services

package
v0.0.28 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 31, 2023 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Overview

Package services contains the gRPC server for inter-node communication.

Index

Constants

View Source
const (
	ListenAddressEnvVar = "SERVICES_LISTEN_ADDRESS"
	CertFileEnvVar      = "SERVICES_TLS_CERT_FILE"
	KeyFileEnvVar       = "SERVICES_TLS_KEY_FILE"
	InsecureEnvVar      = "SERVICES_INSECURE"
)
View Source
const (
	LeaderProxyDisabledEnvVar     = "SERVICES_API_DISABLE_LEADER_PROXY"
	MeshEnabledEnvVar             = "SERVICES_API_MESH"
	AdminEnabledEnvVar            = "SERVICES_API_ADMIN"
	PeerDiscoveryEnabledEnvVar    = "SERVICES_API_PEER_DISCOVERY"
	WebRTCEnabledEnvVar           = "SERVICES_API_WEBRTC"
	WebRTCSTUNServersEnvVar       = "SERVICES_API_STUN_SERVERS"
	ProxyTLSCertFileEnvVar        = "SERVICES_API_PROXY_TLS_CERT_FILE"
	ProxyTLSKeyFileEnvVar         = "SERVICES_API_PROXY_TLS_KEY_FILE"
	ProxyTLSCAFileEnvVar          = "SERVICES_API_PROXY_TLS_CA_FILE"
	ProxyVerifyChainOnlyEnvVar    = "SERVICES_API_PROXY_VERIFY_CHAIN_ONLY"
	ProxyInsecureSkipVerifyEnvVar = "SERVICES_API_PROXY_INSECURE_SKIP_VERIFY"
	ProxyInsecureEnvVar           = "SERVICES_API_PROXY_INSECURE"
)
View Source
const (
	MeshDNSEnabledEnvVar           = "SERVICES_MESH_DNS_ENABLED"
	MeshDNSListenUDPEnvVar         = "SERVICES_MESH_DNS_LISTEN_UDP"
	MeshDNSListenTCPEnvVar         = "SERVICES_MESH_DNS_LISTEN_TCP"
	MeshDNSTSIGKeyEnvVar           = "SERVICES_MESH_DNS_TSIG_KEY"
	MeshDNSReusePortEnvVar         = "SERVICES_MESH_DNS_REUSE_PORT"
	MeshDNSCompressionEnvVar       = "SERVICES_MESH_DNS_COMPRESSION"
	MeshDNSRequestTimeoutEnvVar    = "SERVICES_MESH_DNS_REQUEST_TIMEOUT"
	MeshDNSForwardersEnvVar        = "SERVICES_MESH_DNS_FORWARDERS"
	MeshDNSDisableForwardingEnvVar = "SERVICES_MESH_DNS_DISABLE_FORWARDING"
	MeshDNSCacheSizeEnvVar         = "SERVICES_MESH_DNS_CACHE_SIZE"
)
View Source
const (
	MetricsEnabledEnvVar       = "SERVICES_METRICS_ENABLED"
	MetricsListenAddressEnvVar = "SERVICES_METRICS_LISTEN_ADDRESS"
	MetricsPathEnvVar          = "SERVICES_METRICS_PATH"
)
View Source
const (
	TURNEnabledEnvVar             = "SERVICES_TURN_ENABLED"
	TURNServerEndpointEnvVar      = "SERVICES_TURN_ENDPOINT"
	TURNServerPublicIPEnvVar      = "SERVICES_TURN_PUBLIC_IP"
	TURNServerListenAddressEnvVar = "SERVICES_TURN_LISTEN_ADDRESS"
	TURNServerPortEnvVar          = "SERVICES_TURN_SERVER_PORT"
	TURNServerRealmEnvVar         = "SERVICES_TURN_SERVER_REALM"
	TURNSTUNPortRangeEnvVar       = "SERVICES_TURN_STUN_PORT_RANGE"
)

Variables

This section is empty.

Functions

func InterceptorLogger

func InterceptorLogger() logging.Logger

InterceptorLogger returns a logging.Logger that logs to the given slog.Logger.

Types

type APIOptions

type APIOptions struct {
	// DisableLeaderProxy is true if the leader proxy should be disabled.
	DisableLeaderProxy bool `json:"disable-leader-proxy,omitempty" yaml:"disable-leader-proxy,omitempty" toml:"disable-leader-proxy,omitempty"`
	// Mesh is true if the mesh API should be registered.
	Mesh bool `json:"mesh,omitempty" yaml:"mesh,omitempty" toml:"mesh,omitempty"`
	// Admin is true if the admin API should be registered.
	Admin bool `json:"admin,omitempty" yaml:"admin,omitempty" toml:"admin,omitempty"`
	// PeerDiscovery is true if the peer discovery API should be registered.
	PeerDiscovery bool `json:"peer-discovery,omitempty" yaml:"peer-discovery,omitempty" toml:"peer-discovery,omitempty"`
	// WebRTC is true if the WebRTC API should be registered.
	WebRTC bool `json:"webrtc,omitempty" yaml:"webrtc,omitempty" toml:"webrtc,omitempty"`
	// STUNServers is a comma separated list of STUN servers to use if the WebRTC API is enabled.
	STUNServers string `json:"stun-servers,omitempty" yaml:"stun-servers,omitempty" toml:"stun-servers,omitempty"`
	// ProxyAuth are options for authenticating the proxy transport.
	ProxyAuth *ProxyAuth `json:"proxy-auth,omitempty" yaml:"proxy-auth,omitempty" toml:"proxy-auth,omitempty"`
	// ProxyTLSCAFile is the path to the TLS CA file for verifying a peer node's certificate.
	ProxyTLSCAFile string `json:"proxy-tls-ca-file,omitempty" yaml:"proxy-tls-ca-file,omitempty" toml:"proxy-tls-ca-file,omitempty"`
	// ProxyVerifyChainOnly is true if only the chain should be verified when proxying connections.
	ProxyVerifyChainOnly bool `json:"proxy-verify-chain-only,omitempty" yaml:"proxy-verify-chain-only,omitempty" toml:"proxy-verify-chain-only,omitempty"`
	// ProxyInsecureSkipVerify is true if TLS verification should be skipped when proxying connections.
	ProxyInsecureSkipVerify bool `` /* 131-byte string literal not displayed */
	// ProxyInsecure is true if the proxy transport is insecure.
	ProxyInsecure bool `json:"proxy-insecure,omitempty" yaml:"proxy-insecure,omitempty" toml:"proxy-insecure,omitempty"`
}

APIOptions are the options for which APIs to register and expose.

func NewAPIOptions

func NewAPIOptions() *APIOptions

NewAPIOptions creates a new APIOptions with default values.

func (*APIOptions) BindFlags

func (o *APIOptions) BindFlags(fs *flag.FlagSet)

BindFlags binds the flags. The options are returned

func (*APIOptions) Validate

func (o *APIOptions) Validate() error

Validate validates the options.

type BasicAuthOptions

type BasicAuthOptions struct {
	// Username is the username.
	Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
	// Password is the password.
	Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}

BasicAuthOptions are options for basic authentication.

type LDAPAuthOptions

type LDAPAuthOptions struct {
	// Username is the username.
	Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
	// Password is the password.
	Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}

LDAPAuthOptions are options for LDAP authentication.

type MTLSOptions

type MTLSOptions struct {
	// TLSCertFile is the path to a TLS certificate file to present when joining.
	CertFile string `yaml:"cert-file,omitempty" json:"cert-file,omitempty" toml:"cert-file,omitempty"`
	// TLSKeyFile is the path to a TLS key file for the certificate.
	KeyFile string `yaml:"key-file,omitempty" json:"key-file,omitempty" toml:"tls-file,omitempty"`
}

MTLSOptions are options for mutual TLS.

type MeshDNSOptions

type MeshDNSOptions struct {
	// Enabled enables mesh DNS.
	Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty" toml:"enabled,omitempty"`
	// ListenUDP is the UDP address to listen on.
	ListenUDP string `yaml:"listen-udp,omitempty" json:"listen-udp,omitempty" toml:"listen-udp,omitempty"`
	// ListenTCP is the address to listen on for TCP DNS requests.
	ListenTCP string `json:"listen-tcp,omitempty" yaml:"listen-tcp,omitempty" toml:"listen-tcp,omitempty"`
	// ReusePort sets the number of listeners to start on each port.
	// This is only supported on Linux.
	ReusePort int `json:"reuse-port,omitempty" yaml:"reuse-port,omitempty" toml:"reuse-port,omitempty"`
	// EnableCompression is true if DNS compression should be enabled.
	EnableCompression bool `json:"compression,omitempty" yaml:"compression,omitempty" toml:"compression,omitempty"`
	// RequestTimeout is the timeout for DNS requests.
	RequestTimeout time.Duration `json:"request-timeout,omitempty" yaml:"request-timeout,omitempty" toml:"request-timeout,omitempty"`
	// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
	Forwarders []string `json:"forwarders,omitempty" yaml:"forwarders,omitempty" toml:"forwarders,omitempty"`
	// DisableForwarding disables forwarding requests to the configured forwarders.
	DisableForwarding bool `json:"disable-forwarding,omitempty" yaml:"disable-forwarding,omitempty" toml:"disable-forwarding,omitempty"`
	// CacheSize is the size of the remote DNS cache.
	CacheSize int `json:"cache-size,omitempty" yaml:"cache-size,omitempty" toml:"cache-size,omitempty"`
}

MeshDNSOptions are the mesh DNS options.

func NewMeshDNSOptions

func NewMeshDNSOptions() *MeshDNSOptions

NewMeshDNSOptions creates a new set of mesh DNS options.

func (*MeshDNSOptions) BindFlags

func (o *MeshDNSOptions) BindFlags(fs *flag.FlagSet)

BindFlags binds the flags for the mesh DNS options.

func (*MeshDNSOptions) Validate

func (o *MeshDNSOptions) Validate() error

Validate validates the mesh DNS options.

type MetricsOptions

type MetricsOptions struct {
	// Enabled is true if metrics should be enabled.
	Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty" toml:"enabled,omitempty"`
	// MetricsListenAddress is the address to listen on for metrics.
	ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
	// MetricsPath is the path to serve metrics on.
	Path string `json:"path,omitempty" yaml:"path,omitempty" toml:"path,omitempty"`
}

Metrics are options for exposing metrics.

func NewMetricsOptions

func NewMetricsOptions() *MetricsOptions

NewMetricsOptions creates a new MetricsOptions with default values.

func (*MetricsOptions) BindFlags

func (o *MetricsOptions) BindFlags(fs *flag.FlagSet)

BindFlags binds the flags.

type Options

type Options struct {
	// ListenAddress is the address to listen on.
	ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
	// TLSCertFile is the path to the TLS certificate file.
	TLSCertFile string `json:"tls-cert-file,omitempty" yaml:"tls-cert-file,omitempty" toml:"tls-cert-file,omitempty"`
	// TLSKeyFile is the path to the TLS key file.
	TLSKeyFile string `json:"tls-key-file,omitempty" yaml:"tls-key-file,omitempty" toml:"tls-key-file,omitempty"`
	// Insecure is true if the transport is insecure.
	Insecure bool `json:"insecure,omitempty" yaml:"insecure,omitempty" toml:"insecure,omitempty"`
	// API options
	API *APIOptions `json:"api,omitempty" yaml:"api,omitempty" toml:"api,omitempty"`
	// MeshDNS options
	MeshDNS *MeshDNSOptions `json:"mesh-dns,omitempty" yaml:"mesh-dns,omitempty" toml:"mesh-dns,omitempty"`
	// TURN options
	TURN *TURNOptions `json:"turn,omitempty" yaml:"turn,omitempty" toml:"turn,omitempty"`
	// Metrics options
	Metrics *MetricsOptions `json:"metrics,omitempty" yaml:"metrics,omitempty" toml:"metrics,omitempty"`
	// Dashboard options
	Dashboard *dashboard.Options `json:"dashboard,omitempty" yaml:"dashboard,omitempty" toml:"dashboard,omitempty"`
}

Options contains the configuration for the gRPC server.

func NewOptions

func NewOptions() *Options

NewOptions returns new Options with sensible defaults.

func (*Options) BindFlags

func (o *Options) BindFlags(fs *flag.FlagSet)

BindFlags binds the gRPC options to the given flag set.

func (*Options) ListenPort

func (o *Options) ListenPort() (int, error)

ListenPort returns the port the options are configured to listen on.

func (*Options) ProxyTLSConfig

func (o *Options) ProxyTLSConfig() (*tls.Config, error)

ProxyTLSConfig returns the TLS configuration for proxying.

func (*Options) ServerOptions

func (o *Options) ServerOptions(store mesh.Mesh, log *slog.Logger) (srvrOptions []grpc.ServerOption, proxyOptions []grpc.DialOption, err error)

ServerOptions converts the options to gRPC server options.

func (*Options) TLSConfig

func (o *Options) TLSConfig() (*tls.Config, error)

TLSConfig returns the TLS configuration.

func (*Options) ToFeatureSet

func (o *Options) ToFeatureSet() []v1.Feature

ToFeatureSet converts the options to a feature set.

func (*Options) Validate

func (o *Options) Validate() error

Validate validates the options.

type ProxyAuth

type ProxyAuth struct {
	// Basic are options for basic authentication.
	Basic *BasicAuthOptions `json:"basic,omitempty" yaml:"basic,omitempty" toml:"basic,omitempty"`
	// MTLS are options for mutual TLS.
	MTLS *MTLSOptions `json:"mtls,omitempty" yaml:"mtls,omitempty" toml:"mtls,omitempty"`
	// LDAP are options for LDAP authentication.
	LDAP *LDAPAuthOptions `json:"ldap,omitempty" yaml:"ldap,omitempty" toml:"ldap,omitempty"`
}

ProxyAuth are options for authenticating the proxy transport.

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is the gRPC server.

func NewServer

func NewServer(store mesh.Mesh, o *Options) (*Server, error)

NewServer returns a new Server.

func (*Server) Check

Check implements grpc.health.v1.HealthServer.

func (*Server) GetServiceInfo

func (s *Server) GetServiceInfo() map[string]grpc.ServiceInfo

GetServiceInfo implements reflection.ServiceInfoProvider.

func (*Server) ListenAndServe

func (s *Server) ListenAndServe() error

ListenAndServe starts the gRPC server and optional metrics server then blocks until the gRPC server exits.

func (*Server) RegisterService

func (s *Server) RegisterService(desc *grpc.ServiceDesc, impl any)

RegisterService implements grpc.RegistrarService.

func (*Server) Stop

func (s *Server) Stop()

Stop stops the gRPC server gracefully.

func (*Server) Watch

Watch implements grpc.health.v1.HealthServer.

type TURNOptions

type TURNOptions struct {
	// Enabled enables the TURN server.
	Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty" toml:"enabled,omitempty"`
	// Endpoint is the endpoint to advertise for the TURN server. If empty, the public IP and listen port is used.
	Endpoint string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" toml:"endpoint,omitempty"`
	// PublicIP is the address advertised for STUN requests.
	PublicIP string `json:"public-ip,omitempty" yaml:"public-ip,omitempty" toml:"public-ip,omitempty"`
	// ListenAddress is the address to listen on for TURN connections.
	ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
	// ListenPort is the port to listen on for TURN connections.
	ListenPort int `json:"listen-port,omitempty" yaml:"listen-port,omitempty" toml:"listen-port,omitempty"`
	// ServerRealm is the realm used for TURN server authentication.
	ServerRealm string `json:"realm,omitempty" yaml:"realm,omitempty" toml:"realm,omitempty"`
	// STUNPortRange is the port range to use for STUN.
	STUNPortRange string `json:"stun-port-range,omitempty" yaml:"stun-port-range,omitempty" toml:"stun-port-range,omitempty"`
}

TURNOptions are the TURN Server options.

func NewTURNOptions

func NewTURNOptions() *TURNOptions

NewTURNOptions creates a new TURNOptions with default values.

func (*TURNOptions) BindFlags

func (o *TURNOptions) BindFlags(fs *flag.FlagSet)

BindFlags binds the flags.

func (*TURNOptions) Validate

func (o *TURNOptions) Validate() error

Validate validates the options.

Directories

Path Synopsis
Package admin provides the admin gRPC server.
Package admin provides the admin gRPC server.
Package dashboard contains a service that serves a web dashboard.
Package dashboard contains a service that serves a web dashboard.
Package leaderproxy provides a gRPC interceptor that proxies requests to the leader node.
Package leaderproxy provides a gRPC interceptor that proxies requests to the leader node.
Package meshapi contains the webmesh Mesh API service.
Package meshapi contains the webmesh Mesh API service.
Package meshdns contains the Mesh DNS server.
Package meshdns contains the Mesh DNS server.
Package node contains the webmesh node service.
Package node contains the webmesh node service.
Package peerdiscovery contains the webmesh PeerDiscovery API service.
Package peerdiscovery contains the webmesh PeerDiscovery API service.
Package rbac contains utilities for evaluating requests against roles.
Package rbac contains utilities for evaluating requests against roles.
Package turn contains the STUN/TURN server.
Package turn contains the STUN/TURN server.
Package webrtc contains the webmesh WebRTC service.
Package webrtc contains the webmesh WebRTC service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL