adminapi

package
v3.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KonnectBackoffInitialInterval = time.Second * 3
	KonnectBackoffMaxInterval     = time.Minute * 15
	KonnectBackoffMultiplier      = 2
)
View Source 
const (
	HeaderNameAdminToken = "Kong-Admin-Token"
)

Variables

This section is empty.

Functions

func EnsureKonnectConnection 

func EnsureKonnectConnection(ctx context.Context, client *kong.Client, logger logr.Logger) error

EnsureKonnectConnection ensures that the client is able to connect to Konnect.

func MakeHTTPClient 

func MakeHTTPClient(opts *HTTPClientOpts, kongAdminToken string) (*http.Client, error)

MakeHTTPClient returns an HTTP client with the specified mTLS/headers configuration.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a wrapper around raw *kong.Client. It's advised to pass this wrapper across the codebase, and fallback to the underlying *kong.Client only when it's passed to external functions that require it. Also, where it's possible, use a specific Abstract*Service interfaces that *kong.Client includes. Each Client holds its own PluginSchemaStore to cache plugins' schemas as they may theoretically differ between instances.

func NewClient 

func NewClient(c *kong.Client) *Client

NewClient creates an Admin API client that is to be used with a regular Admin API exposed by Kong Gateways.

func NewKongClientForWorkspace 

func NewKongClientForWorkspace(
	ctx context.Context, adminURL string, wsName string, httpClient *http.Client,
) (*Client, error)

NewKongClientForWorkspace returns a Kong API client for a given root API URL and workspace. It ensures that the client is ready to be used by performing a status check, returns KongClientNotReadyError if not or KongGatewayUnsupportedVersionError if it can't check Kong Gateway's version or it is not >= 3.4.1. If the workspace does not already exist, NewKongClientForWorkspace will create it.

func NewTestClient 

func NewTestClient(address string) (*Client, error)

NewTestClient creates a client for test purposes.

func (*Client) AdminAPIClient 

func (c *Client) AdminAPIClient() *kong.Client

AdminAPIClient returns an underlying go-kong's Admin API client.

func (*Client) AttachPodReference 

func (c *Client) AttachPodReference(podNN k8stypes.NamespacedName)

AttachPodReference allows attaching a Pod reference to the client. Should be used in case we know what Pod the client will communicate with (e.g. when the gateway service discovery is used).

func (*Client) BaseRootURL 

func (c *Client) BaseRootURL() string

BaseRootURL returns a base address used for communicating with the Admin API.

func (*Client) GetKongVersion 

func (c *Client) GetKongVersion(ctx context.Context) (string, error)

GetKongVersion returns version of the kong gateway.

func (*Client) IsKonnect 

func (c *Client) IsKonnect() bool

IsKonnect tells if a client is used for communication with Konnect Control Plane Admin API.

func (*Client) IsReady 

func (c *Client) IsReady(ctx context.Context) error

IsReady returns nil if the Admin API is ready to serve requests.

func (*Client) KonnectControlPlane 

func (c *Client) KonnectControlPlane() string

KonnectControlPlane gets a unique identifier of a Konnect's Control Plane that config should be synchronised with. Empty in case of non-Konnect clients.

func (*Client) LastConfigSHA 

func (c *Client) LastConfigSHA() []byte

LastConfigSHA returns a checksum of the last successful configuration push.

func (*Client) NodeID 

func (c *Client) NodeID(ctx context.Context) (string, error)

func (*Client) PluginSchemaStore 

func (c *Client) PluginSchemaStore() *util.PluginSchemaStore

PluginSchemaStore returns client's PluginSchemaStore.

func (*Client) PodReference 

func (c *Client) PodReference() (k8stypes.NamespacedName, bool)

PodReference returns an optional reference to the Pod the client communicates with.

func (*Client) SetLastConfigSHA 

func (c *Client) SetLastConfigSHA(s []byte)

SetLastConfigSHA overrides last config SHA.

type ClientFactory 

type ClientFactory struct {
	// contains filtered or unexported fields
}

func NewClientFactoryForWorkspace 

func NewClientFactoryForWorkspace(workspace string, httpClientOpts HTTPClientOpts, adminToken string) ClientFactory

func (ClientFactory) CreateAdminAPIClient 

func (cf ClientFactory) CreateAdminAPIClient(ctx context.Context, discoveredAdminAPI DiscoveredAdminAPI) (*Client, error)

type Clock 

type Clock interface {
	Now() time.Time
}

type DiscoveredAdminAPI 

type DiscoveredAdminAPI struct {
	Address string
	PodRef  k8stypes.NamespacedName
}

DiscoveredAdminAPI represents an Admin API discovered from a Kubernetes Service.

type Discoverer 

type Discoverer struct {
	// contains filtered or unexported fields
}

func NewDiscoverer 

func NewDiscoverer(
	adminAPIPortNames sets.Set[string],
	dnsStrategy cfgtypes.DNSStrategy,
) (*Discoverer, error)

func (*Discoverer) AdminAPIsFromEndpointSlice 

func (d *Discoverer) AdminAPIsFromEndpointSlice(
	endpoints discoveryv1.EndpointSlice,
) (sets.Set[DiscoveredAdminAPI], error)

AdminAPIsFromEndpointSlice returns a list of Admin APIs when given an EndpointSlice.

func (*Discoverer) GetAdminAPIsForService 

func (d *Discoverer) GetAdminAPIsForService(
	ctx context.Context,
	kubeClient client.Client,
	service k8stypes.NamespacedName,
) (sets.Set[DiscoveredAdminAPI], error)

GetAdminAPIsForService performs an endpoint lookup, using provided kubeClient to list provided Admin API Service EndpointSlices. The retrieved EndpointSlices' ports are compared with the provided portNames set.

type HTTPClientOpts 

type HTTPClientOpts struct {
	// Disable verification of TLS certificate of Kong's Admin endpoint.
	TLSSkipVerify bool
	// SNI name to use to verify the certificate presented by Kong in TLS.
	TLSServerName string
	// Path to PEM-encoded CA certificate file to verify Kong's Admin SSL certificate.
	CACertPath string
	// PEM-encoded CA certificate to verify Kong's Admin SSL certificate.
	CACert string
	// Array of headers added to every Admin API call.
	Headers []string
	// TLSClient is TLS client config.
	TLSClient TLSClientConfig
}

HTTPClientOpts defines parameters that configure an HTTP client.

type HeaderRoundTripper 

type HeaderRoundTripper struct {
	// contains filtered or unexported fields
}

HeaderRoundTripper injects Headers into requests made via RT.

func (*HeaderRoundTripper) RoundTrip 

func (t *HeaderRoundTripper) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip satisfies the RoundTripper interface.

type KongClientNotReadyError 

type KongClientNotReadyError struct {
	Err error
}

KongClientNotReadyError is returned when the Kong client is not ready to be used yet. This can happen if the Kong Admin API is not reachable, or if it's reachable but `GET /status` does not return 200.

func (KongClientNotReadyError) Error 

func (e KongClientNotReadyError) Error() string

func (KongClientNotReadyError) Unwrap 

func (e KongClientNotReadyError) Unwrap() error

type KongGatewayUnsupportedVersionError 

type KongGatewayUnsupportedVersionError struct {
	// contains filtered or unexported fields
}

func (KongGatewayUnsupportedVersionError) Error 

func (e KongGatewayUnsupportedVersionError) Error() string

type KonnectBackoffStrategy 

type KonnectBackoffStrategy struct {
	// contains filtered or unexported fields
}

KonnectBackoffStrategy keeps track of Konnect config push backoffs.

It takes into account: - a regular exponential backoff that is incremented on every Update failure, - a last failed configuration hash (where we skip Update until a config changes).

It's important to note that KonnectBackoffStrategy can use the latter (config hash) because of the nature of the one-directional integration where KIC is the only component responsible for populating configuration of Konnect's Control Plane. In case that changes in the future (e.g. manual modifications to parts of the configuration are allowed on Konnect side for some reason), we might have to drop this part of the backoff strategy.

func NewKonnectBackoffStrategy 

func NewKonnectBackoffStrategy(clock Clock) *KonnectBackoffStrategy

func (*KonnectBackoffStrategy) CanUpdate 

func (s *KonnectBackoffStrategy) CanUpdate(configHash []byte) (bool, string)

func (*KonnectBackoffStrategy) RegisterUpdateFailure 

func (s *KonnectBackoffStrategy) RegisterUpdateFailure(err error, configHash []byte)

func (*KonnectBackoffStrategy) RegisterUpdateSuccess 

func (s *KonnectBackoffStrategy) RegisterUpdateSuccess()

type KonnectClient 

type KonnectClient struct {
	Client
	// contains filtered or unexported fields
}

func NewKongClientForKonnectControlPlane 

func NewKongClientForKonnectControlPlane(c KonnectConfig) (*KonnectClient, error)

func NewKonnectClient 

func NewKonnectClient(c *kong.Client, controlPlane string) *KonnectClient

NewKonnectClient creates an Admin API client that is to be used with a Konnect Control Plane Admin API.

func (*KonnectClient) BackoffStrategy 

func (c *KonnectClient) BackoffStrategy() UpdateBackoffStrategy

type KonnectConfig 

type KonnectConfig struct {
	// TODO https://github.com/Kong/kubernetes-ingress-controller/issues/3922
	// ConfigSynchronizationEnabled is the only toggle we had prior to the addition of the license agent.
	// We likely want to combine these into a single Konnect toggle or piggyback off other Konnect functionality.
	ConfigSynchronizationEnabled bool
	ControlPlaneID               string
	Address                      string
	RefreshNodePeriod            time.Duration
	TLSClient                    TLSClientConfig

	LicenseSynchronizationEnabled bool
	InitialLicensePollingPeriod   time.Duration
	LicensePollingPeriod          time.Duration
}

type TLSClientConfig 

type TLSClientConfig struct {
	// Cert is a client certificate.
	Cert string
	// CertFile is a client certificate file path.
	CertFile string

	// Key is a client key.
	Key string
	// KeyFile is a client key file path.
	KeyFile string
}

TLSClientConfig contains TLS client certificate and client key to be used when connecting with Admin APIs. It's validated with manager.validateClientTLS before passing it further down. It guarantees that only the allowed combinations of variables will be passed: - only one of Cert / CertFile, - only one of Key / KeyFile, - if any of Cert / CertFile is set, one of Key / KeyFile has to be set, - if any of Key / KeyFile is set, one of Cert / CertFile has to be set.

func (TLSClientConfig) IsZero 

func (c TLSClientConfig) IsZero() bool

type UpdateBackoffStrategy 

type UpdateBackoffStrategy interface {
	// CanUpdate tells whether we're allowed to make an update attempt for a given config hash.
	// In case it returns false, the second return value is a human-readable explanation of why the update cannot
	// be performed at this point in time.
	CanUpdate([]byte) (bool, string)

	// RegisterUpdateSuccess resets the backoff strategy, effectively making it allow next update straight away.
	RegisterUpdateSuccess()

	// RegisterUpdateFailure registers an update failure along with its failure reason passed as a generic error, and
	// a config hash that we failed to push.
	RegisterUpdateFailure(failureReason error, configHash []byte)
}

UpdateBackoffStrategy keeps state of an update backoff strategy.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.