Documentation ¶
Overview ¶
Package resources holds simple functions for synthesizing child resources from an Ingress resource and any relevant Ingress controller configuration.
Index ¶
- Constants
- func CategorizeSecrets(secrets map[string]*corev1.Secret) (map[string]*corev1.Secret, map[string]*corev1.Secret, error)
- func ExtractOriginSecretRef(secret *corev1.Secret) tracker.Reference
- func GatewayName(accessor kmeta.Accessor, gatewaySvc *corev1.Service) string
- func GatewayRef(gw *v1beta1.Gateway) tracker.Reference
- func GenerateCertificate(hosts []string, secretName string, namespace string) (*corev1.Secret, error)
- func GetHTTPServer(gateway *v1beta1.Gateway) *istiov1beta1.Server
- func GetHostsFromCertSecret(secret *corev1.Secret) ([]string, error)
- func GetIngressGatewaySvcNameNamespaces(ctx context.Context) ([]metav1.ObjectMeta, error)
- func GetNonWildcardIngressTLS(ingressTLS []v1alpha1.IngressTLS, nonWildcardSecrest map[string]*corev1.Secret) []v1alpha1.IngressTLS
- func GetQualifiedGatewayNames(gateways []*v1beta1.Gateway) []string
- func GetSecrets(ing *v1alpha1.Ingress, secretLister corev1listers.SecretLister) (map[string]*corev1.Secret, error)
- func GetServers(gateway *v1beta1.Gateway, ing *v1alpha1.Ingress) []*istiov1beta1.Server
- func MakeHTTPServer(httpOption v1alpha1.HTTPOption, hosts []string) *istiov1beta1.Server
- func MakeIngressGateways(ctx context.Context, ing *v1alpha1.Ingress, servers []*istiov1beta1.Server, ...) ([]*v1beta1.Gateway, error)
- func MakeIngressTLSGateways(ctx context.Context, ing *v1alpha1.Ingress, ingressTLS []v1alpha1.IngressTLS, ...) ([]*v1beta1.Gateway, error)
- func MakeIngressVirtualService(ing *v1alpha1.Ingress, ...) *v1beta1.VirtualService
- func MakeInternalEncryptionDestinationRule(host string, ing *v1alpha1.Ingress, http2 bool) *v1beta1.DestinationRule
- func MakeMeshVirtualService(ing *v1alpha1.Ingress, ...) *v1beta1.VirtualService
- func MakeSecrets(ctx context.Context, originSecrets map[string]*corev1.Secret, ...) ([]*corev1.Secret, error)
- func MakeTLSServers(ing *v1alpha1.Ingress, ingressTLS []v1alpha1.IngressTLS, ...) ([]*istiov1beta1.Server, error)
- func MakeTargetSecretAnnotations(originSecretName string) map[string]string
- func MakeTargetSecretLabels(originSecretName, originSecretNamespace string) map[string]string
- func MakeVirtualServices(ing *v1alpha1.Ingress, ...) ([]*v1beta1.VirtualService, error)
- func MakeWildcardSecrets(ctx context.Context, originWildcardCerts map[string]*corev1.Secret) ([]*corev1.Secret, error)
- func MakeWildcardTLSGateways(ctx context.Context, originWildcardSecrets map[string]*corev1.Secret, ...) ([]*v1beta1.Gateway, error)
- func SecretRef(namespace, name string) tracker.Reference
- func SortServers(servers []*istiov1beta1.Server) []*istiov1beta1.Server
- func UpdateGateway(gateway *v1beta1.Gateway, want []*istiov1beta1.Server, ...) *v1beta1.Gateway
- func VirtualServiceNamespace(ing *v1alpha1.Ingress) string
- func WildcardGatewayName(secretName, gatewayServiceNamespace, gatewayServiceName string) string
Constants ¶
const ( // ServingGroupName is the group name for Knative serving labels // and annotations ServingGroupName = "serving.knative.dev" // RouteLabelKey is the label key attached to a Configuration // indicating by which Route it is configured as traffic target. // The key is also attached to Revision resources to indicate they // are directly referenced by a Route, or are a child of a // Configuration which is referenced by a Route. The key can also // be attached to Ingress resources to indicate which Route // triggered their creation. The key is also attached to k8s // Service resources to indicate which Route triggered their // creation. RouteLabelKey = ServingGroupName + "/route" // RouteNamespaceLabelKey is the label key attached to a Ingress // by a Route to indicate which namespace the Route was created in. RouteNamespaceLabelKey = ServingGroupName + "/routeNamespace" )
const (
GatewayHTTPPort = 80
)
GatewayHTTPPort is the HTTP port the gateways listen on.
Variables ¶
This section is empty.
Functions ¶
func CategorizeSecrets ¶ added in v0.15.0
func CategorizeSecrets(secrets map[string]*corev1.Secret) (map[string]*corev1.Secret, map[string]*corev1.Secret, error)
CategorizeSecrets categorizes secrets into two sets: wildcard cert secrets and non-wildcard cert secrets.
func ExtractOriginSecretRef ¶ added in v0.36.0
ExtractOriginSecretRef extracts the origin secret from a certificate
func GatewayName ¶
GatewayName create a name for the Gateway that is built based on the given Ingress and bonds to the given ingress gateway service.
func GatewayRef ¶ added in v0.16.0
GatewayRef returns the Reference for a give Gateway.
func GenerateCertificate ¶ added in v0.16.0
func GetHTTPServer ¶
func GetHTTPServer(gateway *v1beta1.Gateway) *istiov1beta1.Server
GetHTTPServer gets the HTTP `Server` from `Gateway`.
func GetHostsFromCertSecret ¶ added in v0.15.0
GetHostsFromCertSecret gets cert hosts from cert secret.
func GetIngressGatewaySvcNameNamespaces ¶
func GetIngressGatewaySvcNameNamespaces(ctx context.Context) ([]metav1.ObjectMeta, error)
GetIngressGatewaySvcNameNamespaces gets the Istio ingress namespaces from ConfigMap. TODO(nghia): Remove this by parsing at config parsing time.
func GetNonWildcardIngressTLS ¶ added in v0.16.0
func GetNonWildcardIngressTLS(ingressTLS []v1alpha1.IngressTLS, nonWildcardSecrest map[string]*corev1.Secret) []v1alpha1.IngressTLS
GetNonWildcardIngressTLS gets Ingress TLS that do not reference wildcard certificates.
func GetQualifiedGatewayNames ¶ added in v0.15.0
GetQualifiedGatewayNames return the qualified Gateway names for the given Gateways.
func GetSecrets ¶
func GetSecrets(ing *v1alpha1.Ingress, secretLister corev1listers.SecretLister) (map[string]*corev1.Secret, error)
GetSecrets gets the all of the secrets referenced by the given Ingress, and returns a map whose key is the a secret namespace/name key and value is pointer of the secret.
func GetServers ¶
GetServers gets the `Servers` from `Gateway` that belongs to the given Ingress.
func MakeHTTPServer ¶
func MakeHTTPServer(httpOption v1alpha1.HTTPOption, hosts []string) *istiov1beta1.Server
MakeHTTPServer creates a HTTP Gateway `Server` based on the HTTP option configuration.
func MakeIngressGateways ¶
func MakeIngressGateways(ctx context.Context, ing *v1alpha1.Ingress, servers []*istiov1beta1.Server, svcLister corev1listers.ServiceLister) ([]*v1beta1.Gateway, error)
MakeIngressGateways creates Gateways with given Servers for a given Ingress.
func MakeIngressTLSGateways ¶ added in v0.17.0
func MakeIngressTLSGateways(ctx context.Context, ing *v1alpha1.Ingress, ingressTLS []v1alpha1.IngressTLS, originSecrets map[string]*corev1.Secret, svcLister corev1listers.ServiceLister) ([]*v1beta1.Gateway, error)
MakeIngressTLSGateways creates Gateways that have only TLS servers for a given Ingress.
func MakeIngressVirtualService ¶
func MakeIngressVirtualService(ing *v1alpha1.Ingress, gateways map[v1alpha1.IngressVisibility]sets.Set[string]) *v1beta1.VirtualService
MakeIngressVirtualService creates Istio VirtualService as network programming for Istio Gateways other than 'mesh'.
func MakeInternalEncryptionDestinationRule ¶ added in v0.39.0
func MakeInternalEncryptionDestinationRule(host string, ing *v1alpha1.Ingress, http2 bool) *v1beta1.DestinationRule
MakeInternalEncryptionDestinationRule creates a DestinationRule that enables upstream TLS on for the specified host
func MakeMeshVirtualService ¶
func MakeMeshVirtualService(ing *v1alpha1.Ingress, gateways map[v1alpha1.IngressVisibility]sets.Set[string]) *v1beta1.VirtualService
MakeMeshVirtualService creates a mesh Virtual Service
func MakeSecrets ¶
func MakeSecrets(ctx context.Context, originSecrets map[string]*corev1.Secret, accessor kmeta.OwnerRefableAccessor) ([]*corev1.Secret, error)
MakeSecrets makes copies of the origin Secrets under the namespace of Istio gateway service.
func MakeTLSServers ¶
func MakeTLSServers(ing *v1alpha1.Ingress, ingressTLS []v1alpha1.IngressTLS, gatewayServiceNamespace string, originSecrets map[string]*corev1.Secret) ([]*istiov1beta1.Server, error)
MakeTLSServers creates the expected Gateway TLS `Servers` based on the given IngressTLS.
func MakeTargetSecretAnnotations ¶ added in v0.36.0
MakeTargetSecretAnnotations returns the annotations used in target secret.
func MakeTargetSecretLabels ¶
MakeTargetSecretLabels returns the labels used in target secret.
func MakeVirtualServices ¶
func MakeVirtualServices(ing *v1alpha1.Ingress, gateways map[v1alpha1.IngressVisibility]sets.Set[string]) ([]*v1beta1.VirtualService, error)
MakeVirtualServices creates a mesh VirtualService and a virtual service for each gateway
func MakeWildcardSecrets ¶ added in v0.15.0
func MakeWildcardSecrets(ctx context.Context, originWildcardCerts map[string]*corev1.Secret) ([]*corev1.Secret, error)
MakeWildcardSecrets copies wildcard certificates from origin namespace to the namespace of gateway servicess so they could consumed by Istio ingress.
func MakeWildcardTLSGateways ¶ added in v0.24.0
func MakeWildcardTLSGateways(ctx context.Context, originWildcardSecrets map[string]*corev1.Secret, svcLister corev1listers.ServiceLister) ([]*v1beta1.Gateway, error)
MakeWildcardTLSGateways creates gateways that only contain TLS server with wildcard hosts based on the wildcard secret information. For each public ingress service, we will create a list of Gateways. Each Gateway of the list corresponds to a wildcard cert secret.
func SecretRef ¶
SecretRef returns the Reference of a secret given the namespace and name of the secret.
func SortServers ¶
func SortServers(servers []*istiov1beta1.Server) []*istiov1beta1.Server
SortServers sorts `Server` according to its port name.
func UpdateGateway ¶
func UpdateGateway(gateway *v1beta1.Gateway, want []*istiov1beta1.Server, existing []*istiov1beta1.Server) *v1beta1.Gateway
UpdateGateway replaces the existing servers with the wanted servers.
func VirtualServiceNamespace ¶
VirtualServiceNamespace gives the namespace of the child VirtualServices for a given Ingress.
func WildcardGatewayName ¶ added in v0.15.0
WildcardGatewayName creates the name of wildcard Gateway.
Types ¶
This section is empty.