Documentation ¶
Overview ¶
Package model contains common data structures between the controller and pomerium config reconciler
Index ¶
- Constants
- func IsHTTP01Solver(ingress *networkingv1.Ingress) bool
- type Config
- type IngressConfig
- func (ic *IngressConfig) Clone() *IngressConfig
- func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName
- func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName
- func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)
- func (ic *IngressConfig) IsAnnotationSet(name string) bool
- func (ic *IngressConfig) IsPathRegex() bool
- func (ic *IngressConfig) IsSecureUpstream() bool
- func (ic *IngressConfig) IsTCPUpstream() bool
- func (ic *IngressConfig) UseServiceProxy() bool
- type Key
- type Registry
- type StorageSecrets
Constants ¶
const ( // TLSCustomCASecret replaces https://pomerium.io/reference/#tls-custom-certificate-authority //nolint: gosec TLSCustomCASecret = "tls_custom_ca_secret" // TLSClientSecret replaces https://pomerium.io/reference/#tls-client-certificate //nolint: gosec TLSClientSecret = "tls_client_secret" // TLSDownstreamClientCASecret replaces https://pomerium.io/reference/#tls-downstream-client-certificate-authority TLSDownstreamClientCASecret = "tls_downstream_client_ca_secret" // TLSServerName is annotation to override TLS server name TLSServerName = "tls_server_name" // SecureUpstream indicate that service communication should happen over HTTPS SecureUpstream = "secure_upstream" // PathRegex indicates that paths of ImplementationSpecific type should be treated as regular expression PathRegex = "path_regex" // UseServiceProxy will use standard k8s service proxy as upstream, opposed to individual endpoints UseServiceProxy = "service_proxy_upstream" // TCPUpstream indicates this route is a TCP service https://www.pomerium.com/docs/tcp/ TCPUpstream = "tcp_upstream" // KubernetesServiceAccountTokenSecret allows k8s service authentication via pomerium //nolint: gosec KubernetesServiceAccountTokenSecret = "kubernetes_service_account_token_secret" // KubernetesServiceAccountTokenSecretKey defines key within the secret that contains token KubernetesServiceAccountTokenSecretKey = "token" // SetRequestHeadersSecret defines a secret to copy request headers from SetRequestHeadersSecret = "set_request_headers_secret" // SetResponseHeadersSecret defines a secret to copy response headers from SetResponseHeadersSecret = "set_response_headers_secret" // StorageConnectionStringKey represents a secret that must be present in the Storage Secret StorageConnectionStringKey = "connection" // CAKey is certificate authority secret key CAKey = "ca.crt" )
Variables ¶
This section is empty.
Functions ¶
func IsHTTP01Solver ¶ added in v0.17.2
func IsHTTP01Solver(ingress *networkingv1.Ingress) bool
IsHTTP01Solver checks if this ingress is marked by the cert-manager as ACME HTTP01 challenge solver, as it need be handled separately namely, publicly accessed and no TLS cert should be required
Types ¶
type Config ¶ added in v0.18.0
type Config struct { // Settings define global settings parameters icsv1.Pomerium // Secrets are key secrets Secrets *corev1.Secret // CASecrets are ca secrets CASecrets []*corev1.Secret // Certs are fetched certs from settings.Certificates Certs map[types.NamespacedName]*corev1.Secret // RequestParams is a secret from Settings.IdentityProvider.RequestParams RequestParams *corev1.Secret // IdpSecret is Settings.IdentityProvider.Secret IdpSecret *corev1.Secret // IdpServiceAccount is Settings.IdentityProvider.ServiceAccountFromSecret IdpServiceAccount *corev1.Secret // StorageSecrets represent databroker storage settings StorageSecrets StorageSecrets }
Config represents global configuration
type IngressConfig ¶
type IngressConfig struct { AnnotationPrefix string *networkingv1.Ingress Endpoints map[types.NamespacedName]*corev1.Endpoints Secrets map[types.NamespacedName]*corev1.Secret Services map[types.NamespacedName]*corev1.Service }
IngressConfig represents ingress and all other required resources
func (*IngressConfig) Clone ¶
func (ic *IngressConfig) Clone() *IngressConfig
Clone creates a deep copy of the ingress config
func (*IngressConfig) GetIngressNamespacedName ¶ added in v0.17.2
func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName
GetIngressNamespacedName returns name of that ingress in a namespaced format
func (*IngressConfig) GetNamespacedName ¶ added in v0.17.2
func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName
GetNamespacedName returns namespaced name of a resource
func (*IngressConfig) GetServicePortByName ¶
func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)
GetServicePortByName returns service named port
func (*IngressConfig) IsAnnotationSet ¶ added in v0.15.3
func (ic *IngressConfig) IsAnnotationSet(name string) bool
IsAnnotationSet checks if a boolean annotation is set to true
func (*IngressConfig) IsPathRegex ¶ added in v0.15.3
func (ic *IngressConfig) IsPathRegex() bool
IsPathRegex returns true if paths in the Ingress spec should be treated as regular expressions
func (*IngressConfig) IsSecureUpstream ¶
func (ic *IngressConfig) IsSecureUpstream() bool
IsSecureUpstream returns true if upstream endpoints should be HTTPS
func (*IngressConfig) IsTCPUpstream ¶ added in v0.17.2
func (ic *IngressConfig) IsTCPUpstream() bool
IsTCPUpstream returns true is this route represents a TCP service https://www.pomerium.com/docs/tcp/
func (*IngressConfig) UseServiceProxy ¶ added in v0.16.1
func (ic *IngressConfig) UseServiceProxy() bool
UseServiceProxy disables use of endpoints and would use standard k8s service proxy instead
type Key ¶
type Key struct { Kind string types.NamespacedName }
Key is dependency key
type Registry ¶
type Registry interface { // Add registers a dependency between x,y Add(x, y Key) // Deps returns list of dependencies given object key has Deps(x Key) []Key DepsOfKind(x Key, kind string) []Key // DeleteCascade deletes key x and also any dependent keys that do not have other dependencies DeleteCascade(x Key) }
Registry is used to keep track of dependencies between kubernetes objects i.e. ingress depends on secret and service configurations no dependency subordination is tracked
func NewRegistry ¶
func NewRegistry() Registry
NewRegistry creates an empty registry safe for concurrent use
type StorageSecrets ¶ added in v0.18.0
type StorageSecrets struct { // Secret contains storage connection string Secret *corev1.Secret // TLS contains optional TLS *corev1.Secret CA *corev1.Secret }
StorageSecrets is a convenience grouping of storage-related secrets
func (StorageSecrets) Validate ¶ added in v0.18.0
func (s StorageSecrets) Validate() error
Validate performs basic check of secrets