View Source
const (
	KubeapiSubsystemName           = "kubernetes-api"
	KubeapiClientCheckDescription  = "can initialize the client"
	KubeapiAccessCheckDescription  = "can query the Kubernetes API"
	KubeapiVersionCheckDescription = "is running the minimum Kubernetes API version"
View Source
const (
	Deployments            = "deployments"
	Namespaces             = "namespaces"
	Pods                   = "pods"
	ReplicationControllers = "replicationcontrollers"
	Services               = "services"
	All                    = "all"
	Authorities            = "authorities"
View Source
const (

	// ControllerComponentLabel identifies this object as a component of Conduit's
	// control plane (e.g. web, controller).
	ControllerComponentLabel = ""

	// ControllerNSLabel is injected into mesh-enabled apps, identifying the
	// namespace of the Conduit control plane.
	ControllerNSLabel = ""

	// ProxyDeploymentLabel is injected into mesh-enabled apps, identifying the
	// deployment that this proxy belongs to.
	ProxyDeploymentLabel = ""

	// ProxyReplicationControllerLabel is injected into mesh-enabled apps,
	// identifying the ReplicationController that this proxy belongs to.
	ProxyReplicationControllerLabel = ""

	// ProxyReplicaSetLabel is injected into mesh-enabled apps, identifying the
	// ReplicaSet that this proxy belongs to.
	ProxyReplicaSetLabel = ""

	// ProxyJobLabel is injected into mesh-enabled apps, identifying the Job that
	// this proxy belongs to.
	ProxyJobLabel = ""

	// ProxyDaemonSetLabel is injected into mesh-enabled apps, identifying the
	// DaemonSet that this proxy belongs to.
	ProxyDaemonSetLabel = ""

	// ProxyStatefulSetLabel is injected into mesh-enabled apps, identifying the
	// StatefulSet that this proxy belongs to.
	ProxyStatefulSetLabel = ""

	// CreatedByAnnotation indicates the source of the injected data plane
	// (e.g. conduit/cli v0.1.3).
	CreatedByAnnotation = ""

	// ProxyVersionAnnotation indicates the version of the injected data plane
	// (e.g. v0.1.3).
	ProxyVersionAnnotation = ""

	// TLSTrustAnchorConfigMapName is the name of the ConfigMap that holds the
	// trust anchors (trusted root certificates).
	TLSTrustAnchorConfigMapName = "conduit-ca-bundle"

	// TLSTrustAnchorFileName is the name (key) within the trust anchor ConfigMap
	// that contains the actual trust anchor bundle.
	TLSTrustAnchorFileName = "trust-anchors.pem"

	TLSCertFileName       = "certificate.crt"
	TLSPrivateKeyFileName = "private-key.p8"


View Source
var ResourceTypesToProxyLabels = map[string]string{
	Deployments:            "deployment",
	Namespaces:             "namespace",
	Pods:                   "pod",
	ReplicationControllers: "replication_controller",
	Services:               "service",
	Authorities:            "authority",

    ResourceTypesToProxyLabels maps resource type names to keys understood by the proxy, specifically Destination and Prometheus labels.

      resources to query in StatSummary when Resource.Type is "all"


      func CanonicalResourceNameFromFriendlyName

      func CanonicalResourceNameFromFriendlyName(friendlyName string) (string, error)

        CanonicalResourceNameFromFriendlyName returns a canonical name from common shorthands used in command line tools. This works based on This also works for non-k8s resources, e.g. authorities

        func CreatedByAnnotationValue

        func CreatedByAnnotationValue() string

          CreatedByAnnotationValue returns the value associated with CreatedByAnnotation.

          func GetControllerNs

          func GetControllerNs(objectMeta meta.ObjectMeta) string

          func GetOwnerLabels

          func GetOwnerLabels(objectMeta meta.ObjectMeta) map[string]string

            GetOwnerLabels returns the set of prometheus owner labels that can be extracted from the proxy labels that have been added to an injected kubernetes resource

            func ShortNameFromCanonicalResourceName

            func ShortNameFromCanonicalResourceName(canonicalName string) string

              Return a the shortest name for a k8s canonical name. Essentially the reverse of CanonicalResourceNameFromFriendlyName


              type KubernetesApi

              type KubernetesApi interface {
              	UrlFor(namespace string, extraPathStartingWithSlash string) (*url.URL, error)
              	NewClient() (*http.Client, error)

              func NewAPI

              func NewAPI(configPath string) (KubernetesApi, error)

                NewAPI returns a new KubernetesApi interface

                type KubernetesProxy

                type KubernetesProxy struct {
                	// contains filtered or unexported fields

                func NewProxy

                func NewProxy(configPath string, proxyPort int) (*KubernetesProxy, error)

                  NewProxy returns a new KubernetesProxy object and starts listening on a network address.

                  func (*KubernetesProxy) Run

                  func (kp *KubernetesProxy) Run() error

                    Run starts proxying a connection to Kubernetes, and blocks until the process exits.

                    func (*KubernetesProxy) URLFor

                    func (kp *KubernetesProxy) URLFor(namespace string, extraPathStartingWithSlash string) (*url.URL, error)

                      URLFor generates a URL based on the configured KubernetesProxy.

                      type MockKubeApi

                      type MockKubeApi struct {
                      	SelfCheckResultsToReturn              []*healthcheckPb.CheckResult
                      	UrlForNamespaceReceived               string
                      	UrlExtraPathStartingWithSlashReceived string
                      	UrlForUrlToReturn                     *url.URL
                      	NewClientClientToReturn               *http.Client
                      	ErrorToReturn                         error

                      func (*MockKubeApi) NewClient

                      func (m *MockKubeApi) NewClient() (*http.Client, error)

                      func (*MockKubeApi) SelfCheck

                      func (m *MockKubeApi) SelfCheck() []*healthcheckPb.CheckResult

                      func (*MockKubeApi) UrlFor

                      func (m *MockKubeApi) UrlFor(namespace string, extraPathStartingWithSlash string) (*url.URL, error)

                      type TLSIdentity

                      type TLSIdentity struct {
                      	// Name is the name of the pod owner.
                      	Name string
                      	// Kind is the singular, lowercased Kubernetes resource type of the pod owner
                      	// (deployment, daemonset, job, replicationcontroller, etc.).
                      	Kind string
                      	// Namespace is the pod's namespace. Kubernetes requires that pods and
                      	// pod owners be in the same namespace.
                      	Namespace string
                      	// ControllerNamespace is the namespace of the controller for the pod.
                      	ControllerNamespace string

                        TLSIdentity is the identity of a pod owner (Deployment, Pod, ReplicationController, etc.).

                        func (TLSIdentity) ToControllerIdentity

                        func (i TLSIdentity) ToControllerIdentity() TLSIdentity

                        func (TLSIdentity) ToDNSName

                        func (i TLSIdentity) ToDNSName() string

                        func (TLSIdentity) ToSecretName

                        func (i TLSIdentity) ToSecretName() string