inject

package
v0.0.0-...-062eff5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 12, 2018 License: Apache-2.0 Imports: 40 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultSidecarProxyUID     = uint64(1337)
	DefaultVerbosity           = 2
	DefaultImagePullPolicy     = "IfNotPresent"
	DefaultIncludeIPRanges     = "*"
	DefaultIncludeInboundPorts = "*"
)

Defaults values for injecting istio proxy into kubernetes resources.

View Source 
const (
	// ProxyContainerName is used by e2e integration tests for fetching logs
	ProxyContainerName = "istio-proxy"
)

Variables

This section is empty.

Functions

func GenerateTemplateFromParams 

func GenerateTemplateFromParams(params *Params) (string, error)

GenerateTemplateFromParams generates a sidecar template from the legacy injection parameters

func InitImageName 

func InitImageName(hub string, tag string, _ bool) string

InitImageName returns the fully qualified image name for the istio init image given a docker hub and tag and debug flag

func IntoResourceFile 

func IntoResourceFile(sidecarTemplate string, meshconfig *meshconfig.MeshConfig, in io.Reader, out io.Writer) error

IntoResourceFile injects the istio proxy into the specified kubernetes YAML file.

func ProxyImageName 

func ProxyImageName(hub string, tag string, debug bool) string

ProxyImageName returns the fully qualified image name for the istio proxy image given a docker hub and tag and whether to use debug or not.

func ValidateExcludeIPRanges 

func ValidateExcludeIPRanges(ipRanges string) error

ValidateExcludeIPRanges validates the excludeIPRanges parameter

func ValidateExcludeInboundPorts 

func ValidateExcludeInboundPorts(ports string) error

ValidateExcludeInboundPorts validates the excludeInboundPorts parameter

func ValidateIncludeIPRanges 

func ValidateIncludeIPRanges(ipRanges string) error

ValidateIncludeIPRanges validates the includeIPRanges parameter

func ValidateIncludeInboundPorts 

func ValidateIncludeInboundPorts(ports string) error

ValidateIncludeInboundPorts validates the includeInboundPorts parameter

func ValidateInterceptionMode 

func ValidateInterceptionMode(mode string) error

ValidateInterceptionMode validates the interceptionMode annotation

Types

type Config 

type Config struct {
	Policy InjectionPolicy `json:"policy"`

	// Template is the templated version of `SidecarInjectionSpec` prior to
	// expansion over the `SidecarTemplateData`.
	Template string `json:"template"`
}

Config specifies the sidecar injection configuration This includes the sidear template and cluster-side injection policy. It is used by kube-inject, sidecar injector, and http endpoint.

type InjectionPolicy 

type InjectionPolicy string

InjectionPolicy determines the policy for injecting the sidecar proxy into the watched namespace(s). 

const (
	// InjectionPolicyDisabled specifies that the sidecar injector
	// will not inject the sidecar into resources by default for the
	// namespace(s) being watched. Resources can enable injection
	// using the "sidecar.istio.io/inject" annotation with value of
	// true.
	InjectionPolicyDisabled InjectionPolicy = "disabled"

	// InjectionPolicyEnabled specifies that the sidecar injector will
	// inject the sidecar into resources by default for the
	// namespace(s) being watched. Resources can disable injection
	// using the "sidecar.istio.io/inject" annotation with value of
	// false.
	InjectionPolicyEnabled InjectionPolicy = "enabled"
)

type Params 

type Params struct {
	InitImage       string                 `json:"initImage"`
	ProxyImage      string                 `json:"proxyImage"`
	Verbosity       int                    `json:"verbosity"`
	SidecarProxyUID uint64                 `json:"sidecarProxyUID"`
	Version         string                 `json:"version"`
	EnableCoreDump  bool                   `json:"enableCoreDump"`
	DebugMode       bool                   `json:"debugMode"`
	Mesh            *meshconfig.MeshConfig `json:"-"`
	ImagePullPolicy string                 `json:"imagePullPolicy"`
	// Comma separated list of IP ranges in CIDR form. If set, only redirect outbound traffic to Envoy for these IP
	// ranges. All outbound traffic can be redirected with the wildcard character "*". Defaults to "*".
	IncludeIPRanges string `json:"includeIPRanges"`
	// Comma separated list of IP ranges in CIDR form. If set, outbound traffic will not be redirected for
	// these IP ranges. Exclusions are only applied if configured to redirect all outbound traffic. By default,
	// no IP ranges are excluded.
	ExcludeIPRanges string `json:"excludeIPRanges"`
	// Comma separated list of inbound ports for which traffic is to be redirected to Envoy. All ports can be
	// redirected with the wildcard character "*". Defaults to "*".
	IncludeInboundPorts string `json:"includeInboundPorts"`
	// Comma separated list of inbound ports. If set, inbound traffic will not be redirected for those ports.
	// Exclusions are only applied if configured to redirect all inbound traffic. By default, no ports are excluded.
	ExcludeInboundPorts string `json:"excludeInboundPorts"`
}

Params describes configurable parameters for injecting istio proxy into a kubernetes resource.

func (*Params) Validate 

func (p *Params) Validate() error

Validate validates the parameters and returns an error if there is configuration issue.

type SidecarInjectionSpec 

type SidecarInjectionSpec struct {
	InitContainers   []corev1.Container            `yaml:"initContainers"`
	Containers       []corev1.Container            `yaml:"containers"`
	Volumes          []corev1.Volume               `yaml:"volumes"`
	ImagePullSecrets []corev1.LocalObjectReference `yaml:"imagePullSecrets"`
}

SidecarInjectionSpec collects all container types and volumes for sidecar mesh injection

type SidecarInjectionStatus 

type SidecarInjectionStatus struct {
	Version          string   `json:"version"`
	InitContainers   []string `json:"initContainers"`
	Containers       []string `json:"containers"`
	Volumes          []string `json:"volumes"`
	ImagePullSecrets []string `json:"imagePullSecrets"`
}

SidecarInjectionStatus contains basic information about the injected sidecar. This includes the names of added containers and volumes.

type SidecarTemplateData 

type SidecarTemplateData struct {
	ObjectMeta  *metav1.ObjectMeta
	Spec        *corev1.PodSpec
	ProxyConfig *meshconfig.ProxyConfig
	MeshConfig  *meshconfig.MeshConfig
}

SidecarTemplateData is the data object to which the templated version of `SidecarInjectionSpec` is applied.

type Webhook 

type Webhook struct {
	// contains filtered or unexported fields
}

Webhook implements a mutating webhook for automatic proxy injection.

func NewWebhook 

func NewWebhook(p WebhookParameters) (*Webhook, error)

NewWebhook creates a new instance of a mutating webhook for automatic sidecar injection.

func (*Webhook) Run 

func (wh *Webhook) Run(stop <-chan struct{})

Run implements the webhook server

type WebhookParameters 

type WebhookParameters struct {
	// ConfigFile is the path to the sidecar injection configuration file.
	ConfigFile string

	// MeshFile is the path to the mesh configuration file.
	MeshFile string

	// CertFile is the path to the x509 certificate for https.
	CertFile string

	// KeyFile is the path to the x509 private key matching `CertFile`.
	KeyFile string

	// Port is the webhook port, e.g. typically 443 for https.
	Port int

	// HealthCheckInterval configures how frequently the health check
	// file is updated. Value of zero disables the health check
	// update.
	HealthCheckInterval time.Duration

	// HealthCheckFile specifies the path to the health check file
	// that is periodically updated.
	HealthCheckFile string
}

WebhookParameters configures parameters for the sidecar injection webhook.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.