entrypoint

package
v3.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2023 License: Apache-2.0 Imports: 51 Imported by: 1

Documentation

Index

Constants

View Source 
const ExternalSnapshotPort = 8005

take the next port in the range of ambassador ports.

Variables

This section is empty.

Functions

func ConfigIsPresent 

func ConfigIsPresent(ctx context.Context, configDir string) bool

ConfigIsPresent checks to see if any configuration is actually present in the given configdir.

func ForceEndpoints 

func ForceEndpoints() bool

ForceEndpoints reflects AMBASSADOR_FORCE_ENDPOINTS, to determine whether we're forcing endpoint watching or (the default) not.

func GetAgentService 

func GetAgentService() string

func GetAmbID 

func GetAmbID(ctx context.Context, resource kates.Object) amb.AmbassadorID

GetAmbID extracts the AmbassadorID from the kubernetes resource.

func GetAmbassadorConfigBaseDir 

func GetAmbassadorConfigBaseDir() string

func GetAmbassadorDebug 

func GetAmbassadorDebug() string

func GetAmbassadorFieldSelector 

func GetAmbassadorFieldSelector() string

func GetAmbassadorID 

func GetAmbassadorID() string

func GetAmbassadorLabelSelector 

func GetAmbassadorLabelSelector() string

func GetAmbassadorNamespace 

func GetAmbassadorNamespace() string

func GetAmbassadorRoot 

func GetAmbassadorRoot() string

func GetAppDir 

func GetAppDir() string

func GetCloudConnectTokenResourceName 

func GetCloudConnectTokenResourceName() string

func GetCloudConnectTokenResourceNamespace 

func GetCloudConnectTokenResourceNamespace() string

func GetClusterID 

func GetClusterID(ctx context.Context) (clusterID string)

func GetDiagdArgs 

func GetDiagdArgs(ctx context.Context) []string

func GetDiagdBindAddress 

func GetDiagdBindAddress() string

func GetDiagdBindPort 

func GetDiagdBindPort() string

func GetDiagdFlags 

func GetDiagdFlags(ctx context.Context) []string

func GetEnvoyBaseID 

func GetEnvoyBaseID() string

func GetEnvoyBootstrapFile 

func GetEnvoyBootstrapFile() string

func GetEnvoyConcurrency 

func GetEnvoyConcurrency() string

func GetEnvoyConfigFile 

func GetEnvoyConfigFile() string

func GetEnvoyDir 

func GetEnvoyDir() string

func GetEnvoyFlags 

func GetEnvoyFlags() []string

func GetEventHost 

func GetEventHost() string

func GetEventPath 

func GetEventPath() string

func GetEventUrl 

func GetEventUrl() string

func GetHomeDir 

func GetHomeDir() string

func GetInterestingTypes 

func GetInterestingTypes(ctx context.Context, serverTypeList []kates.APIResource) map[string]thingToWatch

GetInterestingTypes takes a list of available server types, and returns the types we think are interesting to watch.

func GetLicenseSecretName 

func GetLicenseSecretName() string

func GetLicenseSecretNamespace 

func GetLicenseSecretNamespace() string

func GetQueries 

func GetQueries(ctx context.Context, interestingTypes map[string]thingToWatch) []kates.Query

GetQueries takes a set of interesting types, and returns a set of kates.Query to watch for them.

func GetSidecarHost 

func GetSidecarHost() string

func GetSidecarPath 

func GetSidecarPath() string

func GetSidecarUrl 

func GetSidecarUrl() string

func GetSnapshotDir 

func GetSnapshotDir() string

func IsAmbassadorSingleNamespace 

func IsAmbassadorSingleNamespace() bool

func IsDiagdOnly 

func IsDiagdOnly() bool

func IsEdgeStack 

func IsEdgeStack() (bool, error)

func IsEnvoyAvailable 

func IsEnvoyAvailable() bool

func IsKnativeEnabled 

func IsKnativeEnabled() bool

func IsLocalhost8500 

func IsLocalhost8500(svcStr string) bool

Checks if the provided string is a loopback IP address with port 8500

func Main 

func Main(ctx context.Context, Version string, args ...string) error

func NewKubernetesSnapshot 

func NewKubernetesSnapshot() *snapshotTypes.KubernetesSnapshot

NewKubernetesSnapshot creates a new, empty set of Ambassador inputs.

func ReconcileAuthServices 

func ReconcileAuthServices(ctx context.Context, sh *SnapshotHolder, deltas *[]*kates.Delta) error

This is a gross hack to remove all AuthServices using protocol_version: v2 only when running Edge-Stack and then inject an AuthService with protocol_version: v3 if needed. The purpose of this hack is to prevent Edge-Stack 2.3 from using any other AuthService than the default one running as part of amb-sidecar and force the protocol version to v3.

func ReconcileConsul 

func ReconcileConsul(ctx context.Context, consulWatcher *consulWatcher, s *snapshotTypes.KubernetesSnapshot) error

func ReconcileRateLimit added in v3.1.0 

func ReconcileRateLimit(ctx context.Context, sh *SnapshotHolder, deltas *[]*kates.Delta) error

ReconcileRateLimit is a hack to remove all RateLimitService using protocol_version: v2 only when running Edge-Stack and then inject an RateLimitService with protocol_version: v3 if needed. The purpose of this hack is to prevent Edge-Stack 2.3 from using any other RateLimitService than the default one running as part of amb-sidecar and force the protocol version to v3.

func ReconcileSecrets 

func ReconcileSecrets(ctx context.Context, sh *SnapshotHolder) error

ReconcileSecrets figures out which secrets we're actually using, since we don't want to send secrets to Ambassador unless we're using them, since any secret we send will be saved to disk.

func WatchAllTheThings 

func WatchAllTheThings(
	ctx context.Context,
	ambwatch *acp.AmbassadorWatcher,
	encoded *atomic.Value,
	fastpathCh chan<- *ambex.FastpathSnapshot,
	clusterID string,
	version string,
) error

Types

type FSWErrorHandler 

type FSWErrorHandler func(ctx context.Context, err error)

FSWErrorHandler is a handler function for an error.

type FSWEvent 

type FSWEvent struct {
	// Path is the fully-qualified path of the file that changed.
	Path string
	// Op is the operation for this event.
	Op FSWOp
	// Bootstrap is true IFF this is a synthesized event noting
	// that a file existed at the moment we started watching a
	// directory.
	Bootstrap bool
	// Time is when this event happened
	Time time.Time
}

FSWEvent represents a single interesting event.

func (FSWEvent) String 

func (event FSWEvent) String() string

String returns a string representation of an FSEvent.

type FSWEventHandler 

type FSWEventHandler func(ctx context.Context, event FSWEvent)

FSWEventHandler is a handler function for an interesting event.

type FSWOp 

type FSWOp string

FSWOp specifies the operation for an event. 

const (
	// FSWUpdate is an update operation
	FSWUpdate FSWOp = "update"

	// FSWDelete is a delete operation
	FSWDelete FSWOp = "delete"
)

type FSWatcher 

type FSWatcher struct {
	FSW *fsnotify.Watcher
	// contains filtered or unexported fields
}

FSWatcher is a thing that can watch the filesystem for us, and call handler functions when things change.

The core of an FSWatcher is fsnotify/fsnotify, but we wrap some state around it.

First, fsnotify tries to mark the operation associated with a change -- however, these are not always accurate, since the filesystem tries to coalesce events that are close in time. Therefore FSWatcher doesn't actually look at the operation: everything is just "a change happened".

This causes one interesting problem: given a touch of temporal separation between Create and Write, we may decide to trigger a reconfigure on the Create, before the data have been written. To mitigate against that, we'll wait up to half a second after an event to see if any other events will be happening (with the idea that if you've come within half a second of your cert expiring before renewing it, uh, yeah, maybe you _will_ have some transient errors).

Second, when we start watching a directory, we make sure that "update" events get posted for every file in the directory. These are marked as "bootstrap" events.

Finally, rather than posting things to channels, we call a handler function whenever anything interesting happens, where "interesting" is one of the events above, or an error.

func NewFSWatcher 

func NewFSWatcher(ctx context.Context) (*FSWatcher, error)

NewFSWatcher instantiates an FSWatcher. At instantiation time, no directories are being watched.

func (*FSWatcher) Run 

func (fsw *FSWatcher) Run(ctx context.Context)

Watch for events, and handle them.

func (*FSWatcher) SetErrorHandler 

func (fsw *FSWatcher) SetErrorHandler(handler FSWErrorHandler)

SetErrorHandler sets the function that will be used to respond to errors.

func (*FSWatcher) WatchDir 

func (fsw *FSWatcher) WatchDir(ctx context.Context, dir string, handler FSWEventHandler) error

WatchDir starts watching a directory, using a specific handler function. You'll need to separately call WatchDir for subdirectories if you want recursive watches.

type FastpathProcessor 

type FastpathProcessor func(context.Context, *ambex.FastpathSnapshot)

type IstioCert 

type IstioCert struct {
	// contains filtered or unexported fields
}

IstioCert holds all the state we need to manage an Istio certificate.

func NewIstioCert 

func NewIstioCert(dir string, name string, namespace string, updateChannel chan IstioCertUpdate) *IstioCert

NewIstioCert instantiates an IstioCert to manage a certificate that Istio will write into directory "dir", should have the given "name" and appear to live in K8s namespace "namespace", and will have updates posted to "updateChannel" whenever the cert changes.

What's with this namespace business? Well, Ambassador may be running in single-namespace mode, so causing our cert to appear to be in the same namespace as Ambassador will just be less confusing for everyone.

XXX Nomenclature is a little odd here. Istio is writing a _certificate_, but we're supplying it to the rest of Ambassador as a thing that looks like a Kubernetes TLS _Secret_ -- so we call this class an IstioCert, but the thing it's posting to the updateChannel includes a kates.Secret. Names are hard.

func (*IstioCert) HandleEvent 

func (icert *IstioCert) HandleEvent(ctx context.Context, name string, deleted bool)

HandleEvent tells an IstioCert to update its internal state because a file in its directory has been written. If all the cert files have been updated closely enough in time, Update will decide that it's time to actually update the cert, and it'll send an IstioCertUpdate over the Updates channel.

func (*IstioCert) Secret 

func (icert *IstioCert) Secret(ctx context.Context) (*kates.Secret, bool)

Secret generates a kates.Secret for this IstioCert. Since this involves reading PEM, it can fail, so it logs and returns a status.

func (*IstioCert) SetFetchTime 

func (icert *IstioCert) SetFetchTime(fetchTime timeFetcher)

SetFetchTime will change the function we use to get the current time.

func (*IstioCert) SetReadPEM 

func (icert *IstioCert) SetReadPEM(readPEM pemReader)

SetReadPEM will change the function we use to read PEM files.

func (*IstioCert) String 

func (icert *IstioCert) String() string

String returns a string representation of this IstioCert.

type IstioCertSource 

type IstioCertSource interface {
	Watch(ctx context.Context) (IstioCertWatcher, error)
}

type IstioCertUpdate 

type IstioCertUpdate struct {
	Op        string        // "update" or "delete"
	Name      string        // secret name
	Namespace string        // secret namespace
	Secret    *kates.Secret // IstioCert secret
}

IstioCertUpdate gets sent over the IstioCert's Updates channel whenever the cert changes

XXX This will morph into a more general "internally-generated resource" thing later.

type IstioCertWatcher 

type IstioCertWatcher interface {
	Changed() <-chan IstioCertUpdate
}

type K8sSource 

type K8sSource interface {
	Watch(ctx context.Context, queries ...kates.Query) (K8sWatcher, error)
}

type K8sWatcher 

type K8sWatcher interface {
	Changed() <-chan struct{}
	FilteredUpdate(ctx context.Context, target interface{}, deltas *[]*kates.Delta, predicate func(*kates.Unstructured) bool) (bool, error)
}

type ModuleSecrets 

type ModuleSecrets struct {
	Defaults struct {
		TLSSecretNamespacing bool `json:"tls_secret_namespacing"`
	} `json:"defaults"`
	Upstream struct {
		Secret string `json:"secret"`
	} `json:"upstream"`
	Server struct {
		Secret string `json:"secret"`
	} `json:"server"`
	Client struct {
		Secret string `json:"secret"`
	} `json:"client"`
}

ModuleSecrets is... a hack. It's sort of a mashup of the chunk of the Ambassador Module and the chunk of the TLS Module that are common, because they're able to specify secrets. However... first, I don't think the TLS Module actually supported tls_secret_namespacing. Second, the Ambassador Module at least supports arbitrary origination context names -- _any_ key in the TLS dictionary will get turned into an origination context.

I seriously doubt that either of these will actually affect anyone at this remove, but... yeah.

type ResolverType 

type ResolverType int
const (
	KubernetesServiceResolver ResolverType = iota
	KubernetesEndpointResolver
	ConsulResolver
)

func (ResolverType) String 

func (rt ResolverType) String() string

type SnapshotDisposition 

type SnapshotDisposition int
const (
	// Indicates the watcher is still in the booting process and the snapshot has dangling pointers.
	SnapshotIncomplete SnapshotDisposition = iota
	// Indicates that the watcher is deferring processing of the snapshot because it is considered
	// to be a product of churn.
	SnapshotDefer
	// Indicates that the watcher is dropping the snapshot because it has determined that it is
	// logically a noop.
	SnapshotDrop
	// Indicates that the snapshot is ready to be processed.
	SnapshotReady
)

func (SnapshotDisposition) String 

func (disposition SnapshotDisposition) String() string

type SnapshotHolder 

type SnapshotHolder struct {
	// contains filtered or unexported fields
}

SnapshotHolder is responsible for holding

func NewSnapshotHolder 

func NewSnapshotHolder(ambassadorMeta *snapshot.AmbassadorMetaInfo) (*SnapshotHolder, error)

func (*SnapshotHolder) ConsulUpdate 

func (sh *SnapshotHolder) ConsulUpdate(ctx context.Context, consulWatcher *consulWatcher, fastpathProcessor FastpathProcessor) bool

func (*SnapshotHolder) IstioUpdate 

func (sh *SnapshotHolder) IstioUpdate(ctx context.Context, istio *istioCertWatchManager,
	icertUpdate IstioCertUpdate) (bool, error)

func (*SnapshotHolder) K8sUpdate 

func (sh *SnapshotHolder) K8sUpdate(
	ctx context.Context,
	watcher K8sWatcher,
	consulWatcher *consulWatcher,
	fastpathProcessor FastpathProcessor,
) (bool, error)

Get the raw update from the kubernetes watcher, then redo our computed view.

func (*SnapshotHolder) Notify 

func (sh *SnapshotHolder) Notify(
	ctx context.Context,
	encoded *atomic.Value,
	consulWatcher *consulWatcher,
	snapshotProcessor SnapshotProcessor,
) error

type SnapshotProcessor 

type SnapshotProcessor func(context.Context, SnapshotDisposition, []byte) error

type Stopper 

type Stopper interface {
	Stop()
}

Source Files

View all Source files

Directories

Path Synopsis
internal
testqueue

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.