Documentation ¶
Index ¶
- Constants
- func GetPodFromCertificate(cn certificate.CommonName, kubeClient kubernetes.Interface) (*v1.Pod, error)
- func NewCertCommonNameWithProxyID(proxyUUID, serviceAccount, namespace string) certificate.CommonName
- type MeshCatalog
- func (mc *MeshCatalog) ExpectProxy(cn certificate.CommonName)
- func (mc *MeshCatalog) GetCertificateForService(nsService service.NamespacedService) (certificate.Certificater, error)
- func (mc *MeshCatalog) GetDomainForService(nsService service.NamespacedService, routeHeaders map[string]string) (string, error)
- func (mc *MeshCatalog) GetIngressRoutePoliciesPerDomain(service service.NamespacedService) (map[string][]trafficpolicy.Route, error)
- func (mc *MeshCatalog) GetIngressWeightedCluster(svc service.NamespacedService) (service.WeightedCluster, error)
- func (mc *MeshCatalog) GetServiceForServiceAccount(sa service.NamespacedServiceAccount) (service.NamespacedService, error)
- func (mc *MeshCatalog) GetServiceFromEnvoyCertificate(cn certificate.CommonName) (*service.NamespacedService, error)
- func (mc *MeshCatalog) GetWeightedClusterForService(nsService service.NamespacedService) (service.WeightedCluster, error)
- func (mc *MeshCatalog) IsIngressService(service service.NamespacedService) (bool, error)
- func (mc *MeshCatalog) ListAllowedInboundServices(destinationService service.NamespacedService) ([]service.NamespacedService, error)
- func (mc *MeshCatalog) ListAllowedOutboundServices(sourceService service.NamespacedService) ([]service.NamespacedService, error)
- func (mc *MeshCatalog) ListConnectedProxies() map[certificate.CommonName]*envoy.Proxy
- func (mc *MeshCatalog) ListDisconnectedProxies() map[certificate.CommonName]time.Time
- func (mc *MeshCatalog) ListEndpointsForService(svc service.Name) ([]endpoint.Endpoint, error)
- func (mc *MeshCatalog) ListExpectedProxies() map[certificate.CommonName]time.Time
- func (mc *MeshCatalog) ListSMIPolicies() ([]*split.TrafficSplit, []service.WeightedService, ...)
- func (mc *MeshCatalog) ListTrafficPolicies(service service.NamespacedService) ([]trafficpolicy.TrafficTarget, error)
- func (mc *MeshCatalog) RegisterNewEndpoint(smi.ClientIdentity)
- func (mc *MeshCatalog) RegisterProxy(p *envoy.Proxy)
- func (mc *MeshCatalog) UnregisterProxy(p *envoy.Proxy)
- type MeshCataloger
Constants ¶
const ( //HTTPTraffic specifies HTTP Traffic Policy HTTPTraffic = "HTTPRouteGroup" //HostHeaderKey specifies the host header key HostHeaderKey = "host" )
Variables ¶
This section is empty.
Functions ¶
func GetPodFromCertificate ¶
func GetPodFromCertificate(cn certificate.CommonName, kubeClient kubernetes.Interface) (*v1.Pod, error)
GetPodFromCertificate returns the Kubernetes Pod object for a given certificate.
func NewCertCommonNameWithProxyID ¶
func NewCertCommonNameWithProxyID(proxyUUID, serviceAccount, namespace string) certificate.CommonName
NewCertCommonNameWithProxyID returns a newly generated CommonName for a certificate of the form: <ProxyID>.<serviceAccount>.<namespace>
Types ¶
type MeshCatalog ¶
type MeshCatalog struct {
// contains filtered or unexported fields
}
MeshCatalog is the struct for the service catalog
func NewFakeMeshCatalog ¶
func NewFakeMeshCatalog(kubeClient kubernetes.Interface) *MeshCatalog
NewFakeMeshCatalog creates a new struct implementing catalog.MeshCataloger interface used for testing.
func NewMeshCatalog ¶
func NewMeshCatalog(kubeClient kubernetes.Interface, meshSpec smi.MeshSpec, certManager certificate.Manager, ingressMonitor ingress.Monitor, stop <-chan struct{}, cfg configurator.Configurator, endpointsProviders ...endpoint.Provider) *MeshCatalog
NewMeshCatalog creates a new service catalog
func (*MeshCatalog) ExpectProxy ¶
func (mc *MeshCatalog) ExpectProxy(cn certificate.CommonName)
ExpectProxy catalogs the fact that a certificate was issued for an Envoy proxy and this is expected to connect to XDS.
func (*MeshCatalog) GetCertificateForService ¶
func (mc *MeshCatalog) GetCertificateForService(nsService service.NamespacedService) (certificate.Certificater, error)
GetCertificateForService returns the certificate the given proxy uses for mTLS to the XDS server.
func (*MeshCatalog) GetDomainForService ¶
func (mc *MeshCatalog) GetDomainForService(nsService service.NamespacedService, routeHeaders map[string]string) (string, error)
GetDomainForService returns the domain name of a service
func (*MeshCatalog) GetIngressRoutePoliciesPerDomain ¶
func (mc *MeshCatalog) GetIngressRoutePoliciesPerDomain(service service.NamespacedService) (map[string][]trafficpolicy.Route, error)
GetIngressRoutePoliciesPerDomain returns the route policies per domain associated with an ingress service
func (*MeshCatalog) GetIngressWeightedCluster ¶
func (mc *MeshCatalog) GetIngressWeightedCluster(svc service.NamespacedService) (service.WeightedCluster, error)
GetIngressWeightedCluster returns the weighted cluster for an ingress service
func (*MeshCatalog) GetServiceForServiceAccount ¶
func (mc *MeshCatalog) GetServiceForServiceAccount(sa service.NamespacedServiceAccount) (service.NamespacedService, error)
GetServiceForServiceAccount returns a service corresponding to a service account
func (*MeshCatalog) GetServiceFromEnvoyCertificate ¶
func (mc *MeshCatalog) GetServiceFromEnvoyCertificate(cn certificate.CommonName) (*service.NamespacedService, error)
GetServiceFromEnvoyCertificate returns the single service given Envoy is a member of based on the certificate provided, which is a cert issued to an Envoy for XDS communication (not Envoy-to-Envoy).
func (*MeshCatalog) GetWeightedClusterForService ¶
func (mc *MeshCatalog) GetWeightedClusterForService(nsService service.NamespacedService) (service.WeightedCluster, error)
GetWeightedClusterForService returns the weighted cluster for a given service
func (*MeshCatalog) IsIngressService ¶
func (mc *MeshCatalog) IsIngressService(service service.NamespacedService) (bool, error)
IsIngressService returns a boolean indicating if the service is a backend for an ingress resource
func (*MeshCatalog) ListAllowedInboundServices ¶
func (mc *MeshCatalog) ListAllowedInboundServices(destinationService service.NamespacedService) ([]service.NamespacedService, error)
ListAllowedInboundServices lists the inbound services allowed to connect to the given service.
func (*MeshCatalog) ListAllowedOutboundServices ¶
func (mc *MeshCatalog) ListAllowedOutboundServices(sourceService service.NamespacedService) ([]service.NamespacedService, error)
ListAllowedOutboundServices lists the services the given service is allowed outbound connections to.
func (*MeshCatalog) ListConnectedProxies ¶
func (mc *MeshCatalog) ListConnectedProxies() map[certificate.CommonName]*envoy.Proxy
ListConnectedProxies lists the Envoy proxies already connected and the time they first connected.
func (*MeshCatalog) ListDisconnectedProxies ¶
func (mc *MeshCatalog) ListDisconnectedProxies() map[certificate.CommonName]time.Time
ListDisconnectedProxies lists the Envoy proxies disconnected and the time last seen.
func (*MeshCatalog) ListEndpointsForService ¶
ListEndpointsForService returns the list of provider endpoints corresponding to a service
func (*MeshCatalog) ListExpectedProxies ¶
func (mc *MeshCatalog) ListExpectedProxies() map[certificate.CommonName]time.Time
ListExpectedProxies lists the Envoy proxies yet to connect and the time their XDS certificate was issued.
func (*MeshCatalog) ListSMIPolicies ¶
func (mc *MeshCatalog) ListSMIPolicies() ([]*split.TrafficSplit, []service.WeightedService, []service.NamespacedServiceAccount, []*spec.HTTPRouteGroup, []*target.TrafficTarget, []*corev1.Service)
ListSMIPolicies returns all policies OSM is aware of.
func (*MeshCatalog) ListTrafficPolicies ¶
func (mc *MeshCatalog) ListTrafficPolicies(service service.NamespacedService) ([]trafficpolicy.TrafficTarget, error)
ListTrafficPolicies returns all the traffic policies for a given service that Envoy proxy should be aware of.
func (*MeshCatalog) RegisterNewEndpoint ¶
func (mc *MeshCatalog) RegisterNewEndpoint(smi.ClientIdentity)
RegisterNewEndpoint adds a newly connected Envoy proxy to the list of self-announced endpoints for a service.
func (*MeshCatalog) RegisterProxy ¶
func (mc *MeshCatalog) RegisterProxy(p *envoy.Proxy)
RegisterProxy implements MeshCatalog and registers a newly connected proxy.
func (*MeshCatalog) UnregisterProxy ¶
func (mc *MeshCatalog) UnregisterProxy(p *envoy.Proxy)
UnregisterProxy unregisters the given proxy from the catalog.
type MeshCataloger ¶
type MeshCataloger interface { // ListTrafficPolicies returns all the traffic policies for a given service that Envoy proxy should be aware of. ListTrafficPolicies(service.NamespacedService) ([]trafficpolicy.TrafficTarget, error) // ListAllowedInboundServices lists the inbound services allowed to connect to the given service. ListAllowedInboundServices(service.NamespacedService) ([]service.NamespacedService, error) // ListAllowedOutboundServices lists the services the given service is allowed outbound connections to. ListAllowedOutboundServices(service.NamespacedService) ([]service.NamespacedService, error) // ListSMIPolicies lists SMI policies. ListSMIPolicies() ([]*split.TrafficSplit, []service.WeightedService, []service.NamespacedServiceAccount, []*spec.HTTPRouteGroup, []*target.TrafficTarget, []*corev1.Service) // ListEndpointsForService returns the list of provider endpoints corresponding to a service ListEndpointsForService(service.Name) ([]endpoint.Endpoint, error) // GetCertificateForService returns the SSL Certificate for the given service. // This certificate will be used for service-to-service mTLS. GetCertificateForService(service.NamespacedService) (certificate.Certificater, error) // ExpectProxy catalogs the fact that a certificate was issued for an Envoy proxy and this is expected to connect to XDS. ExpectProxy(certificate.CommonName) // GetServiceFromEnvoyCertificate returns the single service given Envoy is a member of based on the certificate provided, which is a cert issued to an Envoy for XDS communication (not Envoy-to-Envoy). GetServiceFromEnvoyCertificate(certificate.CommonName) (*service.NamespacedService, error) // RegisterProxy registers a newly connected proxy with the service mesh catalog. RegisterProxy(*envoy.Proxy) // UnregisterProxy unregisters an existing proxy from the service mesh catalog UnregisterProxy(*envoy.Proxy) // GetServiceForServiceAccount returns the service corresponding to a service account GetServiceForServiceAccount(service.NamespacedServiceAccount) (service.NamespacedService, error) //GetDomainForService returns the domain name of a service GetDomainForService(service service.NamespacedService, routeHeaders map[string]string) (string, error) //GetWeightedClusterForService returns the weighted cluster for a service GetWeightedClusterForService(service service.NamespacedService) (service.WeightedCluster, error) // IsIngressService returns a boolean indicating if the service is a backend for an ingress resource IsIngressService(service.NamespacedService) (bool, error) // GetIngressRoutePoliciesPerDomain returns the route policies per domain associated with an ingress service GetIngressRoutePoliciesPerDomain(service.NamespacedService) (map[string][]trafficpolicy.Route, error) // GetIngressWeightedCluster returns the weighted cluster for an ingress service GetIngressWeightedCluster(service.NamespacedService) (service.WeightedCluster, error) }
MeshCataloger is the mechanism by which the Service Mesh controller discovers all Envoy proxies connected to the catalog.