Documentation
¶
Overview ¶
Package model contains common data structures between the controller and pomerium config reconciler
Index ¶
- Constants
- func IsHTTP01Solver(ingress *networkingv1.Ingress) bool
- type IngressConfig
- func (ic *IngressConfig) Clone() *IngressConfig
- func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName
- func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName
- func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)
- func (ic *IngressConfig) IsAnnotationSet(name string) bool
- func (ic *IngressConfig) IsPathRegex() bool
- func (ic *IngressConfig) IsSecureUpstream() bool
- func (ic *IngressConfig) IsTCPUpstream() bool
- func (ic *IngressConfig) ParseTLSCerts() ([]*TLSCert, error)
- func (ic *IngressConfig) UseServiceProxy() bool
- type Key
- type Registry
- type TLSCert
Constants ¶
const ( // TLSCustomCASecret replaces https://pomerium.io/reference/#tls-custom-certificate-authority // nolint: gosec TLSCustomCASecret = "tls_custom_ca_secret" // TLSClientSecret replaces https://pomerium.io/reference/#tls-client-certificate // nolint: gosec TLSClientSecret = "tls_client_secret" // TLSDownstreamClientCASecret replaces https://pomerium.io/reference/#tls-downstream-client-certificate-authority TLSDownstreamClientCASecret = "tls_downstream_client_ca_secret" // TLSServerName is annotation to override TLS server name TLSServerName = "tls_server_name" // SecureUpstream indicate that service communication should happen over HTTPS SecureUpstream = "secure_upstream" // PathRegex indicates that paths of ImplementationSpecific type should be treated as regular expression PathRegex = "path_regex" // UseServiceProxy will use standard k8s service proxy as upstream, opposed to individual endpoints UseServiceProxy = "service_proxy_upstream" // TCPUpstream indicates this route is a TCP service https://www.pomerium.com/docs/tcp/ TCPUpstream = "tcp_upstream" // KubernetesServiceAccountTokenSecret allows k8s service authentication via pomerium // nolint: gosec KubernetesServiceAccountTokenSecret = "kubernetes_service_account_token_secret" // KubernetesServiceAccountTokenSecretKey defines key within the secret that contains token KubernetesServiceAccountTokenSecretKey = "token" // SetRequestHeadersSecret defines a secret to copy request headers from SetRequestHeadersSecret = "set_request_headers_secret" // SetResponseHeadersSecret defines a secret to copy response headers from SetResponseHeadersSecret = "set_response_headers_secret" )
Variables ¶
This section is empty.
Functions ¶
func IsHTTP01Solver ¶ added in v0.17.2
func IsHTTP01Solver(ingress *networkingv1.Ingress) bool
IsHTTP01Solver checks if this ingress is marked by the cert-manager as ACME HTTP01 challenge solver, as it need be handled separately namely, publicly accessed and no TLS cert should be required
Types ¶
type IngressConfig ¶
type IngressConfig struct {
AnnotationPrefix string
*networkingv1.Ingress
Endpoints map[types.NamespacedName]*corev1.Endpoints
Secrets map[types.NamespacedName]*corev1.Secret
Services map[types.NamespacedName]*corev1.Service
}
IngressConfig represents ingress and all other required resources
func (*IngressConfig) Clone ¶
func (ic *IngressConfig) Clone() *IngressConfig
Clone creates a deep copy of the ingress config
func (*IngressConfig) GetIngressNamespacedName ¶ added in v0.17.2
func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName
GetIngressNamespacedName returns name of that ingress in a namespaced format
func (*IngressConfig) GetNamespacedName ¶ added in v0.17.2
func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName
GetNamespacedName returns namespaced name of a resource
func (*IngressConfig) GetServicePortByName ¶
func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)
GetServicePortByName returns service named port
func (*IngressConfig) IsAnnotationSet ¶ added in v0.15.3
func (ic *IngressConfig) IsAnnotationSet(name string) bool
IsAnnotationSet checks if a boolean annotation is set to true
func (*IngressConfig) IsPathRegex ¶ added in v0.15.3
func (ic *IngressConfig) IsPathRegex() bool
IsPathRegex returns true if paths in the Ingress spec should be treated as regular expressions
func (*IngressConfig) IsSecureUpstream ¶
func (ic *IngressConfig) IsSecureUpstream() bool
IsSecureUpstream returns true if upstream endpoints should be HTTPS
func (*IngressConfig) IsTCPUpstream ¶ added in v0.17.2
func (ic *IngressConfig) IsTCPUpstream() bool
IsTCPUpstream returns true is this route represents a TCP service https://www.pomerium.com/docs/tcp/
func (*IngressConfig) ParseTLSCerts ¶
func (ic *IngressConfig) ParseTLSCerts() ([]*TLSCert, error)
ParseTLSCerts decodes K8s TLS secret
func (*IngressConfig) UseServiceProxy ¶ added in v0.16.1
func (ic *IngressConfig) UseServiceProxy() bool
UseServiceProxy disables use of endpoints and would use standard k8s service proxy instead
type Registry ¶
type Registry interface {
// Add registers a dependency between x,y
Add(x, y Key)
// Deps returns list of dependencies given object key has
Deps(x Key) []Key
DepsOfKind(x Key, kind string) []Key
// DeleteCascade deletes key x and also any dependent keys that do not have other dependencies
DeleteCascade(x Key)
}
Registry is used to keep track of dependencies between kubernetes objects i.e. ingress depends on secret and service configurations no dependency subordination is tracked
func NewRegistry ¶
func NewRegistry() Registry
NewRegistry creates an empty registry safe for concurrent use
Source Files