Documentation ¶
Overview ¶
Package dag provides a data model, in the form of a directed acyclic graph, of the relationship between Kubernetes Ingress, Service, and Secret objects.
Index ¶
- Constants
- func MinProtoVersion(version string) envoy_api_v2_auth.TlsParameters_TlsProtocol
- type Builder
- type Cluster
- type Condition
- type DAG
- type HTTPHealthCheckPolicy
- type HeaderCondition
- type HeaderValue
- type HeadersPolicy
- type KubernetesCache
- type Listener
- type Meta
- type MirrorPolicy
- type Object
- type ObjectStatusWriter
- type PrefixCondition
- type RegexCondition
- type RetryPolicy
- type Route
- type Secret
- type SecureVirtualHost
- type Service
- type Status
- type StatusWriter
- type TCPHealthCheckPolicy
- type TCPProxy
- type TimeoutPolicy
- type UpstreamValidation
- type Vertex
- type VirtualHost
- type Visitable
Constants ¶
const CACertificateKey = "ca.crt"
CaCertificateKey is the key name for accessing TLS CA certificate bundles in Kubernetes Secrets.
const DEFAULT_INGRESS_CLASS = "contour"
Variables ¶
This section is empty.
Functions ¶
func MinProtoVersion ¶ added in v1.0.0
func MinProtoVersion(version string) envoy_api_v2_auth.TlsParameters_TlsProtocol
MinProtoVersion returns the TLS protocol version specified by an ingress annotation or default if non present.
Types ¶
type Builder ¶
type Builder struct { // Source is the source of Kuberenetes objects // from which to build a DAG. Source KubernetesCache // DisablePermitInsecure disables the use of the // permitInsecure field in IngressRoute. DisablePermitInsecure bool StatusWriter // contains filtered or unexported fields }
Builder builds a DAG.
type Cluster ¶ added in v1.0.0
type Cluster struct { // Upstream is the backend Kubernetes service traffic arriving // at this Cluster will be forwarded too. Upstream *Service // The relative weight of this Cluster compared to its siblings. Weight uint32 // The protocol to use to speak to this cluster. Protocol string // UpstreamValidation defines how to verify the backend service's certificate UpstreamValidation *UpstreamValidation // The load balancer type to use when picking a host in the cluster. // See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/cds.proto#envoy-api-enum-cluster-lbpolicy LoadBalancerPolicy string // Cluster http health check policy *HTTPHealthCheckPolicy // Cluster tcp health check policy *TCPHealthCheckPolicy // RequestHeadersPolicy defines how headers are managed during forwarding RequestHeadersPolicy *HeadersPolicy // ResponseHeadersPolicy defines how headers are managed during forwarding ResponseHeadersPolicy *HeadersPolicy }
Cluster holds the connetion specific parameters that apply to traffic routed to an upstream service.
type DAG ¶
type DAG struct {
// contains filtered or unexported fields
}
A DAG represents a directed acylic graph of objects representing the relationship between Kubernetes Ingress objects, the backend Services, and Secret objects. The DAG models these relationships as Roots and Vertices.
type HTTPHealthCheckPolicy ¶ added in v1.2.0
type HTTPHealthCheckPolicy struct { Path string Host string Interval time.Duration Timeout time.Duration UnhealthyThreshold uint32 HealthyThreshold uint32 }
Cluster http health check policy
type HeaderCondition ¶ added in v1.0.0
func (*HeaderCondition) String ¶ added in v1.0.0
func (hc *HeaderCondition) String() string
type HeaderValue ¶ added in v1.1.0
type HeadersPolicy ¶ added in v1.1.0
type HeadersPolicy struct { // HostRewrite defines if a host should be rewritten on upstream requests HostRewrite string Set map[string]string Remove []string }
HeadersPolicy defines how headers are managed during forwarding
type KubernetesCache ¶
type KubernetesCache struct { // RootNamespaces specifies the namespaces where root // IngressRoutes can be defined. If empty, roots can be defined in any // namespace. RootNamespaces []string // Contour's IngressClass. // If not set, defaults to DEFAULT_INGRESS_CLASS. IngressClass string logrus.FieldLogger // contains filtered or unexported fields }
A KubernetesCache holds Kubernetes objects and associated configuration and produces DAG values.
