pomerium

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2024 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Overview

Package pomerium implements logic to convert K8s objects into Pomerium configuration

Index

Constants

View Source
const (
	// IngressControllerConfigID is for Ingress-defined configuration
	IngressControllerConfigID = "ingress-controller"
	// GatewayControllerConfigID is for Gateway-defined configuration
	GatewayControllerConfigID = "gateway-controller"
	// SharedSettingsConfigID is for configuration derived from the Pomerium CRD
	SharedSettingsConfigID = "pomerium-crd"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type ConfigReconciler

type ConfigReconciler interface {
	// SetConfig updates just the shared config settings
	SetConfig(ctx context.Context, cfg *model.Config) (changes bool, err error)
}

ConfigReconciler only updates global parameters and does not deal with individual routes

type DataBrokerReconciler added in v0.18.0

type DataBrokerReconciler struct {
	ConfigID string
	databroker.DataBrokerServiceClient
	// DebugDumpConfigDiff dumps a diff between current and new config being applied
	DebugDumpConfigDiff bool
	// RemoveUnreferencedCerts would strip any certs not matched by any of the Routes SNI
	RemoveUnreferencedCerts bool
}

DataBrokerReconciler updates pomerium configuration only one DataBrokerReconciler should be active and its methods are not thread-safe

func (*DataBrokerReconciler) Delete added in v0.18.0

func (r *DataBrokerReconciler) Delete(ctx context.Context, namespacedName types.NamespacedName) (bool, error)

Delete should delete pomerium routes corresponding to this ingress name

func (*DataBrokerReconciler) DeleteAll added in v0.18.0

func (r *DataBrokerReconciler) DeleteAll(ctx context.Context) error

DeleteAll cleans pomerium configuration entirely

func (*DataBrokerReconciler) Set added in v0.18.0

Set merges existing config with the one generated for ingress

func (*DataBrokerReconciler) SetConfig added in v0.18.0

func (r *DataBrokerReconciler) SetConfig(ctx context.Context, cfg *model.Config) (changes bool, err error)

SetConfig updates just the shared config settings

func (*DataBrokerReconciler) SetGatewayConfig added in v0.28.0

func (r *DataBrokerReconciler) SetGatewayConfig(
	ctx context.Context,
	config *model.GatewayConfig,
) (changes bool, err error)

SetGatewayConfig applies Gateway-defined configuration.

func (*DataBrokerReconciler) Upsert added in v0.18.0

Upsert should update or create the pomerium routes corresponding to this ingress

type GatewayReconciler added in v0.28.0

type GatewayReconciler interface {
	// GatewaySetConfig updates the entire Gateway-defined route configuration.
	SetGatewayConfig(ctx context.Context, config *model.GatewayConfig) (changes bool, err error)
}

GatewayReconciler updates Pomerium configuration based on Gateway-defined resources.

type IngressReconciler added in v0.18.0

type IngressReconciler interface {
	// Upsert should update or create the pomerium routes corresponding to this ingress
	Upsert(ctx context.Context, ic *model.IngressConfig) (changes bool, err error)
	// Set configuration to match provided ingresses and shared config settings
	Set(ctx context.Context, ics []*model.IngressConfig) (changes bool, err error)
	// Delete should delete pomerium routes corresponding to this ingress name
	Delete(ctx context.Context, namespacedName types.NamespacedName) (changes bool, err error)
}

IngressReconciler updates pomerium configuration based on provided network resources it is not expected to be thread safe

Directories

Path Synopsis
Package ctrl converts Settings CRD into a bootstrap config
Package ctrl converts Settings CRD into a bootstrap config
Package envoy contains functions for working with an embedded envoy binary.
Package envoy contains functions for working with an embedded envoy binary.
Package gateway contains logic for converting Gateway API configuration into Pomerium configuration.
Package gateway contains logic for converting Gateway API configuration into Pomerium configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL