Documentation ¶
Index ¶
- Constants
- func GetSecretKind(secret *v1.Secret) (int, error)
- func NewSpiffeController(sync func(*workload.X509SVIDs), spireAgentAddr string) (*spiffeController, error)
- func ParseNamespaceName(value string) (ns string, name string, err error)
- func ParseResourceReferenceAnnotation(ns, antn string) string
- func ValidateAppProtectLogConf(logConf *unstructured.Unstructured) error
- func ValidateAppProtectLogDestinationAnnotation(dstAntn string) error
- func ValidateAppProtectPolicy(policy *unstructured.Unstructured) error
- func ValidateJWKSecret(secret *v1.Secret) error
- func ValidateTLSSecret(secret *v1.Secret) error
- type LoadBalancerController
- func (lbc *LoadBalancerController) AddSyncQueue(item interface{})
- func (lbc *LoadBalancerController) EnqueueIngressForService(svc *api_v1.Service)
- func (lbc *LoadBalancerController) EnqueueTransportServerForService(service *api_v1.Service)
- func (lbc *LoadBalancerController) EnqueueVirtualServersForService(service *api_v1.Service)
- func (lbc *LoadBalancerController) FindMasterForMinion(minion *extensions.Ingress) (*extensions.Ingress, error)
- func (lbc *LoadBalancerController) GetManagedIngresses() ([]extensions.Ingress, map[string]*configs.MergeableIngresses)
- func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool
- func (lbc *LoadBalancerController) IsExternalServiceForStatus(svc *api_v1.Service) bool
- func (lbc *LoadBalancerController) IsNginxReady() bool
- func (lbc *LoadBalancerController) Run()
- func (lbc *LoadBalancerController) Stop()
- func (lbc *LoadBalancerController) UpdateManagedAndMergeableIngresses(ingresses []v1beta1.Ingress, ...) error
- func (lbc *LoadBalancerController) ValidateSecret(secret *api_v1.Secret) error
- type NewLoadBalancerControllerInput
Constants ¶
const ( // TLS Secret TLS = iota // JWK Secret JWK )
const JWTKeyKey = "jwk"
JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.
Variables ¶
This section is empty.
Functions ¶
func GetSecretKind ¶
GetSecretKind returns the kind of the Secret.
func NewSpiffeController ¶ added in v1.7.1
func NewSpiffeController(sync func(*workload.X509SVIDs), spireAgentAddr string) (*spiffeController, error)
NewSpiffeController creates the spiffeWatcher and the Spiffe Workload API Client, returns an error if the client cannot connect to the Spire Agent.
func ParseNamespaceName ¶
ParseNamespaceName parses the string in the <namespace>/<name> format and returns the name and the namespace. It returns an error in case the string does not follow the <namespace>/<name> format.
func ParseResourceReferenceAnnotation ¶ added in v1.8.0
ParseResourceReferenceAnnotation returns a namespace/name string
func ValidateAppProtectLogConf ¶ added in v1.8.0
func ValidateAppProtectLogConf(logConf *unstructured.Unstructured) error
ValidateAppProtectLogConf validates LogConfiguration resource
func ValidateAppProtectLogDestinationAnnotation ¶ added in v1.8.0
ValidateAppProtectLogDestinationAnnotation validates annotation for log destination configuration
func ValidateAppProtectPolicy ¶ added in v1.8.0
func ValidateAppProtectPolicy(policy *unstructured.Unstructured) error
ValidateAppProtectPolicy validates Policy resource
func ValidateJWKSecret ¶
ValidateJWKSecret validates the secret. If it is valid, the function returns nil.
func ValidateTLSSecret ¶
ValidateTLSSecret validates the secret. If it is valid, the function returns nil.
