model

package

v0.27.0 Latest Latest Go to latest Published: Sep 10, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/pomerium/ingress-controller

Links

Open Source Insights

Documentation ¶

Overview ¶

Package model contains common data structures between the controller and pomerium config reconciler

Index ¶

Constants
func IsHTTP01Solver(ingress *networkingv1.Ingress) bool
type Config
type IngressConfig
type Key
- func ObjectKey(obj client.Object, scheme *runtime.Scheme) Key
- func (k *Key) String() string
type Registry
- func NewRegistry() Registry
type StorageSecrets
- func (s StorageSecrets) Validate() error

Constants ¶

View Source

const (
	// TLSCustomCASecret replaces https://pomerium.io/reference/#tls-custom-certificate-authority
	//nolint: gosec
	TLSCustomCASecret = "tls_custom_ca_secret"
	// TLSClientSecret replaces https://pomerium.io/reference/#tls-client-certificate
	//nolint: gosec
	TLSClientSecret = "tls_client_secret"
	// TLSDownstreamClientCASecret replaces https://pomerium.io/reference/#tls-downstream-client-certificate-authority
	TLSDownstreamClientCASecret = "tls_downstream_client_ca_secret"
	// TLSServerName is annotation to override TLS server name
	TLSServerName = "tls_server_name"
	// SecureUpstream indicate that service communication should happen over HTTPS
	SecureUpstream = "secure_upstream"
	// PathRegex indicates that paths of ImplementationSpecific type should be treated as regular expression
	PathRegex = "path_regex"
	// UseServiceProxy will use standard k8s service proxy as upstream, opposed to individual endpoints
	UseServiceProxy = "service_proxy_upstream"
	// TCPUpstream indicates this route is a TCP service https://www.pomerium.com/docs/tcp/
	TCPUpstream = "tcp_upstream"
	// SubtleAllowEmptyHost is a required annotation when creating an ingress containing
	// rules with an empty (catch-all) host, as it can cause unexpected behavior
	SubtleAllowEmptyHost = "subtle_allow_empty_host"
	// KubernetesServiceAccountTokenSecret allows k8s service authentication via pomerium
	//nolint: gosec
	KubernetesServiceAccountTokenSecret = "kubernetes_service_account_token_secret"
	// KubernetesServiceAccountTokenSecretKey defines key within the secret that contains token
	KubernetesServiceAccountTokenSecretKey = "token"
	// SetRequestHeadersSecret defines a secret to copy request headers from
	SetRequestHeadersSecret = "set_request_headers_secret"
	// SetResponseHeadersSecret defines a secret to copy response headers from
	SetResponseHeadersSecret = "set_response_headers_secret"
	// StorageConnectionStringKey represents a secret that must be present in the Storage Secret
	StorageConnectionStringKey = "connection"
	// CAKey is certificate authority secret key
	CAKey = "ca.crt"
)

Variables ¶

This section is empty.

Functions ¶

func IsHTTP01Solver ¶ added in v0.17.2

func IsHTTP01Solver(ingress *networkingv1.Ingress) bool

IsHTTP01Solver checks if this ingress is marked by the cert-manager as ACME HTTP01 challenge solver, as it need be handled separately namely, publicly accessed and no TLS cert should be required

Types ¶

type Config ¶ added in v0.18.0

type Config struct {
	// Settings define global settings parameters
	icsv1.Pomerium
	// Secrets are key secrets
	Secrets *corev1.Secret
	// CASecrets are ca secrets
	CASecrets []*corev1.Secret
	// Certs are fetched certs from settings.Certificates
	Certs map[types.NamespacedName]*corev1.Secret
	// RequestParams is a secret from Settings.IdentityProvider.RequestParams
	RequestParams *corev1.Secret
	// IdpSecret is Settings.IdentityProvider.Secret
	IdpSecret *corev1.Secret
	// IdpServiceAccount is Settings.IdentityProvider.ServiceAccountFromSecret
	IdpServiceAccount *corev1.Secret
	// StorageSecrets represent databroker storage settings
	StorageSecrets StorageSecrets
}

