model

package
v0.22.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 21, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package model contains common data structures between the controller and pomerium config reconciler

Index

Constants

View Source
const (
	// TLSCustomCASecret replaces https://pomerium.io/reference/#tls-custom-certificate-authority
	//nolint: gosec
	TLSCustomCASecret = "tls_custom_ca_secret"
	// TLSClientSecret replaces https://pomerium.io/reference/#tls-client-certificate
	//nolint: gosec
	TLSClientSecret = "tls_client_secret"
	// TLSDownstreamClientCASecret replaces https://pomerium.io/reference/#tls-downstream-client-certificate-authority
	TLSDownstreamClientCASecret = "tls_downstream_client_ca_secret"
	// TLSServerName is annotation to override TLS server name
	TLSServerName = "tls_server_name"
	// SecureUpstream indicate that service communication should happen over HTTPS
	SecureUpstream = "secure_upstream"
	// PathRegex indicates that paths of ImplementationSpecific type should be treated as regular expression
	PathRegex = "path_regex"
	// UseServiceProxy will use standard k8s service proxy as upstream, opposed to individual endpoints
	UseServiceProxy = "service_proxy_upstream"
	// TCPUpstream indicates this route is a TCP service https://www.pomerium.com/docs/tcp/
	TCPUpstream = "tcp_upstream"
	// KubernetesServiceAccountTokenSecret allows k8s service authentication via pomerium
	//nolint: gosec
	KubernetesServiceAccountTokenSecret = "kubernetes_service_account_token_secret"
	// KubernetesServiceAccountTokenSecretKey defines key within the secret that contains token
	KubernetesServiceAccountTokenSecretKey = "token"
	// SetRequestHeadersSecret defines a secret to copy request headers from
	SetRequestHeadersSecret = "set_request_headers_secret"
	// SetResponseHeadersSecret defines a secret to copy response headers from
	SetResponseHeadersSecret = "set_response_headers_secret"
	// StorageConnectionStringKey represents a secret that must be present in the Storage Secret
	StorageConnectionStringKey = "connection"
	// CAKey is certificate authority secret key
	CAKey = "ca.crt"
)

Variables

This section is empty.

Functions

func IsHTTP01Solver added in v0.17.2

func IsHTTP01Solver(ingress *networkingv1.Ingress) bool

IsHTTP01Solver checks if this ingress is marked by the cert-manager as ACME HTTP01 challenge solver, as it need be handled separately namely, publicly accessed and no TLS cert should be required

Types

type Config added in v0.18.0

type Config struct {
	// Settings define global settings parameters
	icsv1.Pomerium
	// Secrets are key secrets
	Secrets *corev1.Secret
	// CASecrets are ca secrets
	CASecrets []*corev1.Secret
	// Certs are fetched certs from settings.Certificates
	Certs map[types.NamespacedName]*corev1.Secret
	// RequestParams is a secret from Settings.IdentityProvider.RequestParams
	RequestParams *corev1.Secret
	// IdpSecret is Settings.IdentityProvider.Secret
	IdpSecret *corev1.Secret
	// IdpServiceAccount is Settings.IdentityProvider.ServiceAccountFromSecret
	IdpServiceAccount *corev1.Secret
	// StorageSecrets represent databroker storage settings
	StorageSecrets StorageSecrets
}

Config represents global configuration

type IngressConfig

type IngressConfig struct {
	AnnotationPrefix string
	*networkingv1.Ingress
	Endpoints map[types.NamespacedName]*corev1.Endpoints
	Secrets   map[types.NamespacedName]*corev1.Secret
	Services  map[types.NamespacedName]*corev1.Service
}

IngressConfig represents ingress and all other required resources

func (*IngressConfig) Clone

func (ic *IngressConfig) Clone() *IngressConfig

Clone creates a deep copy of the ingress config

func (*IngressConfig) GetIngressNamespacedName added in v0.17.2

func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName

GetIngressNamespacedName returns name of that ingress in a namespaced format

func (*IngressConfig) GetNamespacedName added in v0.17.2

func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName

GetNamespacedName returns namespaced name of a resource

func (*IngressConfig) GetServicePortByName

func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)

GetServicePortByName returns service named port

func (*IngressConfig) IsAnnotationSet added in v0.15.3

func (ic *IngressConfig) IsAnnotationSet(name string) bool

IsAnnotationSet checks if a boolean annotation is set to true

func (*IngressConfig) IsPathRegex added in v0.15.3

func (ic *IngressConfig) IsPathRegex() bool

IsPathRegex returns true if paths in the Ingress spec should be treated as regular expressions

func (*IngressConfig) IsSecureUpstream

func (ic *IngressConfig) IsSecureUpstream() bool

IsSecureUpstream returns true if upstream endpoints should be HTTPS

func (*IngressConfig) IsTCPUpstream added in v0.17.2

func (ic *IngressConfig) IsTCPUpstream() bool

IsTCPUpstream returns true is this route represents a TCP service https://www.pomerium.com/docs/tcp/

func (*IngressConfig) UseServiceProxy added in v0.16.1

func (ic *IngressConfig) UseServiceProxy() bool

UseServiceProxy disables use of endpoints and would use standard k8s service proxy instead

type Key

type Key struct {
	Kind string
	types.NamespacedName
}

Key is dependency key

func ObjectKey added in v0.18.0

func ObjectKey(obj client.Object, scheme *runtime.Scheme) Key

ObjectKey returns a registry key for a given kubernetes object the object must be properly initialized (GVK, name, namespace)

func (*Key) String added in v0.18.0

func (k *Key) String() string

type Registry

type Registry interface {
	// Add registers a dependency between x,y
	Add(x, y Key)
	// Deps returns list of dependencies given object key has
	Deps(x Key) []Key
	DepsOfKind(x Key, kind string) []Key
	// DeleteCascade deletes key x and also any dependent keys that do not have other dependencies
	DeleteCascade(x Key)
}

Registry is used to keep track of dependencies between kubernetes objects i.e. ingress depends on secret and service configurations no dependency subordination is tracked

func NewRegistry

func NewRegistry() Registry

NewRegistry creates an empty registry safe for concurrent use

type StorageSecrets added in v0.18.0

type StorageSecrets struct {
	// Secret contains storage connection string
	Secret *corev1.Secret
	// TLS contains optional
	TLS *corev1.Secret
	CA  *corev1.Secret
}

StorageSecrets is a convenience grouping of storage-related secrets

func (StorageSecrets) Validate added in v0.18.0

func (s StorageSecrets) Validate() error

Validate performs basic check of secrets

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL