controller

package

v0.0.0-...-560ddb5 Latest Latest Go to latest Published: Apr 14, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/acorn-io/acorn-linkerd-plugin

Links

Open Source Insights

Documentation ¶

Index ¶

func AddAnnotations(req router.Request, resp router.Response) error
func AddLinkerdServer(req router.Request, resp router.Response) error
func RegisterRoutes(router *router.Router, client kubernetes.Interface, ...) error
func Start(ctx context.Context, opt Options) error
type Handler
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddAnnotations ¶

func AddAnnotations(req router.Request, resp router.Response) error

AddAnnotations adds linkerd annotations to all acorn projects so that it can propagate into app namespaces

func AddLinkerdServer ¶

func AddLinkerdServer(req router.Request, resp router.Response) error

AddLinkerdServer adds linkerd server CRD to each acorn apps. This will create a policy to disallow apps from talking to each other unless a specific AuthorizationPolicy is defined.

func RegisterRoutes ¶

func RegisterRoutes(router *router.Router, client kubernetes.Interface, debugImage, clusterDomain, ingressEndpointName, ingressEndpointNamespace string) error

func Start ¶

func Start(ctx context.Context, opt Options) error

Types ¶

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

func (Handler) AddAuthorizationPolicy ¶

func (h Handler) AddAuthorizationPolicy(req router.Request, resp router.Response) error

AddAuthorizationPolicy makes sure within each acorn project, apps can talk to each other. It does the following: 1. Programs MeshTLSAuthentication for each app namespaces to represent all the service account identities in the same project 2. For each server, create an AuthorizationPolicy per project to allow network access.

func (Handler) ConfigureNetworkAuthorizationForIngress ¶

func (h Handler) ConfigureNetworkAuthorizationForIngress(req router.Request, resp router.Response) error

ConfigureNetworkAuthorizationForIngress configures the authorization policy so that Ingress pod is able to reach acorn apps. This should normally be done through service account identity but not sure why it is not working. TODO: need to figure out how service account works when ingress mode is enabled

func (Handler) ConfigureNetworkPolicyForBuildServer ¶

func (h Handler) ConfigureNetworkPolicyForBuildServer(req router.Request, resp router.Response) error

ConfigureNetworkPolicyForBuildServer configures network policy for buildkit servers so that they can't talk to each other

func (Handler) KillLinkerdSidecar ¶

func (h Handler) KillLinkerdSidecar(req router.Request, resp router.Response) error

KillLinkerdSidecar finds all the pods that belongs to acorn jobs but stuck at completing because of linkerd sidecar. It launches ephemeral container to kill sidecar

type Options ¶

type Options struct {
	K8s kubernetes.Interface

	DebugImage    string
	ClusterDomain string

	IngressEndpointName      string
	IngressEndpointNamespace string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL