Documentation ¶
Index ¶
- Constants
- func BackendIAPName(project string, backend string) string
- func GetGCPBackend(client *kubernetes.Clientset, namespace string, serviceName string, ...) (string, error)
- func GetGCPBackendFromIngress(ingress *v1.Ingress, namespace string, serviceName string) (string, error)
- func GetGCPBackendFromService(client *kubernetes.Clientset, bkSvc *compute.BackendServicesClient, ...) (map[string]string, error)
- type NegStatus
- type Verifier
Constants ¶
const ( // JWTHeader is the name of the header containing the JWT set by IAP // https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers JWTHeader = "x-goog-iap-jwt-assertion" EmailClaim = "email" )
Variables ¶
This section is empty.
Functions ¶
func BackendIAPName ¶
BackendIAPName returns the full IAP resource name for the backend
func GetGCPBackend ¶
func GetGCPBackend(client *kubernetes.Clientset, namespace string, serviceName string, ingressName string) (string, error)
GetGCPBackend determines the GCP backend associated with the given K8s service. The backends are stored as annotations on the K8s ingress. An ingress can have multiple backends but these should be named off of the service.
func GetGCPBackendFromIngress ¶
func GetGCPBackendFromIngress(ingress *v1.Ingress, namespace string, serviceName string) (string, error)
GetGCPBackendFromIngress determines the GCP backend associated with the given K8s service. The backends are stored as annotations on the K8s ingress. An ingress can have multiple backends but these should be named off of the service.
func GetGCPBackendFromService ¶
func GetGCPBackendFromService(client *kubernetes.Clientset, bkSvc *compute.BackendServicesClient, project string, namespace string, serviceName string) (map[string]string, error)
GetGCPBackendFromService determines the GCP backend associated with the given K8s service. It fetches the Neg associated with the given K8s service from its annotations. It then loops over backendservices to find the backend associated with that neg.
Returns a mapping from neg name to backend service name.
There can be more than 1 neg associated with a backend service; because negs are port specific N.B. This was tested with the Gateway resource but it should work with the Ingress resource as well. It builds a mapping from BackendServices to Negs.