Types ¶
type LoadBalancerController ¶
type LoadBalancerController struct {
// contains filtered or unexported fields
}
LoadBalancerController watches Kubernetes API and reconfigures NGINX via NginxController when needed
func NewLoadBalancerController ¶
func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalancerController
NewLoadBalancerController creates a controller
func (*LoadBalancerController) AddSyncQueue ¶
func (lbc *LoadBalancerController) AddSyncQueue(item interface{})
AddSyncQueue enqueues the provided item on the sync queue
func (*LoadBalancerController) EnqueueIngressForService ¶
func (lbc *LoadBalancerController) EnqueueIngressForService(svc *api_v1.Service)
EnqueueIngressForService enqueues the ingress for the given service
func (*LoadBalancerController) EnqueueTransportServerForService ¶ added in v1.7.0
func (lbc *LoadBalancerController) EnqueueTransportServerForService(service *api_v1.Service)
EnqueueTransportServerForService enqueues TransportServers for the given service.
func (*LoadBalancerController) EnqueueVirtualServersForService ¶
func (lbc *LoadBalancerController) EnqueueVirtualServersForService(service *api_v1.Service)
EnqueueVirtualServersForService enqueues VirtualServers for the given service.
func (*LoadBalancerController) FindMasterForMinion ¶
func (lbc *LoadBalancerController) FindMasterForMinion(minion *extensions.Ingress) (*extensions.Ingress, error)
FindMasterForMinion returns a master for a given minion
func (*LoadBalancerController) GetManagedIngresses ¶
func (lbc *LoadBalancerController) GetManagedIngresses() ([]extensions.Ingress, map[string]*configs.MergeableIngresses)
GetManagedIngresses gets Ingress resources that the IC is currently responsible for
func (*LoadBalancerController) HasCorrectIngressClass ¶ added in v1.8.0
func (lbc *LoadBalancerController) HasCorrectIngressClass(obj interface{}) bool
HasCorrectIngressClass checks if resource ingress class annotation (if exists) or ingressClass string for VS/VSR is matching with ingress controller class
func (*LoadBalancerController) IsExternalServiceForStatus ¶
func (lbc *LoadBalancerController) IsExternalServiceForStatus(svc *api_v1.Service) bool
IsExternalServiceForStatus matches the service specified by the external-service arg
func (*LoadBalancerController) IsNginxReady ¶ added in v1.8.0
func (lbc *LoadBalancerController) IsNginxReady() bool
IsNginxReady returns ready status of NGINX
func (*LoadBalancerController) Run ¶
func (lbc *LoadBalancerController) Run()
Run starts the loadbalancer controller
func (*LoadBalancerController) Stop ¶
func (lbc *LoadBalancerController) Stop()
Stop shutdowns the load balancer controller
func (*LoadBalancerController) UpdateManagedAndMergeableIngresses ¶
func (lbc *LoadBalancerController) UpdateManagedAndMergeableIngresses(ingresses []v1beta1.Ingress, mergeableIngresses map[string]*configs.MergeableIngresses) error
UpdateManagedAndMergeableIngresses invokes the UpdateManagedAndMergeableIngresses method on the Status Updater
func (*LoadBalancerController) ValidateSecret ¶
func (lbc *LoadBalancerController) ValidateSecret(secret *api_v1.Secret) error
ValidateSecret validates that the secret follows the TLS Secret format. For NGINX Plus, it also checks if the secret follows the JWK Secret format.
type NewLoadBalancerControllerInput ¶
type NewLoadBalancerControllerInput struct { KubeClient kubernetes.Interface ConfClient k8s_nginx.Interface DynClient dynamic.Interface ResyncPeriod time.Duration Namespace string NginxConfigurator *configs.Configurator DefaultServerSecret string AppProtectEnabled bool IsNginxPlus bool IngressClass string UseIngressClassOnly bool ExternalServiceName string ControllerNamespace string ReportIngressStatus bool IsLeaderElectionEnabled bool LeaderElectionLockName string WildcardTLSSecret string ConfigMaps string GlobalConfiguration string AreCustomResourcesEnabled bool MetricsCollector collectors.ControllerCollector GlobalConfigurationValidator *validation.GlobalConfigurationValidator TransportServerValidator *validation.TransportServerValidator SpireAgentAddress string }
NewLoadBalancerControllerInput holds the input needed to call NewLoadBalancerController.