func (*KubernetesCache) Insert ¶
func (kc *KubernetesCache) Insert(obj interface{}) bool
Insert inserts obj into the KubernetesCache. Insert returns true if the cache accepted the object, or false if the value is not interesting to the cache. If an object with a matching type, name, and namespace exists, it will be overwritten.
func (*KubernetesCache) Remove ¶
func (kc *KubernetesCache) Remove(obj interface{}) bool
Remove removes obj from the KubernetesCache. Remove returns a boolean indicating if the cache changed after the remove operation.
type Listener ¶ added in v0.10.0
type Listener struct { // Address is the TCP address to listen on. // If blank 0.0.0.0, or ::/0 for IPv6, is assumed. Address string // Port is the TCP port to listen on. Port int VirtualHosts []Vertex }
A Listener represents a TCP socket that accepts incoming connections.
type Meta ¶ added in v1.0.0
type Meta struct {
// contains filtered or unexported fields
}
Meta holds the name and namespace of a Kubernetes object.
type MirrorPolicy ¶ added in v1.0.0
type MirrorPolicy struct {
Cluster *Cluster
}
MirrorPolicy defines the mirroring policy for a route.
type Object ¶ added in v1.0.0
type Object interface { metav1.ObjectMetaAccessor }
type ObjectStatusWriter ¶ added in v1.0.0
type ObjectStatusWriter struct {
// contains filtered or unexported fields
}
func (*ObjectStatusWriter) SetInvalid ¶ added in v1.0.0
func (osw *ObjectStatusWriter) SetInvalid(format string, args ...interface{})
func (*ObjectStatusWriter) SetValid ¶ added in v1.0.0
func (osw *ObjectStatusWriter) SetValid()
func (*ObjectStatusWriter) WithObject ¶ added in v1.0.0
func (osw *ObjectStatusWriter) WithObject(obj Object) (_ *ObjectStatusWriter, commit func())
WithObject returns a new ObjectStatusWriter with a copy of the current ObjectStatusWriter's values, including its status if set. This is convenient if the object shares a relationship with its parent. The caller should arrange for the commit function to be called to write the final status of the object.
func (*ObjectStatusWriter) WithValue ¶ added in v1.0.0
func (osw *ObjectStatusWriter) WithValue(key, val string) *ObjectStatusWriter
type PrefixCondition ¶ added in v1.0.0
type PrefixCondition struct {
Prefix string
}
PrefixCondition matches the start of a URL.
func (*PrefixCondition) String ¶ added in v1.0.0
func (pc *PrefixCondition) String() string
type RegexCondition ¶ added in v1.0.0
type RegexCondition struct {
Regex string
}
RegexCondition matches the URL by regular expression.
func (*RegexCondition) String ¶ added in v1.0.0
func (rc *RegexCondition) String() string
type RetryPolicy ¶ added in v1.0.0
type RetryPolicy struct { // RetryOn specifies the conditions under which retry takes place. // If empty, retries will not be performed. RetryOn string // NumRetries specifies the allowed number of retries. // Ignored if RetryOn is blank, or defaults to 1 if RetryOn is set. NumRetries uint32 // PerTryTimeout specifies the timeout per retry attempt. // Ignored if RetryOn is blank. PerTryTimeout time.Duration }
RetryPolicy defines the retry / number / timeout options
type Route ¶
type Route struct { // PathCondition specifies a Condition to match on the request path. // Must not be nil. PathCondition Condition // HeaderConditions specifies a set of additional Conditions to // match on the request headers. HeaderConditions []HeaderCondition Clusters []*Cluster // Should this route generate a 301 upgrade if accessed // over HTTP? HTTPSUpgrade bool // Is this a websocket route? // TODO(dfc) this should go on the service Websocket bool // TimeoutPolicy defines the timeout request/idle TimeoutPolicy *TimeoutPolicy // RetryPolicy defines the retry / number / timeout options for a route RetryPolicy *RetryPolicy // Indicates that during forwarding, the matched prefix (or path) should be swapped with this value PrefixRewrite string // Mirror Policy defines the mirroring policy for this Route. MirrorPolicy *MirrorPolicy // RequestHeadersPolicy defines how headers are managed during forwarding RequestHeadersPolicy *HeadersPolicy // ResponseHeadersPolicy defines how headers are managed during forwarding ResponseHeadersPolicy *HeadersPolicy }
Route defines the properties of a route to a Cluster.
func (*Route) HasPathPrefix ¶ added in v1.1.0
HasPathPrefix returns whether this route has a PrefixPathCondition.
func (*Route) HasPathRegex ¶ added in v1.1.0
HasPathRegex returns whether this route has a RegexPathCondition.
type Secret ¶
Secret represents a K8s Secret for TLS usage as a DAG Vertex. A Secret is a leaf in the DAG.
func (*Secret) PrivateKey ¶ added in v1.0.0
PrivateKey returns the secret's tls private key
type SecureVirtualHost ¶
type SecureVirtualHost struct { VirtualHost // TLS minimum protocol version. Defaults to envoy_api_v2_auth.TlsParameters_TLS_AUTO MinProtoVersion envoy_api_v2_auth.TlsParameters_TlsProtocol // The cert and key for this host. Secret *Secret // Service to TCP proxy all incoming connections. *TCPProxy }
A SecureVirtualHost represents a HTTP host protected by TLS.
func (*SecureVirtualHost) Valid ¶ added in v1.0.0
func (s *SecureVirtualHost) Valid() bool
func (*SecureVirtualHost) Visit ¶
func (s *SecureVirtualHost) Visit(f func(Vertex))
type Service ¶
type Service struct {
Name, Namespace string
*v1.ServicePort
// Protocol is the layer 7 protocol of this service
// One of "", "h2", "h2c", or "tls".
Protocol string
// Max connections is maximum number of connections
// that Envoy will make to the upstream cluster.
MaxConnections uint32
// MaxPendingRequests is maximum number of pending
// requests that Envoy will allow to the upstream cluster.
MaxPendingRequests uint32
// MaxRequests is the maximum number of parallel requests that
// Envoy will make to the upstream cluster.
MaxRequests uint32
// MaxRetries is the maximum number of parallel retries that
// Envoy will allow to the upstream cluster.
MaxRetries uint32
// ExternalName is an optional field referencing a dns entry for Service type "ExternalName"
ExternalName string
}
Service represents a single Kubernetes' Service's Port.
type StatusWriter ¶ added in v1.0.0
type StatusWriter struct {
// contains filtered or unexported fields
}
func (*StatusWriter) WithObject ¶ added in v1.0.0
func (sw *StatusWriter) WithObject(obj Object) (_ *ObjectStatusWriter, commit func())
WithObject returns an ObjectStatusWriter that can be used to set the state of the Object. The state can be set as many times as necessary. The state of the object can be made permanent by calling the commit function returned from WithObject. The caller should pass the ObjectStatusWriter to functions interested in writing status, but keep the commit function for itself. The commit function should be either called via a defer, or directly if statuses are being set in a loop (as defers will not fire until the end of the function).
type TCPHealthCheckPolicy ¶ added in v1.2.0
type TCPHealthCheckPolicy struct { Interval time.Duration Timeout time.Duration UnhealthyThreshold uint32 HealthyThreshold uint32 }
Cluster tcp health check policy
type TCPProxy ¶ added in v0.8.0
type TCPProxy struct { // Clusters is the, possibly weighted, set // of upstream services to forward decrypted traffic. Clusters []*Cluster }
TCPProxy represents a cluster of TCP endpoints.
type TimeoutPolicy ¶ added in v1.0.0
type TimeoutPolicy struct { // ResponseTimeout is the timeout applied to the response // from the backend server. // A timeout of zero implies "use envoy's default" // A timeout of -1 represents "infinity" ResponseTimeout time.Duration // IdleTimeout is the timeout applied to idle connections. IdleTimeout time.Duration }
TimeoutPolicy defines the timeout policy for a route.
type UpstreamValidation ¶ added in v1.0.0
type UpstreamValidation struct { // CACertificate holds a reference to the Secret containing the CA to be used to // verify the upstream connection. CACertificate *Secret // SubjectName holds an optional subject name which Envoy will check against the // certificate presented by the upstream. SubjectName string }
UpstreamValidation defines how to validate the certificate on the upstream service
type VirtualHost ¶
type VirtualHost struct { // Name is the fully qualified domain name of a network host, // as defined by RFC 3986. Name string // contains filtered or unexported fields }
A VirtualHost represents a named L4/L7 service.
func (*VirtualHost) Valid ¶ added in v1.0.0
func (v *VirtualHost) Valid() bool
func (*VirtualHost) Visit ¶
func (v *VirtualHost) Visit(f func(Vertex))