dag

package
v0.15.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package dag provides a data model, in the form of a directed acyclic graph, of the relationship between Kubernetes Ingress, Service, and Secret objects.

Index

Constants

View Source 
const (
	StatusValid    = "valid"
	StatusInvalid  = "invalid"
	StatusOrphaned = "orphaned"
)
View Source 
const DEFAULT_INGRESS_CLASS = "contour"

Variables

This section is empty.

Functions

func MinProtoVersion added in v0.15.0 

func MinProtoVersion(version string) auth.TlsParameters_TlsProtocol

MinProtoVersion returns the TLS protocol version specified by an ingress annotation or default if non present.

Types

type Builder 

type Builder struct {

	// Source is the source of Kuberenetes objects
	// from which to build a DAG.
	Source KubernetesCache

	// DisablePermitInsecure disables the use of the
	// permitInsecure field in IngressRoute.
	DisablePermitInsecure bool
	// contains filtered or unexported fields
}

Builder builds a DAG.

func (*Builder) Build 

func (b *Builder) Build() *DAG

Build builds a new DAG.

type Cluster added in v0.12.0 

type Cluster struct {

	// Upstream is the backend Kubernetes service traffic arriving
	// at this Cluster will be forwarded too.
	Upstream Service

	// The relative weight of this Cluster compared to its siblings.
	Weight int

	// UpstreamValidation defines how to verify the backend service's certificate
	UpstreamValidation *UpstreamValidation

	// The load balancer type to use when picking a host in the cluster.
	// See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/cds.proto#envoy-api-enum-cluster-lbpolicy
	LoadBalancerStrategy string

	HealthCheck *ingressroutev1.HealthCheck
}

Cluster holds the connetion specific parameters that apply to traffic routed to an upstream service.

func (Cluster) Visit added in v0.12.0 

func (c Cluster) Visit(f func(Vertex))

type DAG 

type DAG struct {
	// contains filtered or unexported fields
}

A DAG represents a directed acylic graph of objects representing the relationship between Kubernetes Ingress objects, the backend Services, and Secret objects. The DAG models these relationships as Roots and Vertices.

func (*DAG) Statuses 

func (d *DAG) Statuses() map[Meta]Status

Statuses returns a slice of Status objects associated with the computation of this DAG.

func (*DAG) Visit 

func (d *DAG) Visit(fn func(Vertex))

Visit calls fn on each root of this DAG.

type HTTPService added in v0.8.0 

type HTTPService struct {
	TCPService

	// Protocol is the layer 7 protocol of this service
	// One of "", "h2", "h2c", or "tls".
	Protocol string
}

HTTPService represents a Kuberneres Service object which speaks HTTP/1.1 or HTTP/2.0.

type KubernetesCache 

type KubernetesCache struct {
	// IngressRouteRootNamespaces specifies the namespaces where root
	// IngressRoutes can be defined. If empty, roots can be defined in any
	// namespace.
	IngressRouteRootNamespaces []string

	// Contour's IngressClass.
	// If not set, defaults to DEFAULT_INGRESS_CLASS.
	IngressClass string

	logrus.FieldLogger
	// contains filtered or unexported fields
}

A KubernetesCache holds Kubernetes objects and associated configuration and produces DAG values.

func (*KubernetesCache) Insert 

func (kc *KubernetesCache) Insert(obj interface{}) bool

Insert inserts obj into the KubernetesCache. Insert returns true if the cache accepted the object, or false if the value is not interesting to the cache. If an object with a matching type, name, and namespace exists, it will be overwritten.

func (*KubernetesCache) Remove 

func (kc *KubernetesCache) Remove(obj interface{}) bool

Remove removes obj from the KubernetesCache. Remove returns a boolean indiciating if the cache changed after the remove operation.

type Listener added in v0.10.0 

type Listener struct {

	// Address is the TCP address to listen on.
	// If blank 0.0.0.0, or ::/0 for IPv6, is assumed.
	Address string

	// Port is the TCP port to listen on.
	Port int

	VirtualHosts map[string]Vertex
}

A Listener represents a TCP socket that accepts incoming connections.

func (*Listener) Visit added in v0.10.0 

func (l *Listener) Visit(f func(Vertex))

type Meta added in v0.14.0 

type Meta struct {
	// contains filtered or unexported fields
}

Meta holds the name and namespace of a Kubernetes object.

type PrefixRoute added in v0.14.1 

type PrefixRoute struct {

	// Prefix to match.
	Prefix string
	Route
}

PrefixRoute defines a Route that matches a path prefix.

type RegexRoute added in v0.14.1 

type RegexRoute struct {

	// Regex to match.
	Regex string
	Route
}

RegexRoute defines a Route that matches a regular expression.

type RetryPolicy added in v0.12.0 

type RetryPolicy struct {
	// RetryOn specifies the conditions under which retry takes place.
	// If empty, retries will not be performed.
	RetryOn string

	// NumRetries specifies the allowed number of retries.
	// Ignored if RetryOn is blank, or defaults to 1 if RetryOn is set.
	NumRetries int

	// PerTryTimeout specifies the timeout per retry attempt.
	// Ignored if RetryOn is blank.
	PerTryTimeout time.Duration
}

RetryPolicy defines the retry / number / timeout options

type Route 

type Route struct {
	Clusters []*Cluster

	// Should this route generate a 301 upgrade if accessed
	// over HTTP?
	HTTPSUpgrade bool

	// Is this a websocket route?
	// TODO(dfc) this should go on the service
	Websocket bool

	// TimeoutPolicy defines the timeout request/idle
	TimeoutPolicy *TimeoutPolicy

	// RetryPolicy defines the retry / number / timeout options for a route
	RetryPolicy *RetryPolicy

	// Indicates that during forwarding, the matched prefix (or path) should be swapped with this value
	PrefixRewrite string
}

Route defines the properties of a route to a Cluster.

func (*Route) Visit 

func (r *Route) Visit(f func(Vertex))

type Secret 

type Secret struct {
	Object *v1.Secret
}

Secret represents a K8s Secret for TLS usage as a DAG Vertex. A Secret is a leaf in the DAG.

func (*Secret) Cert added in v0.12.0 

func (s *Secret) Cert() []byte

Cert returns the secret's tls certificate

func (*Secret) Data 

func (s *Secret) Data() map[string][]byte

Data returns the contents of the backing secret's map.

func (*Secret) Name 

func (s *Secret) Name() string

func (*Secret) Namespace 

func (s *Secret) Namespace() string

func (*Secret) PrivateKey added in v0.12.0 

func (s *Secret) PrivateKey() []byte

PrivateKey returns the secret's tls private key

func (*Secret) Visit 

func (s *Secret) Visit(func(Vertex))

type SecureVirtualHost 

type SecureVirtualHost struct {
	VirtualHost

	// TLS minimum protocol version. Defaults to auth.TlsParameters_TLS_AUTO
	MinProtoVersion auth.TlsParameters_TlsProtocol

	// The cert and key for this host.
	*Secret
}

A SecureVirtualHost represents a HTTP host protected by TLS.

func (*SecureVirtualHost) Valid added in v0.15.0 

func (s *SecureVirtualHost) Valid() bool

func (*SecureVirtualHost) Visit 

func (s *SecureVirtualHost) Visit(f func(Vertex))

type Service 

type Service interface {
	Vertex
	// contains filtered or unexported methods
}

type Status 

type Status struct {
	Object      *ingressroutev1.IngressRoute
	Status      string
	Description string
	Vhost       string
}

Status contains the status for an IngressRoute (valid / invalid / orphan, etc)

type TCPProxy added in v0.8.0 

type TCPProxy struct {

	// Clusters is the, possibly weighted, set
	// of upstream services to forward decrypted traffic.
	Clusters []*Cluster
}

TCPProxy represents a cluster of TCP endpoints.

func (*TCPProxy) Visit added in v0.8.0 

func (t *TCPProxy) Visit(f func(Vertex))

type TCPService added in v0.8.0 

type TCPService struct {
	Name, Namespace string

	*v1.ServicePort

	// Max connections is maximum number of connections
	// that Envoy will make to the upstream cluster.
	MaxConnections int

	// MaxPendingRequests is maximum number of pending
	// requests that Envoy will allow to the upstream cluster.
	MaxPendingRequests int

	// MaxRequests is the maximum number of parallel requests that
	// Envoy will make to the upstream cluster.
	MaxRequests int

	// MaxRetries is the maximum number of parallel retries that
	// Envoy will allow to the upstream cluster.
	MaxRetries int

	// ExternalName is an optional field referencing a dns entry for Service type "ExternalName"
	ExternalName string
}

TCPService represents a Kuberentes Service that speaks TCP. That's all we know.

func (*TCPService) Visit added in v0.8.0 

func (s *TCPService) Visit(func(Vertex))

type TimeoutPolicy added in v0.12.0 

type TimeoutPolicy struct {
	// A timeout applied to requests on this route.
	// A timeout of zero implies "use envoy's default"
	// A timeout of -1 represents "infinity"
	// TODO(dfc) should this move to service?
	Timeout time.Duration
}

TimeoutPolicy defines the timeout request/idle

type UpstreamValidation added in v0.12.0 

type UpstreamValidation struct {
	// CACertificate holds a reference to the Secret containing the CA to be used to
	// verify the upstream connection.
	CACertificate *Secret
	// SubjectName holds an optional subject name which Envoy will check against the
	// certificate presented by the upstream.
	SubjectName string
}

UpstreamValidation defines how to validate the certificate on the upstream service

type Vertex 

type Vertex interface {
	Visitable
}

type VirtualHost 

type VirtualHost struct {
	// Name is the fully qualified domain name of a network host,
	// as defined by RFC 3986.
	Name string

	// Service to TCP proxy all incoming connections.
	*TCPProxy
	// contains filtered or unexported fields
}

A VirtualHost represents a named L4/L7 service.

func (*VirtualHost) Valid added in v0.15.0 

func (v *VirtualHost) Valid() bool

func (*VirtualHost) Visit 

func (v *VirtualHost) Visit(f func(Vertex))

type Visitable 

type Visitable interface {
	Visit(func(Vertex))
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.