agentconfig

package
v2.20.0-pro.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 6, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ConfigMap is the name of the ConfigMap that contains the agent configs.
	ConfigMap = "telepresence-agents"

	ContainerName            = "traffic-agent"
	InitContainerName        = "tel-agent-init"
	AnnotationVolumeName     = "traffic-annotations"
	AnnotationMountPoint     = "/tel_pod_info"
	ConfigVolumeName         = "traffic-config"
	ConfigMountPoint         = "/etc/traffic-agent"
	TerminatingTLSVolumeName = "traffic-terminating-tls"
	TerminatingTLSMountPoint = "/terminating_tls"
	OriginatingTLSVolumeName = "traffic-originating-tls"
	OriginatingTLSMountPoint = "/originating_tls"
	ConfigFile               = "config.yaml"
	MountPrefixApp           = "/tel_app_mounts"
	ExportsVolumeName        = "export-volume"
	ExportsMountPoint        = "/tel_app_exports"
	TempVolumeName           = "tel-agent-tmp"
	TempMountPoint           = "/tmp"
	EnvPrefix                = "_TEL_"
	EnvPrefixAgent           = EnvPrefix + "AGENT_"
	EnvPrefixApp             = EnvPrefix + "APP_"

	// EnvInterceptContainer intercepted container propagated to client during intercept.
	EnvInterceptContainer = "TELEPRESENCE_CONTAINER"

	// EnvInterceptMounts mount points propagated to client during intercept.
	EnvInterceptMounts = "TELEPRESENCE_MOUNTS"

	// EnvAPIPort is the port number of the Telepresence API server, when it is enabled.
	EnvAPIPort = "TELEPRESENCE_API_PORT"

	DomainPrefix                         = "telepresence.getambassador.io/"
	InjectAnnotation                     = DomainPrefix + "inject-" + ContainerName
	InjectIgnoreVolumeMounts             = DomainPrefix + "inject-ignore-volume-mounts"
	TerminatingTLSSecretAnnotation       = DomainPrefix + "inject-terminating-tls-secret"
	OriginatingTLSSecretAnnotation       = DomainPrefix + "inject-originating-tls-secret"
	LegacyTerminatingTLSSecretAnnotation = "getambassador.io/inject-terminating-tls-secret"
	LegacyOriginatingTLSSecretAnnotation = "getambassador.io/inject-originating-tls-secret"
	WorkloadNameLabel                    = "telepresence.io/workloadName"
	WorkloadKindLabel                    = "telepresence.io/workloadKind"
	WorkloadEnabledLabel                 = "telepresence.io/workloadEnabled"
	K8SCreatedByLabel                    = "app.kubernetes.io/created-by"
)
View Source
const ProtoSeparator = byte('/')

Variables

View Source
var ErrNotInteger = errors.New("not an integer")
View Source
var SidecarType = reflect.TypeOf(Sidecar{}) //nolint:gochecknoglobals // extension point

SidecarType is Sidecar by default but can be any type implementing SidecarExt.

Functions

func AgentContainer

func AgentContainer(
	ctx context.Context,
	pod *core.Pod,
	config *Sidecar,
) *core.Container

AgentContainer will return a configured traffic-agent.

func AgentVolumes

func AgentVolumes(agentName string, pod *core.Pod) []core.Volume

func EachContainer

func EachContainer(pod *core.Pod, config *Sidecar, f func(*core.Container, *Container))

EachContainer will find each container in the given config and match it against a container in the pod using its name. The given function is called once for each match.

func InitContainer

func InitContainer(config *Sidecar) *core.Container

func IsInterceptFor

func IsInterceptFor(spi PortIdentifier, ic *Intercept) bool

IsInterceptFor returns true when the given PortIdentifier is equal to the config's ServicePortName, or can be parsed to an integer equal to the config's ServicePort.

func ParseNumericPort added in v2.6.8

func ParseNumericPort(portStr string) (uint16, error)

ParseNumericPort parses the given string into a positive unsigned 16-bit integer. ErrNotInteger is returned if the string doesn't represent an integer. A range error is return unless the integer is between 1 and 65535.

func ParseProtocol added in v2.6.8

func ParseProtocol(protocol string) (core.Protocol, error)

func SpecMatchesIntercept

func SpecMatchesIntercept(spec *manager.InterceptSpec, ic *Intercept) bool

SpecMatchesIntercept answers the question if an InterceptSpec matches the given Intercept config. The spec matches if:

  • its ServiceName is equal to the config's ServiceName
  • its PortIdentifier is equal to the config's ServicePortName, or can be parsed to an integer equal to the config's ServicePort

func ValidatePort added in v2.6.8

func ValidatePort(s string) error

ValidatePort validates a port string. An error is returned if the string isn't a number between 1 and 65535 or a DNS_LABEL.

Types

type Container

type Container struct {
	// Name of the intercepted container
	Name string `json:"name,omitempty" yaml:"name,omitempty"`

	// The intercepts managed by the agent
	Intercepts []*Intercept `json:"intercepts,omitempty"`

	// Prefix used for all keys in the container environment copy
	EnvPrefix string `json:"envPrefix,omitempty"`

	// Where the agent mounts the agents volumes
	MountPoint string `json:"mountPoint,omitempty"`

	// Mounts are the actual mount points that are mounted by this container
	Mounts []string `json:"Mounts,omitempty"`

	// Replace is whether the agent should replace the intercepted container
	Replace ReplacePolicy `json:"replace,omitempty"`
}

Container describes one container that can have one or several intercepts.

type IgnoredVolumeMounts added in v2.19.0

type IgnoredVolumeMounts []string

func GetIgnoredVolumeMounts added in v2.19.0

func GetIgnoredVolumeMounts(annotations map[string]string) IgnoredVolumeMounts

func (IgnoredVolumeMounts) IsVolumeIgnored added in v2.19.0

func (iv IgnoredVolumeMounts) IsVolumeIgnored(name, path string) bool

type InjectPolicy added in v2.6.5

type InjectPolicy int

InjectPolicy specifies when the agent injector mutating webhook will inject a traffic-agent into a pod.

const (
	// OnDemand tells the injector to inject the traffic-agent the first time someone makes an attempt
	// to intercept the workload, even if the telepresence.getambassador.io/inject-traffic-agent is
	// missing.
	//
	// OnDemand has lower priority than the annotation. If the annotation is set to "enabled", then
	// the injector will inject the traffic-agent in advance into all pods that are created or updated.
	// If it is "disabled", then no injection will take place.
	//
	// This is the default setting.
	OnDemand InjectPolicy = iota

	// WhenEnabled tells the injector to inject the traffic-agent in advance into all pods that are
	// created or updated when the telepresence.getambassador.io/inject-traffic-agent annotation is
	// present and set to "enabled".
	WhenEnabled
)

func NewEnablePolicy added in v2.6.5

func NewEnablePolicy(s string) (InjectPolicy, error)

func (*InjectPolicy) EnvDecode added in v2.6.5

func (aps *InjectPolicy) EnvDecode(val string) (err error)

func (InjectPolicy) MarshalJSON added in v2.7.4

func (aps InjectPolicy) MarshalJSON() ([]byte, error)

func (InjectPolicy) String added in v2.6.5

func (aps InjectPolicy) String() string

func (*InjectPolicy) UnmarshalJSON added in v2.7.4

func (aps *InjectPolicy) UnmarshalJSON(value []byte) error

type Intercept

type Intercept struct {
	// The name of the intercepted container port
	ContainerPortName string `json:"containerPortName,omitempty"`

	// Name of intercepted service
	ServiceName string `json:"serviceName,omitempty"`

	// UID of intercepted service
	ServiceUID types.UID `json:"serviceUID,omitempty"`

	// Name of intercepted service port
	ServicePortName string `json:"servicePortName,omitempty"`

	// TargetPortNumeric is set to true unless the servicePort has a symbolic target port
	TargetPortNumeric bool `json:"targetPortNumeric,omitempty"`

	// L4 protocol used by the intercepted port
	Protocol core.Protocol `json:"protocol,omitempty"`

	// L7 protocol used by the intercepted port
	AppProtocol string `json:"appProtocol,omitempty"`

	// True if the service is headless
	Headless bool `json:"headless,omitempty"`

	// The number of the intercepted container port
	ContainerPort uint16 `json:"containerPort,omitempty"`

	// Number of intercepted service port
	ServicePort uint16 `json:"servicePort,omitempty"`

	// The port number that the agent listens to
	AgentPort uint16 `json:"agentPort,omitempty"`
}

Intercept describes the mapping between a service port and an intercepted container port.

func PortUniqueIntercepts added in v2.6.3

func PortUniqueIntercepts(cn *Container) []*Intercept

PortUniqueIntercepts returns a slice of intercepts for the container where each intercept is unique with respect to the AgentPort and Protocol. This method should always be used when iterating the intercepts, except for when an intercept is identified via a service.

type PortAndProto added in v2.6.8

type PortAndProto struct {
	Port  uint16
	Proto core.Protocol
}

func NewPortAndProto added in v2.6.8

func NewPortAndProto(s string) (PortAndProto, error)

func (*PortAndProto) Addr added in v2.6.8

func (pp *PortAndProto) Addr() (addr net.Addr, err error)

func (*PortAndProto) String added in v2.6.8

func (pp *PortAndProto) String() string

type PortIdentifier added in v2.6.8

type PortIdentifier string

PortIdentifier identifies a port (service or container) unambiguously using the notation <name or number>/<protocol>. A named port will always be identified using the name and the protocol will only be appended when it is not TCP.

func NewPortIdentifier added in v2.6.8

func NewPortIdentifier(protocol string, portString string) (PortIdentifier, error)

NewPortIdentifier creates a new PortIdentifier from a protocol and a string that is either a name or a number. An error is returned if the protocol is unsupported, if a port number is not between 1 and 65535, or if the name isn't a DNS_LABEL.

func (PortIdentifier) HasProto added in v2.6.8

func (spi PortIdentifier) HasProto() bool

HasProto returns the protocol, and the name or number.

func (PortIdentifier) ProtoAndNameOrNumber added in v2.6.8

func (spi PortIdentifier) ProtoAndNameOrNumber() (core.Protocol, string, uint16)

ProtoAndNameOrNumber returns the protocol, and the name or number.

func (PortIdentifier) String added in v2.6.8

func (spi PortIdentifier) String() string

type ReplacePolicy added in v2.16.0

type ReplacePolicy bool

func (ReplacePolicy) MarshalJSON added in v2.18.0

func (r ReplacePolicy) MarshalJSON() ([]byte, error)

func (*ReplacePolicy) UnmarshalJSON added in v2.18.0

func (r *ReplacePolicy) UnmarshalJSON(data []byte) error

type Sidecar

type Sidecar struct {
	// If Create is true, then this Config has not yet been filled in.
	Create bool `json:"create,omitempty"`

	// If Manual is true, then this Config is created manually
	Manual bool `json:"manual,omitempty"`

	// The fully qualified name of the traffic-agent image, i.e. "docker.io/tel2:2.5.4"
	AgentImage string `json:"agentImage,omitempty"`

	// One of "IfNotPresent", "Always", or "Never"
	PullPolicy string `json:"pullPolicy,omitempty"`

	// Secrets used when pulling the agent image from a private registry
	PullSecrets []core.LocalObjectReference `json:"pullSecrets,omitempty"`

	// The name of the traffic-agent instance. Typically, the same as the name of the workload owner
	AgentName string `json:"agentName,omitempty"`

	// The namespace of the intercepted pod
	Namespace string `json:"namespace,omitempty"`

	// LogLevel used for all traffic-agent logging
	LogLevel string `json:"logLevel,omitempty"`

	// The name of the workload that the pod originates from
	WorkloadName string `json:"workloadName,omitempty"`

	// The kind of workload that the pod originates from
	WorkloadKind string `json:"workloadKind,omitempty"`

	// The host used when connecting to the traffic-manager
	ManagerHost string `json:"managerHost,omitempty"`

	// The port used when connecting to the traffic manager
	ManagerPort uint16 `json:"managerPort,omitempty"`

	// The port used by the agents restFUL API server
	APIPort uint16 `json:"apiPort,omitempty"`

	// The port used by the agent's GRPC tracing server
	TracingPort uint16 `json:"tracingPort,omitempty"`

	// Resources for the sidecar
	Resources *core.ResourceRequirements `json:"resources,omitempty"`

	// InitResources is the resource requirements for the initContainer sidecar
	InitResources *core.ResourceRequirements `json:"initResources,omitempty"`

	// The intercepts managed by the agent
	Containers []*Container `json:"containers,omitempty"`

	// SecurityContext for the sidecar
	SecurityContext *core.SecurityContext `json:"securityContext,omitempty"`
}

The Sidecar configures the traffic-agent sidecar.

func (*Sidecar) AgentConfig added in v2.14.1

func (s *Sidecar) AgentConfig() *Sidecar

func (*Sidecar) Marshal added in v2.14.1

func (s *Sidecar) Marshal() ([]byte, error)

Marshal returns YAML encoding of the Sidecar.

func (*Sidecar) RecordInSpan added in v2.7.2

func (s *Sidecar) RecordInSpan(span trace.Span)

type SidecarExt added in v2.14.1

type SidecarExt interface {
	AgentConfig() *Sidecar

	Marshal() ([]byte, error)

	RecordInSpan(span trace.Span)
}

SidecarExt must be implemented by a struct that can represent itself as YAML.

func UnmarshalYAML added in v2.14.1

func UnmarshalYAML(data []byte) (SidecarExt, error)

UnmarshalYAML creates a new instance of the SidecarType from the given YAML data.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL