Documentation
¶
Overview ¶
Package services contains the gRPC server for inter-node communication.
Index ¶
- Constants
- func InterceptorLogger() logging.Logger
- type APIOptions
- type BasicAuthOptions
- type LDAPAuthOptions
- type MTLSOptions
- type MeshDNSOptions
- type MetricsOptions
- type Options
- func (o *Options) BindFlags(fs *flag.FlagSet)
- func (o *Options) ListenPort() (int, error)
- func (o *Options) ProxyTLSConfig() (*tls.Config, error)
- func (o *Options) ServerOptions(store mesh.Mesh, log *slog.Logger) (srvrOptions []grpc.ServerOption, proxyOptions []grpc.DialOption, err error)
- func (o *Options) TLSConfig() (*tls.Config, error)
- func (o *Options) ToFeatureSet() []v1.Feature
- func (o *Options) Validate() error
- type ProxyAuth
- type Server
- func (s *Server) Check(context.Context, *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error)
- func (s *Server) GetServiceInfo() map[string]grpc.ServiceInfo
- func (s *Server) ListenAndServe() error
- func (s *Server) RegisterService(desc *grpc.ServiceDesc, impl any)
- func (s *Server) Stop()
- func (s *Server) Watch(_ *healthpb.HealthCheckRequest, srv healthpb.Health_WatchServer) error
- type TURNOptions
Constants ¶
View Source
const ( ListenAddressEnvVar = "SERVICES_LISTEN_ADDRESS" CertFileEnvVar = "SERVICES_TLS_CERT_FILE" KeyFileEnvVar = "SERVICES_TLS_KEY_FILE" InsecureEnvVar = "SERVICES_INSECURE" )
View Source
const ( LeaderProxyDisabledEnvVar = "SERVICES_API_DISABLE_LEADER_PROXY" MeshEnabledEnvVar = "SERVICES_API_MESH" AdminEnabledEnvVar = "SERVICES_API_ADMIN" PeerDiscoveryEnabledEnvVar = "SERVICES_API_PEER_DISCOVERY" WebRTCEnabledEnvVar = "SERVICES_API_WEBRTC" WebRTCSTUNServersEnvVar = "SERVICES_API_STUN_SERVERS" ProxyTLSCertFileEnvVar = "SERVICES_API_PROXY_TLS_CERT_FILE" ProxyTLSKeyFileEnvVar = "SERVICES_API_PROXY_TLS_KEY_FILE" ProxyTLSCAFileEnvVar = "SERVICES_API_PROXY_TLS_CA_FILE" ProxyVerifyChainOnlyEnvVar = "SERVICES_API_PROXY_VERIFY_CHAIN_ONLY" ProxyInsecureSkipVerifyEnvVar = "SERVICES_API_PROXY_INSECURE_SKIP_VERIFY" ProxyInsecureEnvVar = "SERVICES_API_PROXY_INSECURE" )
View Source
const ( MeshDNSEnabledEnvVar = "SERVICES_MESH_DNS_ENABLED" MeshDNSListenUDPEnvVar = "SERVICES_MESH_DNS_LISTEN_UDP" MeshDNSListenTCPEnvVar = "SERVICES_MESH_DNS_LISTEN_TCP" MeshDNSTSIGKeyEnvVar = "SERVICES_MESH_DNS_TSIG_KEY" MeshDNSReusePortEnvVar = "SERVICES_MESH_DNS_REUSE_PORT" MeshDNSCompressionEnvVar = "SERVICES_MESH_DNS_COMPRESSION" MeshDNSRequestTimeoutEnvVar = "SERVICES_MESH_DNS_REQUEST_TIMEOUT" MeshDNSForwardersEnvVar = "SERVICES_MESH_DNS_FORWARDERS" MeshDNSDisableForwardingEnvVar = "SERVICES_MESH_DNS_DISABLE_FORWARDING" MeshDNSCacheSizeEnvVar = "SERVICES_MESH_DNS_CACHE_SIZE" )
View Source
const ( MetricsEnabledEnvVar = "SERVICES_METRICS_ENABLED" MetricsListenAddressEnvVar = "SERVICES_METRICS_LISTEN_ADDRESS" MetricsPathEnvVar = "SERVICES_METRICS_PATH" )
View Source
const ( TURNEnabledEnvVar = "SERVICES_TURN_ENABLED" TURNServerEndpointEnvVar = "SERVICES_TURN_ENDPOINT" TURNServerPublicIPEnvVar = "SERVICES_TURN_PUBLIC_IP" TURNServerListenAddressEnvVar = "SERVICES_TURN_LISTEN_ADDRESS" TURNServerPortEnvVar = "SERVICES_TURN_SERVER_PORT" TURNServerRealmEnvVar = "SERVICES_TURN_SERVER_REALM" TURNSTUNPortRangeEnvVar = "SERVICES_TURN_STUN_PORT_RANGE" )
Variables ¶
This section is empty.
Functions ¶
func InterceptorLogger ¶
InterceptorLogger returns a logging.Logger that logs to the given slog.Logger.
Types ¶
type APIOptions ¶
type APIOptions struct {
// DisableLeaderProxy is true if the leader proxy should be disabled.
DisableLeaderProxy bool `json:"disable-leader-proxy,omitempty" yaml:"disable-leader-proxy,omitempty" toml:"disable-leader-proxy,omitempty"`
// Mesh is true if the mesh API should be registered.
Mesh bool `json:"mesh,omitempty" yaml:"mesh,omitempty" toml:"mesh,omitempty"`
// Admin is true if the admin API should be registered.
Admin bool `json:"admin,omitempty" yaml:"admin,omitempty" toml:"admin,omitempty"`
// PeerDiscovery is true if the peer discovery API should be registered.
PeerDiscovery bool `json:"peer-discovery,omitempty" yaml:"peer-discovery,omitempty" toml:"peer-discovery,omitempty"`
// WebRTC is true if the WebRTC API should be registered.
WebRTC bool `json:"webrtc,omitempty" yaml:"webrtc,omitempty" toml:"webrtc,omitempty"`
// STUNServers is a comma separated list of STUN servers to use if the WebRTC API is enabled.
STUNServers string `json:"stun-servers,omitempty" yaml:"stun-servers,omitempty" toml:"stun-servers,omitempty"`
// ProxyAuth are options for authenticating the proxy transport.
ProxyAuth *ProxyAuth `json:"proxy-auth,omitempty" yaml:"proxy-auth,omitempty" toml:"proxy-auth,omitempty"`
// ProxyTLSCAFile is the path to the TLS CA file for verifying a peer node's certificate.
ProxyTLSCAFile string `json:"proxy-tls-ca-file,omitempty" yaml:"proxy-tls-ca-file,omitempty" toml:"proxy-tls-ca-file,omitempty"`
// ProxyVerifyChainOnly is true if only the chain should be verified when proxying connections.
ProxyVerifyChainOnly bool `json:"proxy-verify-chain-only,omitempty" yaml:"proxy-verify-chain-only,omitempty" toml:"proxy-verify-chain-only,omitempty"`
// ProxyInsecureSkipVerify is true if TLS verification should be skipped when proxying connections.
ProxyInsecureSkipVerify bool `` /* 131-byte string literal not displayed */
// ProxyInsecure is true if the proxy transport is insecure.
ProxyInsecure bool `json:"proxy-insecure,omitempty" yaml:"proxy-insecure,omitempty" toml:"proxy-insecure,omitempty"`
}
APIOptions are the options for which APIs to register and expose.
func NewAPIOptions ¶
func NewAPIOptions() *APIOptions
NewAPIOptions creates a new APIOptions with default values.
func (*APIOptions) BindFlags ¶
func (o *APIOptions) BindFlags(fs *flag.FlagSet)
BindFlags binds the flags. The options are returned
type BasicAuthOptions ¶
type BasicAuthOptions struct {
// Username is the username.
Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
// Password is the password.
Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}
BasicAuthOptions are options for basic authentication.
type LDAPAuthOptions ¶
type LDAPAuthOptions struct {
// Username is the username.
Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
// Password is the password.
Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}
LDAPAuthOptions are options for LDAP authentication.
type MTLSOptions ¶
type MTLSOptions struct {
// TLSCertFile is the path to a TLS certificate file to present when joining.
CertFile string `yaml:"cert-file,omitempty" json:"cert-file,omitempty" toml:"cert-file,omitempty"`
// TLSKeyFile is the path to a TLS key file for the certificate.
KeyFile string `yaml:"key-file,omitempty" json:"key-file,omitempty" toml:"tls-file,omitempty"`
}
MTLSOptions are options for mutual TLS.
type MeshDNSOptions ¶
type MeshDNSOptions struct {
// Enabled enables mesh DNS.
Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty" toml:"enabled,omitempty"`
// ListenUDP is the UDP address to listen on.
ListenUDP string `yaml:"listen-udp,omitempty" json:"listen-udp,omitempty" toml:"listen-udp,omitempty"`
// ListenTCP is the address to listen on for TCP DNS requests.
ListenTCP string `json:"listen-tcp,omitempty" yaml:"listen-tcp,omitempty" toml:"listen-tcp,omitempty"`
// ReusePort sets the number of listeners to start on each port.
// This is only supported on Linux.
ReusePort int `json:"reuse-port,omitempty" yaml:"reuse-port,omitempty" toml:"reuse-port,omitempty"`
// EnableCompression is true if DNS compression should be enabled.
EnableCompression bool `json:"compression,omitempty" yaml:"compression,omitempty" toml:"compression,omitempty"`
// RequestTimeout is the timeout for DNS requests.
RequestTimeout time.Duration `json:"request-timeout,omitempty" yaml:"request-timeout,omitempty" toml:"request-timeout,omitempty"`
// Forwarders are the DNS forwarders to use. If empty, the system DNS servers will be used.
Forwarders []string `json:"forwarders,omitempty" yaml:"forwarders,omitempty" toml:"forwarders,omitempty"`
// DisableForwarding disables forwarding requests to the configured forwarders.
DisableForwarding bool `json:"disable-forwarding,omitempty" yaml:"disable-forwarding,omitempty" toml:"disable-forwarding,omitempty"`
// CacheSize is the size of the remote DNS cache.
CacheSize int `json:"cache-size,omitempty" yaml:"cache-size,omitempty" toml:"cache-size,omitempty"`
}
MeshDNSOptions are the mesh DNS options.
func NewMeshDNSOptions ¶
func NewMeshDNSOptions() *MeshDNSOptions
NewMeshDNSOptions creates a new set of mesh DNS options.
func (*MeshDNSOptions) BindFlags ¶
func (o *MeshDNSOptions) BindFlags(fs *flag.FlagSet)
BindFlags binds the flags for the mesh DNS options.
func (*MeshDNSOptions) Validate ¶
func (o *MeshDNSOptions) Validate() error
Validate validates the mesh DNS options.
type MetricsOptions ¶
type MetricsOptions struct {
// Enabled is true if metrics should be enabled.
Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty" toml:"enabled,omitempty"`
// MetricsListenAddress is the address to listen on for metrics.
ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
// MetricsPath is the path to serve metrics on.
Path string `json:"path,omitempty" yaml:"path,omitempty" toml:"path,omitempty"`
}
Metrics are options for exposing metrics.
func NewMetricsOptions ¶
func NewMetricsOptions() *MetricsOptions
NewMetricsOptions creates a new MetricsOptions with default values.
func (*MetricsOptions) BindFlags ¶
func (o *MetricsOptions) BindFlags(fs *flag.FlagSet)
BindFlags binds the flags.
type Options ¶
type Options struct {
// ListenAddress is the address to listen on.
ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
// TLSCertFile is the path to the TLS certificate file.
TLSCertFile string `json:"tls-cert-file,omitempty" yaml:"tls-cert-file,omitempty" toml:"tls-cert-file,omitempty"`
// TLSKeyFile is the path to the TLS key file.
TLSKeyFile string `json:"tls-key-file,omitempty" yaml:"tls-key-file,omitempty" toml:"tls-key-file,omitempty"`
// Insecure is true if the transport is insecure.
Insecure bool `json:"insecure,omitempty" yaml:"insecure,omitempty" toml:"insecure,omitempty"`
// API options
API *APIOptions `json:"api,omitempty" yaml:"api,omitempty" toml:"api,omitempty"`
// MeshDNS options
MeshDNS *MeshDNSOptions `json:"mesh-dns,omitempty" yaml:"mesh-dns,omitempty" toml:"mesh-dns,omitempty"`
// TURN options
TURN *TURNOptions `json:"turn,omitempty" yaml:"turn,omitempty" toml:"turn,omitempty"`
// Metrics options
Metrics *MetricsOptions `json:"metrics,omitempty" yaml:"metrics,omitempty" toml:"metrics,omitempty"`
// Dashboard options
Dashboard *dashboard.Options `json:"dashboard,omitempty" yaml:"dashboard,omitempty" toml:"dashboard,omitempty"`
}
Options contains the configuration for the gRPC server.
func (*Options) ListenPort ¶
ListenPort returns the port the options are configured to listen on.
func (*Options) ProxyTLSConfig ¶
ProxyTLSConfig returns the TLS configuration for proxying.
func (*Options) ServerOptions ¶
func (o *Options) ServerOptions(store mesh.Mesh, log *slog.Logger) (srvrOptions []grpc.ServerOption, proxyOptions []grpc.DialOption, err error)
ServerOptions converts the options to gRPC server options.
func (*Options) ToFeatureSet ¶
ToFeatureSet converts the options to a feature set.
type ProxyAuth ¶
type ProxyAuth struct {
// Basic are options for basic authentication.
Basic *BasicAuthOptions `json:"basic,omitempty" yaml:"basic,omitempty" toml:"basic,omitempty"`
// MTLS are options for mutual TLS.
MTLS *MTLSOptions `json:"mtls,omitempty" yaml:"mtls,omitempty" toml:"mtls,omitempty"`
// LDAP are options for LDAP authentication.
LDAP *LDAPAuthOptions `json:"ldap,omitempty" yaml:"ldap,omitempty" toml:"ldap,omitempty"`
}
ProxyAuth are options for authenticating the proxy transport.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the gRPC server.
func (*Server) Check ¶
func (s *Server) Check(context.Context, *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error)
Check implements grpc.health.v1.HealthServer.
func (*Server) GetServiceInfo ¶
func (s *Server) GetServiceInfo() map[string]grpc.ServiceInfo
GetServiceInfo implements reflection.ServiceInfoProvider.
func (*Server) ListenAndServe ¶
ListenAndServe starts the gRPC server and optional metrics server then blocks until the gRPC server exits.
func (*Server) RegisterService ¶
func (s *Server) RegisterService(desc *grpc.ServiceDesc, impl any)
RegisterService implements grpc.RegistrarService.
func (*Server) Watch ¶
func (s *Server) Watch(_ *healthpb.HealthCheckRequest, srv healthpb.Health_WatchServer) error
Watch implements grpc.health.v1.HealthServer.
type TURNOptions ¶
type TURNOptions struct {
// Enabled enables the TURN server.
Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty" toml:"enabled,omitempty"`
// Endpoint is the endpoint to advertise for the TURN server. If empty, the public IP and listen port is used.
Endpoint string `json:"endpoint,omitempty" yaml:"endpoint,omitempty" toml:"endpoint,omitempty"`
// PublicIP is the address advertised for STUN requests.
PublicIP string `json:"public-ip,omitempty" yaml:"public-ip,omitempty" toml:"public-ip,omitempty"`
// ListenAddress is the address to listen on for TURN connections.
ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
// ListenPort is the port to listen on for TURN connections.
ListenPort int `json:"listen-port,omitempty" yaml:"listen-port,omitempty" toml:"listen-port,omitempty"`
// ServerRealm is the realm used for TURN server authentication.
ServerRealm string `json:"realm,omitempty" yaml:"realm,omitempty" toml:"realm,omitempty"`
// STUNPortRange is the port range to use for STUN.
STUNPortRange string `json:"stun-port-range,omitempty" yaml:"stun-port-range,omitempty" toml:"stun-port-range,omitempty"`
}
TURNOptions are the TURN Server options.
func NewTURNOptions ¶
func NewTURNOptions() *TURNOptions
NewTURNOptions creates a new TURNOptions with default values.
func (*TURNOptions) BindFlags ¶
func (o *TURNOptions) BindFlags(fs *flag.FlagSet)
BindFlags binds the flags.
func (*TURNOptions) Validate ¶
func (o *TURNOptions) Validate() error
Validate validates the options.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package admin provides the admin gRPC server.
|
Package admin provides the admin gRPC server. |
|
Package dashboard contains a service that serves a web dashboard.
|
Package dashboard contains a service that serves a web dashboard. |
|
Package leaderproxy provides a gRPC interceptor that proxies requests to the leader node.
|
Package leaderproxy provides a gRPC interceptor that proxies requests to the leader node. |
|
Package meshapi contains the webmesh Mesh API service.
|
Package meshapi contains the webmesh Mesh API service. |
|
Package meshdns contains the Mesh DNS server.
|
Package meshdns contains the Mesh DNS server. |
|
Package node contains the webmesh node service.
|
Package node contains the webmesh node service. |
|
Package peerdiscovery contains the webmesh PeerDiscovery API service.
|
Package peerdiscovery contains the webmesh PeerDiscovery API service. |
|
Package rbac contains utilities for evaluating requests against roles.
|
Package rbac contains utilities for evaluating requests against roles. |
|
Package turn contains the STUN/TURN server.
|
Package turn contains the STUN/TURN server. |
|
Package webrtc contains the webmesh WebRTC service.
|
Package webrtc contains the webmesh WebRTC service. |
Click to show internal directories.
Click to hide internal directories.