaceName parses the string in the <namespace>/<name> format and returns the name and the namespace. It returns an error in case the string does not follow the <namespace>/<name> format.

func ParseResourceReferenceAnnotation added in v1.8.0

func ParseResourceReferenceAnnotation(ns, antn string) string

ParseResourceReferenceAnnotation returns a namespace/name string

func ValidateAppProtectLogConf added in v1.8.0

func ValidateAppProtectLogConf(logConf *unstructured.Unstructured) error

ValidateAppProtectLogConf validates LogConfiguration resource

func ValidateAppProtectLogDestinationAnnotation added in v1.8.0

func ValidateAppProtectLogDestinationAnnotation(dstAntn string) error

ValidateAppProtectLogDestinationAnnotation validates annotation for log destination configuration

func ValidateAppProtectPolicy added in v1.8.0

func ValidateAppProtectPolicy(policy *unstructured.Unstructured) error

ValidateAppProtectPolicy validates Policy resource

func ValidateJWKSecret

func ValidateJWKSecret(secret *v1.Secret) error

ValidateJWKSecret validates the secret. If it is valid, the function returns nil.

func ValidateTLSSecret

func ValidateTLSSecret(secret *v1.Secret) error

ValidateTLSSecret validates the secret. If it is valid, the function returns nil.

Types

type LoadBalancerController

type LoadBalancerController struct {
	// contains filtered or unexported fields
}

LoadBalancerController watches Kubernetes API and reconfigures NGINX via NginxController when needed

func NewLoadBalancerController

func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalancerController

NewLoadBalancerController creates a controller

func (*LoadBalancerController) AddSyncQueue

func (lbc *LoadBalancerController) AddSyncQueue(item interface{})

AddSyncQueue enqueues the provided item on the sync queue

func (*LoadBalancerController) EnqueueIngressForService

func (lbc *LoadBalancerController) EnqueueIngressForService(svc *api_v1.Service)

EnqueueIngressForService enqueues the ingress for the given service

func (*LoadBalancerController) EnqueueTransportServerForService added in v1.7.0

func (lbc *LoadBalancerController) EnqueueTransportServerForService(service *api_v1.Service)

EnqueueTransportServerForService enqueues TransportServers for the given service.

func (*LoadBalancerController) EnqueueVirtualServersForService

func (lbc *LoadBalancerController) EnqueueVirtualServersForService(service *api_v1.Service)

EnqueueVirtualServersForService enqueues VirtualServers for the given service.

func (*LoadBalancerController) FindMasterForMinion

func (lbc *LoadBalancerController) FindMasterForMinion(minion *extensions.Ingress) (*extensions.Ingress, error)

FindMasterForMinion returns a master for a given minion

func (*LoadBalancerController) GetManagedIngresses

func (lbc *LoadBalancerController) GetManagedIngresses() ([]extensions.Ingress, map[string]*configs.MergeableIngresses)

GetManagedIngresses gets Ingress resources that the IC is currently responsible for

func (*LoadBalancerController) HasCorrectIngressClass added in v1.8.0

func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool

HasCorrectIngressClass checks if resource ingress class annotation (if exists) or ingressClass string for VS/VSR is matching with ingress controller class

func (*LoadBalancerController) IsExternalServiceForStatus

func (lbc *LoadBalancerController) IsExternalServiceForStatus(svc *api_v1.Service) bool

IsExternalServiceForStatus matches the service specified by the external-service arg

func (*LoadBalancerController) IsNginxReady added in v1.8.0

func (lbc *LoadBalancerController) IsNginxReady() bool

IsNginxReady returns ready status of NGINX

func (*LoadBalancerController) Run

func (lbc *LoadBalancerController) Run()

Run starts the loadbalancer controller

func (*LoadBalancerController) Stop

func (lbc *LoadBalancerController) Stop()

Stop shutdowns the load balancer controller

func (*LoadBalancerController) UpdateManagedAndMergeableIngresses

func (lbc *LoadBalancerController) UpdateManagedAndMergeableIngresses(ingresses []v1beta1.Ingress, mergeableIngresses map[string]*configs.MergeableIngresses) error

UpdateManagedAndMergeableIngresses invokes the UpdateManagedAndMergeableIngresses method on the Status Updater

func (*LoadBalancerController) ValidateSecret

func (lbc *LoadBalancerController) ValidateSecret(secret *api_v1.Secret) error

ValidateSecret validates that the secret follows the TLS Secret format. For NGINX Plus, it also checks if the secret follows the JWK Secret format.

type NewLoadBalancerControllerInput

type NewLoadBalancerControllerInput struct {
	KubeClient                   kubernetes.Interface
	ConfClient                   k8s_nginx.Interface
	DynClient                    dynamic.Interface
	ResyncPeriod                 time.Duration
	Namespace                    string
	NginxConfigurator            *configs.Configurator
	DefaultServerSecret          string
	AppProtectEnabled            bool
	IsNginxPlus                  bool
	IngressClass                 string
	UseIngressClassOnly          bool
	ExternalServiceName          string
	ControllerNamespace          string
	ReportIngressStatus          bool
	IsLeaderElectionEnabled      bool
	LeaderElectionLockName       string
	WildcardTLSSecret            string
	ConfigMaps                   string
	GlobalConfiguration          string
	AreCustomResourcesEnabled    bool
	MetricsCollector             collectors.ControllerCollector
	GlobalConfigurationValidator *validation.GlobalConfigurationValidator
	TransportServerValidator     *validation.TransportServerValidator
	SpireAgentAddress            string
}

NewLoadBalancerControllerInput holds the input needed to call NewLoadBalancerController.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL