Documentation
¶
Overview ¶
Package options contains configuration parsing for the nodecmd.
Index ¶
- Variables
- func InterceptorLogger() logging.Logger
- type APIOptions
- type AuthOptions
- type BasicAuthOptions
- type BootstrapOptions
- type BridgeMeshDNSOptions
- type BridgeOptions
- type Config
- func (o *Config) BindFlags(prefix string, fs *pflag.FlagSet) *Config
- func (o *Config) IsRaftMember() bool
- func (c *Config) LoadFrom(fs *pflag.FlagSet, confFiles []string) error
- func (c Config) MarshalJSON() ([]byte, error)
- func (c Config) MarshalTOML() ([]byte, error)
- func (c Config) MarshalYAML() ([]byte, error)
- func (o *Config) NewBootstrapTransport(nodeID string, conn mesh.Mesh) transport.BootstrapTransport
- func (o *Config) NewConnectOptions(ctx context.Context, conn mesh.Mesh, raft raft.Raft) (opts mesh.ConnectOptions, err error)
- func (o *Config) NewDualStorage() (storage.DualStorage, error)
- func (o *Config) NewFeatureSet() []v1.Feature
- func (o *Config) NewJoinTransport(nodeID string, conn mesh.Mesh) (transport.JoinRoundTripper, error)
- func (o *Config) NewMeshConfig(ctx context.Context) (conf mesh.Config, err error)
- func (o *Config) NewPluginSet(ctx context.Context) (map[string]plugins.Plugin, error)
- func (o *Config) NewRaftNode(conn mesh.Mesh) (raft.Raft, error)
- func (o *Config) NewRaftStartOptions(conn mesh.Mesh) (opts raft.StartOptions, err error)
- func (o *Config) NewRaftTransport(conn mesh.Mesh) (transport.RaftTransport, error)
- func (o *Config) NewServerTLSOptions() (grpc.ServerOption, error)
- func (o *Config) NewServiceOptions(ctx context.Context, conn mesh.Mesh) (conf services.Options, err error)
- func (o *Config) NodeID() (string, error)
- func (o *Config) RaftListenPort() int
- func (o *Config) RegisterAPIs(ctx context.Context, conn mesh.Mesh, srv *services.Server) error
- func (c Config) ToMapStructure() map[string]interface{}
- func (c *Config) UnmarshalJSON(b []byte) error
- func (c *Config) UnmarshalTOML(b []byte) error
- func (c *Config) UnmarshalYAML(b []byte) error
- func (o *Config) Validate() error
- type DiscoveryOptions
- type ExecutablePluginConfig
- type GlobalOptions
- type LDAPAuthOptions
- type MTLSOptions
- type MeshDNSOptions
- type MeshOptions
- type MetricsOptions
- type PluginConfig
- type PluginMapConfig
- type PluginOptions
- type RaftOptions
- type RemotePluginConfig
- type ServiceOptions
- type TLSOptions
- type TURNOptions
- type WireGuardOptions
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultNodeID = func() string { hostname, err := os.Hostname() if err != nil { return uuid.NewString() } return hostname }()
DefaultNodeID is the default node ID used if no other is configured
View Source
var ErrNoMesh = fmt.Errorf("no mesh configured")
ErrNoMesh is returned when no mesh is configured to be bootstrapped or joined.
Functions ¶
func InterceptorLogger ¶
InterceptorLogger returns a logging.Logger that logs to the given slog.Logger.
Types ¶
type APIOptions ¶
type APIOptions struct {
// MeshEnabled is true if the mesh API should be registered.
MeshEnabled bool `koanf:"mesh-enabled,omitempty"`
// AdminEnabled is true if the admin API should be registered.
AdminEnabled bool `koanf:"admin-enabled,omitempty"`
// WebRTCEnabled is true if the WebRTC API should be registered.
WebRTCEnabled bool `koanf:"webrtc-enabled,omitempty"`
// STUNServers is a list of STUN servers to use for the WebRTC API.
STUNServers []string `koanf:"stun-servers,omitempty"`
}
APIOptions are the options for which APIs to register and expose.
type AuthOptions ¶
type AuthOptions struct {
// MTLS are options for mutual TLS. This is the recommended
// authentication method.
MTLS MTLSOptions `koanf:"mtls,omitempty"`
// Basic are options for basic authentication.
Basic BasicAuthOptions `koanf:"basic,omitempty"`
// LDAP are options for LDAP authentication.
LDAP LDAPAuthOptions `koanf:"ldap,omitempty"`
}
AuthOptions are options for authentication into the mesh.
func (*AuthOptions) BindFlags ¶
func (o *AuthOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags to the options.
func (*AuthOptions) Validate ¶
func (o *AuthOptions) Validate() error
type BasicAuthOptions ¶
type BasicAuthOptions struct {
// Username is the username.
Username string `koanf:"username,omitempty"`
// Password is the password.
Password string `koanf:"password,omitempty"`
}
BasicAuthOptions are options for basic authentication.
type BootstrapOptions ¶
type BootstrapOptions struct {
// Enabled is the flag to attempt bootstrapping. If true, the node will only bootstrap a new cluster
// if no data is found. To force a bootstrap, set Force to true.
Enabled bool `koanf:"enabled,omitempty"`
// AdvertiseAddress is the initial address to advertise for raft consensus.
AdvertiseAddress string `koanf:"advertise-address,omitempty"`
// ListenAddress is the initial address to use when using TCP raft consensus to bootstrap.
ListenAddress string `koanf:"listen-address,omitempty"`
// Servers is a map of node IDs to addresses to bootstrap with. If empty, the node will use the advertise
// address as the bootstrap server. If not empty, all nodes in the map should be started with the same
// list configurations. If any are different then the first node to become leader will pick them. This
// can cause bootstrap to fail when using ACLs. Servers should be in the form of <node-id>=<address>.
Servers map[string]string `koanf:"servers,omitempty"`
// ServersGRPCPorts is a map of node IDs to gRPC ports to bootstrap with. If empty, the node will use the
// advertise address and locally configured gRPC port for every node in bootstrap-servers. Ports should
// be in the form of <node-id>=<port>.
ServersGRPCPorts map[string]int `koanf:"servers-grpc-ports,omitempty"`
// IPv4Network is the IPv4 network of the mesh to write to the database when bootstraping a new cluster.
IPv4Network string `koanf:"ipv4-network,omitempty"`
// MeshDomain is the domain of the mesh to write to the database when bootstraping a new cluster.
MeshDomain string `koanf:"mesh-domain,omitempty"`
// Admin is the user and/or node name to assign administrator privileges to when bootstraping a new cluster.
Admin string `koanf:"admin,omitempty"`
// Voters is a comma separated list of node IDs to assign voting privileges to when bootstraping a new cluster.
// BootstrapServers are automatically added to this list.
Voters []string `koanf:"voters,omitempty"`
// DefaultNetworkPolicy is the default network policy to apply to the mesh when bootstraping a new cluster.
DefaultNetworkPolicy string `koanf:"default-network-policy,omitempty"`
// DisableRBAC is the flag to disable RBAC when bootstrapping a new cluster.
DisableRBAC bool `koanf:"disable-rbac,omitempty"`
// Force is the force new bootstrap flag.
Force bool `koanf:"force,omitempty"`
}
BootstrapOptions are options for bootstrapping a new mesh.
func (*BootstrapOptions) BindFlags ¶
func (o *BootstrapOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the bootstrap options to a flag set.
func (*BootstrapOptions) Validate ¶
func (o *BootstrapOptions) Validate() error
Validate validates the bootstrap options.
type BridgeMeshDNSOptions ¶
type BridgeMeshDNSOptions struct {
// Enabled enables mesh DNS.
Enabled bool `koanf:"enabled,omitempty"`
// ListenUDP is the UDP address to listen on.
ListenUDP string `koanf:"listen-udp,omitempty"`
// ListenTCP is the address to listen on for TCP DNS requests.
ListenTCP string `koanf:"listen-tcp,omitempty"`
// ReusePort sets the number of listeners to start on each port.
// This is only supported on Linux.
ReusePort int `koanf:"reuse-port,omitempty"`
// EnableCompression is true if DNS compression should be enabled.
EnableCompression bool `koanf:"compression,omitempty"`
// RequestTimeout is the timeout for DNS requests.
RequestTimeout time.Duration `koanf:"request-timeout,omitempty"`
// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
Forwarders []string `koanf:"forwarders,omitempty"`
// SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes.
// These forwarders will be placed at the bottom of the forwarders list.
SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"`
// DisableForwarding disables forwarding requests entirely.
DisableForwarding bool `koanf:"disable-forwarding,omitempty"`
// CacheSize is the size of the remote DNS cache.
CacheSize int `koanf:"cache-size,omitempty"`
}
func (*BridgeMeshDNSOptions) BindFlags ¶
func (m *BridgeMeshDNSOptions) BindFlags(fl *pflag.FlagSet)
BindFlags binds the flags.
func (*BridgeMeshDNSOptions) Validate ¶
func (m *BridgeMeshDNSOptions) Validate() error
Validate validates the bridge dns options.
type BridgeOptions ¶
type BridgeOptions struct {
// Meshes are the meshes to bridge.
Meshes map[string]*Config `koanf:"meshes,omitempty"`
// MeshDNS are options for running a meshdns server bridging all meshes.
MeshDNS BridgeMeshDNSOptions `koanf:"meshdns,omitempty"`
// UseMeshDNS is true if the bridge should use the meshdns server for local name resolution.
UseMeshDNS bool `koanf:"use-meshdns,omitempty"`
}
BridgeOptions are options for the bridge.
func (*BridgeOptions) BindFlags ¶
func (b *BridgeOptions) BindFlags(fs *pflag.FlagSet)
BindFlags binds the flags.
func (*BridgeOptions) Validate ¶
func (b *BridgeOptions) Validate() error
Validate recursively validates the config.
type Config ¶
type Config struct {
// Global are global options that are overlaid on all other options.
Global GlobalOptions `koanf:"global,omitempty"`
// Bootstrap are the bootstrap options.
Bootstrap BootstrapOptions `koanf:"bootstrap,omitempty"`
// Auth are the authentication options.
Auth AuthOptions `koanf:"auth,omitempty"`
// Mesh are the mesh options.
Mesh MeshOptions `koanf:"mesh,omitempty"`
// Raft are the raft options.
Raft RaftOptions `koanf:"raft,omitempty"`
// Services are the service options.
Services ServiceOptions `koanf:"services,omitempty"`
// TLS are the TLS options.
TLS TLSOptions `koanf:"tls,omitempty"`
// WireGuard are the WireGuard options.
WireGuard WireGuardOptions `koanf:"wireguard,omitempty"`
// Discovery are the discovery options.
Discovery DiscoveryOptions `koanf:"discovery,omitempty"`
// Plugins are the plugin options.
Plugins PluginOptions `koanf:"plugins,omitempty"`
// Bridge are the bridge options.
Bridge BridgeOptions `koanf:"bridge,omitempty"`
}
Config are the configuration options for running a webmesh node.
func (*Config) IsRaftMember ¶
IsRaftMember returns true if the node is a raft member.
func (*Config) LoadFrom ¶
LoadFrom attempts to load this configuration from the given flag set, configuration files, and environment variables. If fs is not nil, it is assumed the configuration has already been bound to the flag set and that the flagset has already been parsed. The order of precedence for parsing is: 1. Files 2. Environment variables 3. Flags
func (Config) MarshalJSON ¶
MarshalJSON implements json.Marshaler.
func (Config) MarshalTOML ¶
MarshalTOML implements toml.Marshaler.
func (Config) MarshalYAML ¶
MarshalYAML implements yaml.Marshaler.
func (*Config) NewBootstrapTransport ¶
NewBootstrapTransport returns the bootstrap transport for the configuration.
func (*Config) NewConnectOptions ¶
func (o *Config) NewConnectOptions(ctx context.Context, conn mesh.Mesh, raft raft.Raft) (opts mesh.ConnectOptions, err error)
NewConnectOptions returns new connection options for the configuration. The given raft node must be started it can be used.
func (*Config) NewDualStorage ¶
func (o *Config) NewDualStorage() (storage.DualStorage, error)
NewDualStorage creates a new mesh and raft storage for the current configuration.
func (*Config) NewFeatureSet ¶
NewFeatureSet returns a new FeatureSet for the given node options.
func (*Config) NewJoinTransport ¶
func (*Config) NewMeshConfig ¶
NewMeshConfig return a new Mesh configuration based on the node configuration.
func (*Config) NewPluginSet ¶
NewPluginSet returns a new plugin set for the node configuration.
func (*Config) NewRaftNode ¶
NewRaftNode creates a new raft node for the given mesh instance.
func (*Config) NewRaftStartOptions ¶
NewRaftStartOptions creates a new start options for the current configuration.
func (*Config) NewRaftTransport ¶
NewRaftTransport creates a new raft transport for the current configuration.
func (*Config) NewServerTLSOptions ¶
func (o *Config) NewServerTLSOptions() (grpc.ServerOption, error)
NewServerTLSOptions returns new TLS options for the gRPC server.
func (*Config) NewServiceOptions ¶
func (o *Config) NewServiceOptions(ctx context.Context, conn mesh.Mesh) (conf services.Options, err error)
NewServiceOptions returns new options for the webmesh services.
func (*Config) NodeID ¶
NodeID returns the node ID for this configuration, or any error attempting to determine it.
func (*Config) RaftListenPort ¶
RaftListenPort returns the listen port for the raft transport.
func (*Config) RegisterAPIs ¶
RegisterAPIs registers the configured APIs to the given server.
func (Config) ToMapStructure ¶
ToMapStructure converts the configuration to a map[string]interface{} structure.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON implements json.Unmarshaler.
func (*Config) UnmarshalTOML ¶
UnmarshalTOML implements toml.Unmarshaler.
func (*Config) UnmarshalYAML ¶
UnmarshalYAML implements yaml.Unmarshaler.
type DiscoveryOptions ¶
type DiscoveryOptions struct {
// Announce is a flag to announce this peer to the discovery service.
// Otherwise this peer will only discover other peers.
Announce bool `koanf:"announce,omitempty"`
// PSK is the pre-shared key to use as a rendezvous point for peer discovery.
PSK string `koanf:"psk,omitempty"`
// UseKadDHT is a flag to use the libp2p kademlia DHT for discovery.
UseKadDHT bool `koanf:"use-kad-dht,omitempty"`
// KadBootstrapServers is a list of bootstrap servers to use for the DHT.
// If empty or nil, the default bootstrap servers will be used.
KadBootstrapServers []string `koanf:"kad-bootstrap-servers,omitempty"`
// AnnounceTTL is the TTL for the announcement.
AnnounceTTL time.Duration `koanf:"announce-ttl,omitempty"`
}
DiscoveryOptions are options for discovering peers.
func (*DiscoveryOptions) BindFlags ¶
func (o *DiscoveryOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags for the discovery options.
func (*DiscoveryOptions) Validate ¶
func (o *DiscoveryOptions) Validate() error
Validate validates the discovery options.
type ExecutablePluginConfig ¶
type ExecutablePluginConfig struct {
// Path is the path to an executable for the plugin.
Path string `kaonf:"path,omitempty"`
}
ExecutablePluginConfig is the configuration for an executable plugin.
type GlobalOptions ¶
type GlobalOptions struct {
// LogLevel is the log level.
LogLevel string `koanf:"log-level,omitempty"`
// TLSCertFile is the TLS certificate file.
TLSCertFile string `koanf:"tls-cert-file,omitempty"`
// TLSKeyFile is the TLS key file.
TLSKeyFile string `koanf:"tls-key-file,omitempty"`
// TLACAFile is the TLS CA file.
TLSCAFile string `koanf:"tls-ca-file,omitempty"`
// TLSClientCAFile is the path to the TLS client CA file.
// If empty, either TLSCAFile or the system CA pool is used.
TLSClientCAFile string `koanf:"tls-client-ca-file,omitempty"`
// MTLS is true if mutual TLS is enabled.
MTLS bool `koanf:"mtls,omitempty"`
// VerifyChainOnly is true if only the chain should be verified.
VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"`
// InsecureSkipVerify is true if the server TLS cert should not be verified.
InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"`
// Insecure is true if TLS should be disabled.
Insecure bool `koanf:"insecure,omitempty"`
// PrimaryEndpoint is the preferred publicly routable address of this node.
// Setting this value will override the mesh advertise address with its
// configured listen port.
PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"`
// Endpoints are the additional publicly routable addresses of this node.
// If PrimaryEndpoint is not set, it will be set to the first endpoint.
// Setting this value will override the mesh advertise with its configured
// listen port.
Endpoints []string `koanf:"endpoints,omitempty"`
// DetectEndpoints is true if the endpoints should be detected.
DetectEndpoints bool `koanf:"detect-endpoints,omitempty"`
// DetectPrivateEndpoints is true if private IP addresses should be included in detection.
// This automatically enables DetectEndpoints.
DetectPrivateEndpoints bool `koanf:"detect-private-endpoints,omitempty"`
// AllowRemoteDetection is true if remote detection is allowed.
AllowRemoteDetection bool `koanf:"allow-remote-detection,omitempty"`
// DetectIPv6 is true if IPv6 addresses should be included in detection.
DetectIPv6 bool `koanf:"detect-ipv6,omitempty"`
// DisableIPv4 is true if IPv4 should be disabled.
DisableIPv4 bool `koanf:"disable-ipv4,omitempty"`
// DisableIPv6 is true if IPv6 should be disabled.
DisableIPv6 bool `koanf:"disable-ipv6,omitempty"`
}
GlobalOptions are options that will be re-applied to all relevant configurations after parsing.
func (*GlobalOptions) ApplyGlobals ¶
func (global *GlobalOptions) ApplyGlobals(o *Config) (*Config, error)
ApplyGlobals applies the global options to the given options. It returns the options for convenience.
func (*GlobalOptions) BindFlags ¶
func (o *GlobalOptions) BindFlags(fs *pflag.FlagSet)
func (*GlobalOptions) Validate ¶
func (o *GlobalOptions) Validate() error
Validate validates the global options.
type LDAPAuthOptions ¶
type LDAPAuthOptions struct {
// Username is the username.
Username string `koanf:"username,omitempty"`
// Password is the password.
Password string `koanf:"password,omitempty"`
}
LDAPAuthOptions are options for LDAP authentication.
type MTLSOptions ¶
type MTLSOptions struct {
// CertFile is the path to a TLS certificate file to present when joining. Either this
// or CertData must be set.
CertFile string `koanf:"cert-file,omitempty"`
// CertData is the base64 encoded TLS certificate data to present when joining. Either this
// or CertFile must be set.
CertData string `koanf:"cert-data,omitempty"`
// KeyFile is the path to a TLS key file for the certificate. Either this or KeyData must be set.
KeyFile string `koanf:"key-file,omitempty"`
// KeyData is the base64 encoded TLS key data for the certificate. Either this or KeyFile must be set.
KeyData string `koanf:"key-data,omitempty"`
}
MTLSOptions are options for mutual TLS.
type MeshDNSOptions ¶
type MeshDNSOptions struct {
// Enabled enables mesh DNS.
Enabled bool `koanf:"enabled,omitempty"`
// ListenUDP is the UDP address to listen on.
ListenUDP string `koanf:"listen-udp,omitempty"`
// ListenTCP is the address to listen on for TCP DNS requests.
ListenTCP string `koanf:"listen-tcp,omitempty"`
// ReusePort sets the number of listeners to start on each port.
// This is only supported on Linux.
ReusePort int `koanf:"reuse-port,omitempty"`
// EnableCompression is true if DNS compression should be enabled.
EnableCompression bool `koanf:"compression,omitempty"`
// RequestTimeout is the timeout for DNS requests.
RequestTimeout time.Duration `koanf:"request-timeout,omitempty"`
// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
Forwarders []string `koanf:"forwarders,omitempty"`
// SubscribeForwarders will subscribe to new nodes that are able to forward requests for other meshes.
// These forwarders will be placed at the bottom of the forwarders list.
SubscribeForwarders bool `koanf:"subscribe-forwarders,omitempty"`
// DisableForwarding disables forwarding requests entirely.
DisableForwarding bool `koanf:"disable-forwarding,omitempty"`
// CacheSize is the size of the remote DNS cache.
CacheSize int `koanf:"cache-size,omitempty"`
// IPv6Only will only respond to IPv6 requests.
IPv6Only bool `koanf:"ipv6-only,omitempty"`
}
BindFlags binds the flags.
type MeshOptions ¶
type MeshOptions struct {
// NodeID is the node ID.
NodeID string `koanf:"node-id,omitempty"`
// PrimaryEndpoint is the primary endpoint to advertise when joining.
// This can be empty to signal the node is not publicly reachable.
PrimaryEndpoint string `koanf:"primary-endpoint,omitempty"`
// ZoneAwarenessID is the zone awareness ID.
ZoneAwarenessID string `koanf:"zone-awareness-id,omitempty"`
// JoinAddress is the address of a node to join.
JoinAddress string `koanf:"join-address,omitempty"`
// MaxJoinRetries is the maximum number of join retries.
MaxJoinRetries int `koanf:"max-join-retries,omitempty"`
// Routes are additional routes to advertise to the mesh. These routes are advertised to all peers.
// If the node is not allowed to put routes in the mesh, the node will be unable to join.
Routes []string `koanf:"routes,omitempty"`
// DirectPeers are peers to request direct edges to. If the node is not allowed to create edges
// and data channels, the node will be unable to join.
DirectPeers []string `koanf:"direct-peers,omitempty"`
// GRPCAdvertisePort is the port to advertise for gRPC.
GRPCAdvertisePort int `koanf:"grpc-advertise-port,omitempty"`
// MeshDNSAdvertisePort is the port to advertise for DNS.
MeshDNSAdvertisePort int `koanf:"meshdns-advertise-port,omitempty"`
// UseMeshDNS indicates whether to set mesh DNS servers to the system configuration.
UseMeshDNS bool `koanf:"use-meshdns,omitempty"`
// DisableIPv4 disables IPv4 usage.
DisableIPv4 bool `koanf:"disable-ipv4,omitempty"`
// DisableIPv6 disables IPv6 usage.
DisableIPv6 bool `koanf:"disable-ipv6,omitempty"`
// DisableFeatureAdvertisement is true if feature advertisement should be disabled.
DisableFeatureAdvertisement bool `koanf:"disable-feature-advertisement,omitempty"`
}
MeshOptions are the options for participating in a mesh.
func (*MeshOptions) BindFlags ¶
func (o *MeshOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags to the options.
func (*MeshOptions) Validate ¶
func (o *MeshOptions) Validate() error
Validate validates the options.
type MetricsOptions ¶
type MetricsOptions struct {
// Enabled is true if metrics should be enabled.
Enabled bool `koanf:"enabled,omitempty"`
// MetricsListenAddress is the address to listen on for metrics.
ListenAddress string `koanf:"listen-address,omitempty"`
// MetricsPath is the path to serve metrics on.
Path string `koanf:"path,omitempty"`
}
Metrics are options for exposing metrics.
func (*MetricsOptions) BindFlags ¶
func (m *MetricsOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (*MetricsOptions) Validate ¶
func (m *MetricsOptions) Validate() error
Validate validates the options.
type PluginConfig ¶
type PluginConfig struct {
// Exec is the configuration for an executable plugin.
Exec ExecutablePluginConfig `koanf:"exec,omitempty"`
// Remote is the configuration for a plugin that connects to an external server.
Remote RemotePluginConfig `koanf:"remote,omitempty"`
// Config is the configuration that will be passed to the plugin's Configure method.
Config PluginMapConfig `koanf:"config,omitempty"`
}
PluginConfig is the configuration for a plugin.
type PluginMapConfig ¶
PluginMapConfig implements a pflag.Value and wraps a map[string]any.
func (PluginMapConfig) Set ¶
func (p PluginMapConfig) Set(s string) error
func (PluginMapConfig) String ¶
func (p PluginMapConfig) String() string
func (PluginMapConfig) Type ¶
func (p PluginMapConfig) Type() string
type PluginOptions ¶
type PluginOptions struct {
// Configs is a map of plugin names to plugin configurations.
Configs map[string]*PluginConfig `koanf:"configs"`
}
PluginOptions are options for configuring plugins
type RaftOptions ¶
type RaftOptions struct {
// ListenAddress is the address to listen on.
ListenAddress string `koanf:"listen-address,omitempty"`
// DataDir is the directory to store data in.
DataDir string `koanf:"data-dir,omitempty"`
// InMemory is if the store should be in memory. This should only be used for testing and ephemeral nodes.
InMemory bool `koanf:"in-memory,omitempty"`
// ConnectionPoolCount is the number of connections to pool. If 0, no connection pooling is used.
ConnectionPoolCount int `koanf:"connection-pool-count,omitempty"`
// ConnectionTimeout is the timeout for connections.
ConnectionTimeout time.Duration `koanf:"connection-timeout,omitempty"`
// HeartbeatTimeout is the timeout for heartbeats.
HeartbeatTimeout time.Duration `koanf:"heartbeat-timeout,omitempty"`
// ElectionTimeout is the timeout for elections.
ElectionTimeout time.Duration `koanf:"election-timeout,omitempty"`
// ApplyTimeout is the timeout for applying.
ApplyTimeout time.Duration `koanf:"apply-timeout,omitempty"`
// CommitTimeout is the timeout for committing.
CommitTimeout time.Duration `koanf:"commit-timeout,omitempty"`
// MaxAppendEntries is the maximum number of append entries.
MaxAppendEntries int `koanf:"max-append-entries,omitempty"`
// LeaderLeaseTimeout is the timeout for leader leases.
LeaderLeaseTimeout time.Duration `koanf:"leader-lease-timeout,omitempty"`
// SnapshotInterval is the interval to take snapshots.
SnapshotInterval time.Duration `koanf:"snapshot-interval,omitempty"`
// SnapshotThreshold is the threshold to take snapshots.
SnapshotThreshold uint64 `koanf:"snapshot-threshold,omitempty"`
// SnapshotRetention is the number of snapshots to retain.
SnapshotRetention uint64 `koanf:"snapshot-retention,omitempty"`
// ObserverChanBuffer is the buffer size for the observer channel.
ObserverChanBuffer int `koanf:"observer-chan-buffer,omitempty"`
// RequestVote is true if the node should request a vote in raft elections.
RequestVote bool `koanf:"request-vote,omitempty"`
// RequestObserver is true if the node should be a raft observer.
RequestObserver bool `koanf:"request-observer,omitempty"`
// PreferIPv6 is the prefer IPv6 flag.
PreferIPv6 bool `koanf:"prefer-ipv6,omitempty"`
// HeartbeatPurgeThreshold is the threshold of failed heartbeats before purging a peer.
HeartbeatPurgeThreshold int `koanf:"heartbeat-purge-threshold,omitempty"`
// LogLevel is the log level for the raft backend.
LogLevel string `koanf:"log-level,omitempty"`
}
RaftOptions are options for the raft backend.
func (*RaftOptions) BindFlags ¶
func (o *RaftOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags.
func (*RaftOptions) Validate ¶
func (o *RaftOptions) Validate() error
Validate validates the options.
type RemotePluginConfig ¶
type RemotePluginConfig struct {
// Server is the address of a server for the plugin.
Server string `koanf:"server,omitempty"`
// Insecure is whether to use an insecure connection to the plugin server.
Insecure bool `koanf:"insecure,omitempty"`
// TLSCAFile is the path to a CA for verifying certificates.
TLSCAFile string `koanf:"tls-ca-file,omitempty"`
// TLSCertFile is the path to a certificate for authenticating to the plugin server.
TLSCertFile string `koanf:"tls-cert-file,omitempty"`
// TLSKeyFile is the path to a key for authenticating to the plugin server.
TLSKeyFile string `koanf:"tls-key-file,omitempty"`
// TLSSkipVerify is whether to skip verifying the plugin server's certificate.
TLSSkipVerify bool `koanf:"tls-skip-verify,omitempty"`
}
RemotePluginConfig is the configuration for a plugin that connects to an external server.
type ServiceOptions ¶
type ServiceOptions struct {
// GRPCWebListenAddress is the gRPC address to listen on.
GRPCListenAddress string `koanf:"grpc-listen-address,omitempty"`
// GRPCWebEnabled enables serving gRPC over HTTP/1.1.
GRPCWebEnabled bool `koanf:"grpc-web-enabled,omitempty"`
// TLSCertFile is the path to the TLS certificate file.
TLSCertFile string `koanf:"tls-cert-file,omitempty"`
// TLSCertData is the TLS certificate data.
TLSCertData string `koanf:"tls-cert-data,omitempty"`
// TLSKeyFile is the path to the TLS key file.
TLSKeyFile string `koanf:"tls-key-file,omitempty"`
// TLSKeyData is the TLS key data.
TLSKeyData string `koanf:"tls-key-data,omitempty"`
// Insecure is true if the transport is insecure.
Insecure bool `koanf:"insecure,omitempty"`
// DisableLeaderProxy is true if the leader proxy should be disabled.
DisableLeaderProxy bool `koanf:"disable-leader-proxy,omitempty"`
// API options
API APIOptions `koanf:"api,omitempty"`
// MeshDNS options
MeshDNS MeshDNSOptions `koanf:"meshdns,omitempty"`
// TURN options
TURN TURNOptions `koanf:"turn,omitempty"`
// Metrics options
Metrics MetricsOptions `koanf:"metrics,omitempty"`
}
ServiceOptions contains the configuration for the mesh services.
func (*ServiceOptions) BindFlags ¶
func (s *ServiceOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (*ServiceOptions) Validate ¶
func (s *ServiceOptions) Validate() error
Validate validates the options.
type TLSOptions ¶
type TLSOptions struct {
// CAFile is the path to a TLS CA file for verification. If this and CAData are empty, the system CA pool is used.
CAFile string `koanf:"tls-ca-file,omitempty"`
// CAData is the base64 encoded TLS CA data for verification. If this and CAFile are empty, the system CA pool is used.
CAData string `koanf:"tls-ca-data,omitempty"`
// VerifyChainOnly is true if only the certificate chain should be verified.
VerifyChainOnly bool `koanf:"verify-chain-only,omitempty"`
// InsecureSkipVerify is true if the server TLS cert should not be verified.
InsecureSkipVerify bool `koanf:"insecure-skip-verify,omitempty"`
// Insecure is true if the gRPC connection should be insecure.
Insecure bool `koanf:"insecure,omitempty"`
}
TLSOptions are options for TLS communication when joining a mesh.
type TURNOptions ¶
type TURNOptions struct {
// Enabled enables the TURN server.
Enabled bool `koanf:"enabled,omitempty"`
// Endpoint is the endpoint to advertise for the TURN server. If empty, the public IP and listen port is used.
Endpoint string `koanf:"endpoint,omitempty"`
// PublicIP is the address advertised for STUN/TURN requests.
PublicIP string `koanf:"public-ip,omitempty"`
// ListenAddress is the address to listen on for STUN/TURN connections.
ListenAddress string `koanf:"listen-address,omitempty"`
// Realm is the realm used for TURN server authentication.
Realm string `koanf:"realm,omitempty"`
// TURNPortRange is the port range to use for allocating TURN relays.
TURNPortRange string `koanf:"port-range,omitempty"`
}
TURNOptions are the options for the TURN server.
func (*TURNOptions) BindFlags ¶
func (t *TURNOptions) BindFlags(prefix string, fl *pflag.FlagSet)
BindFlags binds the flags.
func (*TURNOptions) Validate ¶
func (t *TURNOptions) Validate() error
Validate values the TURN options.
type WireGuardOptions ¶
type WireGuardOptions struct {
// ListenPort is the port to listen on.
ListenPort int `koanf:"listen-port,omitempty"`
// InterfaceName is the name of the interface.
InterfaceName string `koanf:"interface-name,omitempty"`
// ForceInterfaceName forces the use of the given name by deleting
// any pre-existing interface with the same name.
ForceInterfaceName bool `koanf:"force-interface-name,omitempty"`
// ForceTUN forces the use of a TUN interface.
ForceTUN bool `koanf:"force-tun,omitempty"`
// Masquerade enables masquerading of traffic from the wireguard interface.
Masquerade bool `koanf:"masquerade,omitempty"`
// PersistentKeepAlive is the interval at which to send keepalive packets
// to peers. If unset, keepalive packets will automatically be sent to publicly
// accessible peers when this instance is behind a NAT. Otherwise, no keep-alive
// packets are sent.
PersistentKeepAlive time.Duration `koanf:"persistent-keepalive,omitempty"`
// MTU is the MTU to use for the interface.
MTU int `koanf:"mtu,omitempty"`
// Endpoints are additional WireGuard endpoints to broadcast when joining.
Endpoints []string `koanf:"endpoints,omitempty"`
// KeyFile is the path to the WireGuard private key. If it does not exist it will be created.
KeyFile string `koanf:"key-file,omitempty"`
// KeyRotationInterval is the interval to rotate wireguard keys.
// Set this to 0 to disable key rotation.
KeyRotationInterval time.Duration `koanf:"key-rotation-interval,omitempty"`
// RecordMetrics enables recording of WireGuard metrics. These are only exposed if the
// metrics server is enabled.
RecordMetrics bool `koanf:"record-metrics,omitempty"`
// RecordMetricsInterval is the interval at which to update WireGuard metrics.
RecordMetricsInterval time.Duration `koanf:"record-metrics-interval,omitempty"`
}
WireGuardOptions are options for configuring the WireGuard interface.
func (*WireGuardOptions) BindFlags ¶
func (o *WireGuardOptions) BindFlags(prefix string, fs *pflag.FlagSet)
BindFlags binds the flags.
func (*WireGuardOptions) Validate ¶
func (o *WireGuardOptions) Validate() error
Validate validates the options.
Source Files
Click to show internal directories.
Click to hide internal directories.