Config represents global configuration

type IngressConfig ¶

type IngressConfig struct {
	AnnotationPrefix string
	*networkingv1.Ingress
	Endpoints map[types.NamespacedName]*corev1.Endpoints
	Secrets   map[types.NamespacedName]*corev1.Secret
	Services  map[types.NamespacedName]*corev1.Service
}

IngressConfig represents ingress and all other required resources

func (*IngressConfig) Clone ¶

func (ic *IngressConfig) Clone() *IngressConfig

Clone creates a deep copy of the ingress config

func (*IngressConfig) GetIngressNamespacedName ¶ added in v0.17.2

func (ic *IngressConfig) GetIngressNamespacedName() types.NamespacedName

GetIngressNamespacedName returns name of that ingress in a namespaced format

func (*IngressConfig) GetNamespacedName ¶ added in v0.17.2

func (ic *IngressConfig) GetNamespacedName(name string) types.NamespacedName

GetNamespacedName returns namespaced name of a resource

func (*IngressConfig) GetServicePortByName ¶

func (ic *IngressConfig) GetServicePortByName(name types.NamespacedName, port string) (int32, error)

GetServicePortByName returns service named port

func (*IngressConfig) IsAnnotationSet ¶ added in v0.15.3

func (ic *IngressConfig) IsAnnotationSet(name string) bool

IsAnnotationSet checks if a boolean annotation is set to true

func (*IngressConfig) IsPathRegex ¶ added in v0.15.3

func (ic *IngressConfig) IsPathRegex() bool

IsPathRegex returns true if paths in the Ingress spec should be treated as regular expressions

func (*IngressConfig) IsSecureUpstream ¶

func (ic *IngressConfig) IsSecureUpstream() bool

IsSecureUpstream returns true if upstream endpoints should be HTTPS

func (*IngressConfig) IsTCPUpstream ¶ added in v0.17.2

func (ic *IngressConfig) IsTCPUpstream() bool

IsTCPUpstream returns true is this route represents a TCP service https://www.pomerium.com/docs/tcp/

func (*IngressConfig) UseServiceProxy ¶ added in v0.16.1

func (ic *IngressConfig) UseServiceProxy() bool

UseServiceProxy disables use of endpoints and would use standard k8s service proxy instead

type Key ¶

type Key struct {
	Kind string
	types.NamespacedName
}

Key is dependency key

func ObjectKey ¶ added in v0.18.0

func ObjectKey(obj client.Object, scheme *runtime.Scheme) Key

ObjectKey returns a registry key for a given kubernetes object the object must be properly initialized (GVK, name, namespace)

func (*Key) String ¶ added in v0.18.0

func (k *Key) String() string

type Registry ¶

type Registry interface {
	// Add registers a dependency between x,y
	Add(x, y Key)
	// Deps returns list of dependencies given object key has
	Deps(x Key) []Key
	DepsOfKind(x Key, kind string) []Key
	// DeleteCascade deletes key x and also any dependent keys that do not have other dependencies
	DeleteCascade(x Key)
}

Registry is used to keep track of dependencies between kubernetes objects i.e. ingress depends on secret and service configurations no dependency subordination is tracked

func NewRegistry ¶

func NewRegistry() Registry

NewRegistry creates an empty registry safe for concurrent use

type StorageSecrets ¶ added in v0.18.0

type StorageSecrets struct {
	// Secret contains storage connection string
	Secret *corev1.Secret
	// TLS contains optional
	TLS *corev1.Secret
	CA  *corev1.Secret
}

StorageSecrets is a convenience grouping of storage-related secrets

func (StorageSecrets) Validate ¶ added in v0.18.0

func (s StorageSecrets) Validate() error

Validate performs basic check of secrets

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL