Documentation ¶
Index ¶
- func IsInvalidProblem(err error) bool
- func IsNotFoundProblem(err error) bool
- func IsPermissionProblem(err error) bool
- type Controller
- func (hc *Controller) AddOrUpdateOffloader(key string, addrs []OffldAddr, secrName string) update.Status
- func (hc *Controller) AddOrUpdateTLSSecret(svcKey string, secret SecretSpec) update.Status
- func (hc *Controller) DeleteDataplaneSecret(name string)
- func (hc *Controller) DeleteOffldSvc(svcKey string) update.Status
- func (hc *Controller) DeleteTLSSecret(svcKey string, secret SecretSpec) update.Status
- func (hc *Controller) HasOffloader(svcKey string) bool
- func (hc *Controller) Quit()
- func (hc *Controller) SetDataplaneSecret(key string, secret []byte)
- func (hc *Controller) SetOffldSecret(svcKey, secretKey string)
- func (hc *Controller) Start()
- func (hc *Controller) Update(svcKey string, addrs []OffldAddr, spec Spec) update.Status
- type CrtDnldrClient
- type DataplaneClient
- func (client *DataplaneClient) AddOffldr(tx *models.Transaction) error
- func (client *DataplaneClient) AddOnldr(tx *models.Transaction, onldSpec *OnloadSpec) error
- func (client *DataplaneClient) DeleteOffldr(tx *models.Transaction) error
- func (client *DataplaneClient) DeleteOnldr(tx *models.Transaction) error
- func (client *DataplaneClient) DeleteTx(tx *models.Transaction) error
- func (client *DataplaneClient) FinishTx(tx *models.Transaction) (ReloadState, error)
- func (client *DataplaneClient) LoaderStatus() (offLoaded, onLoaded bool, version int, err error)
- func (client *DataplaneClient) Reloaded(id string) (bool, ReloadState, error)
- func (client *DataplaneClient) StartTx(version int64) (tx *models.Transaction, err error)
- func (client *DataplaneClient) UpdateDefaults(tx *models.Transaction, spec *DefaultsSpec) error
- func (client *DataplaneClient) UpdateOffldr(tx *models.Transaction) error
- func (client *DataplaneClient) UpdateOnldr(tx *models.Transaction, onldSpec *OnloadSpec) error
- type DataplaneError
- type DefaultTimeoutsSpec
- type DefaultsSpec
- type OffldAddr
- type OffldrError
- type OffldrErrors
- type OnloadSpec
- type Problem
- type ReloadState
- type ReloadStatus
- type SecretSpec
- type Spec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsInvalidProblem ¶
IsInvalidProblem returns true iff err is of type *Problem, and represents an error response from the k8s-crt-dnldr REST API that a TLS Secret is invalid -- one of the required fields "tls.crt" or "tls.key" is missing, or its value is empty.
func IsNotFoundProblem ¶
IsNotFoundProblem returns true iff err is of type *Problem, and represents a Not Found error from the k8s-crt-dnldr REST API.
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller (or haproxy controller) remotely administers a haproxy container to configure TLS offload for Ingress. For the most part, this is done with the dataplane API -- see the documentaion of DataplaneClient, and the links shown there.
func NewOffloaderController ¶
func NewOffloaderController( log *logrus.Logger, monIntvl time.Duration) *Controller
NewOffloaderController returns a controller to remotely administer a haproxy container for Ingress TLS offload, logging its work with the given logger.
XXX monIntvl is meant to be the interval for a monitor loop, analogous to the monitor for Varnish instances; currently not implemented.
func (*Controller) AddOrUpdateOffloader ¶
func (hc *Controller) AddOrUpdateOffloader( key string, addrs []OffldAddr, secrName string, ) update.Status
AddOrUpdateOffloader sets the configuration for the offloader designated by key, using the given addresses for remote admin, and the Secret designated by secrName as the password for Basic Auth in requests to the dataplane API.
func (*Controller) AddOrUpdateTLSSecret ¶
func (hc *Controller) AddOrUpdateTLSSecret( svcKey string, secret SecretSpec, ) update.Status
AddOrUpdateTLSSecret sends requests to instances of svcKey, instructing them to write certificate files for the specified TLS Secret.
If the operation is successful, the instances will use the certificate after the next reload.
func (*Controller) DeleteDataplaneSecret ¶
func (hc *Controller) DeleteDataplaneSecret(name string)
DeleteDataplaneSecret removes the Secret designated by name.
func (*Controller) DeleteOffldSvc ¶
func (hc *Controller) DeleteOffldSvc(svcKey string) update.Status
DeleteOffldSvc removes the TLS offloader service designated by svcKey -- the haproxy configuration is deleted, and the specification is removed from the controller's configuration.
func (*Controller) DeleteTLSSecret ¶
func (hc *Controller) DeleteTLSSecret( svcKey string, secret SecretSpec, ) update.Status
DeleteTLSSecret sends requests to instances of svcKey, instructing them to delete certificate files for the specified TLS Secret.
If the operation is successful, the instances will no longer use the certificate after the next reload.
func (*Controller) HasOffloader ¶
func (hc *Controller) HasOffloader(svcKey string) bool
HasOffloader returns true iff the controller has configured the TLS offloader designated by svcKey.
func (*Controller) SetDataplaneSecret ¶
func (hc *Controller) SetDataplaneSecret(key string, secret []byte)
SetDataplaneSecret stores the secret to be used as the Basic Auth password used in requests to a dataplane API, under the name given in key (from the namespace/name of a k8s Secret).
func (*Controller) SetOffldSecret ¶
func (hc *Controller) SetOffldSecret(svcKey, secretKey string)
SetOffldSecret specifies secretKey as the name of the Secret to be used to authorize use of the dataplane API for the TLS offloader designated by SetOffldSecret. SetDataplaneSecret(), in turns, sets the secret contents for secretKey.
func (*Controller) Start ¶
func (hc *Controller) Start()
Start initiates a haproxy controller.
XXX currently little more than a no-op, will start the monitor
type CrtDnldrClient ¶
type CrtDnldrClient struct {
// contains filtered or unexported fields
}
CrtDnldrClient sends requests to the REST API of a k8s-crt-dnldr app, to instruct it to write or delete PEM files corresponding to TLS Secrets. This determines the certificates available to haproxy at configuration reload.
See: https://code.uplex.de/k8s/k8s-crt-dnldr
func NewCrtDnldrClient ¶
func NewCrtDnldrClient(host string) *CrtDnldrClient
NewCrtDnldrClient returns a client for the REST API listening at host for a k8s-crt-dnldr app.
host may have the form "addr" or "addr:port", where addr may be a host name or IP address.
func (*CrtDnldrClient) Delete ¶
func (client *CrtDnldrClient) Delete(spec SecretSpec) error
Delete sends a DELETE request to the REST API of the k8s-crt-dnldr app, instructing it to delete the certificate file for the specified TLS Secret.
If the response has Content-Type application/problem+json, then the return value is an instance of *Problem.
func (*CrtDnldrClient) Put ¶
func (client *CrtDnldrClient) Put(spec SecretSpec) error
Put sends a PUT request to the REST API of the k8s-crt-dnldr app, instructing it to write the certificate file for the specified TLS Secret.
If the response has Content-Type application/problem+json, then the return value is an instance of *Problem.
type DataplaneClient ¶
type DataplaneClient struct {
// contains filtered or unexported fields
}
DataplaneClient executes remote administration of a haproxy server using the dataplane API, which runs as a child process in the haproxy container.
https://www.haproxy.com/documentation/hapee/1-9r1/configuration/dataplaneapi/ https://www.haproxy.com/documentation/dataplaneapi/latest/
func NewDataplaneClient ¶
func NewDataplaneClient( host, pass string, log *logrus.Logger, ) *DataplaneClient
NewDataplaneClient returns a client for the dataplane API server listening at host, using the Basic Auth password pass.
host may have the form "addr" or "addr:port", where addr may be a host name or IP address.
func (*DataplaneClient) AddOffldr ¶
func (client *DataplaneClient) AddOffldr(tx *models.Transaction) error
AddOffldr adds the offloader configuration for haproxy, in the dataplane transaction tx.
AddOffldr MUST be used if the offloader was not configured previously since the haproxy container was started, or after deletion.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) AddOnldr ¶
func (client *DataplaneClient) AddOnldr( tx *models.Transaction, onldSpec *OnloadSpec, ) error
AddOnldr adds the onloader configuration for haproxy, in the dataplane transaction tx. instances specifies the number of servers in the haproxy backend.
AddOnldr MUST be used if the onloader was not configured previously since the haproxy container was started, or after deletion.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) DeleteOffldr ¶
func (client *DataplaneClient) DeleteOffldr(tx *models.Transaction) error
DeleteOffldr removes the haproxy offloader configuration, in the dataplane transaction tx.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) DeleteOnldr ¶
func (client *DataplaneClient) DeleteOnldr(tx *models.Transaction) error
DeleteOnldr removes the haproxy onloader configuration, in the dataplane transaction tx.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) DeleteTx ¶
func (client *DataplaneClient) DeleteTx(tx *models.Transaction) error
DeleteTx removes the dataplane transaction tx. This should be called after a successful invocation of FinishTx(tx).
A non-nil error return may wrap a DataplaneError.
XXX currently a no-op.
func (*DataplaneClient) FinishTx ¶
func (client *DataplaneClient) FinishTx( tx *models.Transaction) (ReloadState, error)
FinishTx completes the dataplane transaction tx. If successful, a haproxy configuration reload may be initiated.
The DataplaneClient does not use the force-reload parameter. This means that dataplane does not reload the configuration synchronously, so as to avoid thrashing re-configuration. Reloads of pending transactions are performed at intervals (usually a few seconds).
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) LoaderStatus ¶
func (client *DataplaneClient) LoaderStatus() ( offLoaded, onLoaded bool, version int, err error)
LoaderStatus returns booleans for whether the off- and onloader sites have been loaded by the dataplane API, and returns the current configuration version.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) Reloaded ¶
func (client *DataplaneClient) Reloaded(id string) (bool, ReloadState, error)
Reloaded returns true if the reload identified by id has been successfully complete, with details about the reload state.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) StartTx ¶
func (client *DataplaneClient) StartTx( version int64) (tx *models.Transaction, err error)
StartTx initiates a dataplane transaction (a POST to the endpoint /services/haproxy/transactions) based on the given configuration version.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) UpdateDefaults ¶
func (client *DataplaneClient) UpdateDefaults( tx *models.Transaction, spec *DefaultsSpec, ) error
UpdateDefaults modifies default haproxy configuration (valid for both off- and onload).
func (*DataplaneClient) UpdateOffldr ¶
func (client *DataplaneClient) UpdateOffldr(tx *models.Transaction) error
UpdateOffldr modifies the offloader configuration for haproxy, in the dataplane transaction tx.
UpdateOffldr MUST be used if the offloader was previously added with AddOffldr, and not removed with DeleteOffldr.
A non-nil error return may wrap a DataplaneError.
func (*DataplaneClient) UpdateOnldr ¶
func (client *DataplaneClient) UpdateOnldr( tx *models.Transaction, onldSpec *OnloadSpec, ) error
UpdateOnldr modifies the onloader configuration for haproxy, in the dataplane transaction tx. instances specifies the number of servers in the haproxy backend.
UpdateOnldr MUST be used if the onloader was previously added with AddOnldr, and not removed with DeleteOnldr.
A non-nil error return may wrap a DataplaneError.
type DataplaneError ¶
type DataplaneError struct { // Err encapsulates the dataplane API's error object. Err *models.Error // Status is the HTTP response code. Status int // Version is the configuration-version returned in the response. Version int }
DataplaneError represents an error response from the dataplane API. Satisifies the error interface.
func (*DataplaneError) Error ¶
func (err *DataplaneError) Error() string
type DefaultTimeoutsSpec ¶
DefaultTimeoutsSpec specifies haproxy global default timeouts.
type DefaultsSpec ¶
type DefaultsSpec struct {
Timeouts DefaultTimeoutsSpec
}
DefaultsSpec specifies haproxy global default configuration.
type OffldAddr ¶
type OffldAddr struct { PodNamespace string PodName string IP string DataplanePort int32 CrtDnldrPort int32 }
OffldAddr encapsulate the networking information for remote administration of a TLS offloader for Ingress, implemented by haproxy.
Includes the namespace and name of the Pod in which haproxy runs, and the addresses of the dataplane and k8s-crt-dnldr REST APIs.
type OffldrError ¶
type OffldrError struct {
// contains filtered or unexported fields
}
OffldrError encapsulates an error in the interaction of the haproxy controller with a haproxy container.
func (OffldrError) Error ¶
func (offldrErr OffldrError) Error() string
type OffldrErrors ¶
type OffldrErrors []OffldrError
OffldrErrors encapsulates a group of errors in the interaction with a haproxy container. Most of the controllers actions apply to all of the replicas in a Pod, and the controller does not stop at the first error. So any errors encountered along the way, are collected and returned by this type. This makes it possible for an action to succeed for some of the replicas. If an action had no error, usually nil is returned for the error value (rather than an empty slice).
This type satisfies the error interface.
func (OffldrErrors) Error ¶
func (offldrErrs OffldrErrors) Error() string
type OnloadSpec ¶
OnloadSpec specifies the configuration of TLS onload for haproxy. The haproxy configuration specifically works together with the via feature of the klarlack implementation of Varnish. See: https://github.com/varnishcache/varnish-cache/pull/3128
type Problem ¶
type Problem struct { Type string `json:"type"` Title string `json:"title"` Status int `json:"status"` Detail string `json:"detail"` Instance string `json:"instance"` }
Problem Details object per RFC7807
type ReloadState ¶
type ReloadState struct { // ID is generated by the dataplane API (usually a UUID)- ID string // Response is the dataplane API's text message about the reload. Response string // Timestamp is set by the dataplane API. Timestamp time.Time // Status of the dataplane reload. Status ReloadStatus }
ReloadState encapsulates the dataplane API's reload object.
type ReloadStatus ¶
type ReloadStatus uint8
ReloadStatus classifies the current state of a dataplane reload.
const ( // Unknown dataplane reload status. Unknown ReloadStatus = iota // Failed dataplane reload. Failed // InProgress dataplane reload. InProgress // Succeeded dataplane reload. Succeeded )
func (ReloadStatus) String ¶
func (status ReloadStatus) String() string
type SecretSpec ¶
SecretSpec specifies an Ingress TLS Secret for the purposes of the haproxy controller. It suffices to identify the *exact* k8s configuration of the Secret, including UID and ResourceVersion.
func (SecretSpec) String ¶
func (spec SecretSpec) String() string
type Spec ¶
type Spec struct { Namespace string Name string Secrets []SecretSpec Onload *OnloadSpec Defaults *DefaultsSpec }
Spec specifies the configuration of TLS offload for haproxy. It includes the namespace and name of the Varnish admin Service (the headless k8s Service specifying ports for remote administration), and a list of specs for Ingress TLS Secrets.