nghttpx

package
v0.68.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2024 License: Apache-2.0, MIT Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// QUICKeyingMaterialsSize is the size of QUIC keying materials in a binary form.
	QUICKeyingMaterialsSize = 68
	// QUICKeyingMaterialsEncodedSize is the size of QUIC keying materials in a hex encoded form.
	QUICKeyingMaterialsEncodedSize = QUICKeyingMaterialsSize * 2
)
View Source 
const (

	// TLSTicketKeySize is the length of TLS ticket key.  The default value is for AES-128-CBC encryption.
	TLSTicketKeySize = 48
	// MaxTLSTicketKeyNum is the maximum number of TLS ticket keys retained in a Secret.
	MaxTLSTicketKeyNum = 12
)
View Source 
const (
	// NghttpxExtraConfigKey is a field name of extra nghttpx configuration in ConfigMap.
	NghttpxExtraConfigKey = "nghttpx-conf"
	// NghttpxMrubyFileContentKey is a field name of mruby script in ConfigMap.
	NghttpxMrubyFileContentKey = "nghttpx-mruby-file-content"
)

Variables

This section is empty.

Functions

func ApplyDefaultBackendConfig added in v0.54.0 

func ApplyDefaultBackendConfig(ctx context.Context, config *BackendConfig, defaultConfig *BackendConfig)

ApplyDefaultBackendConfig applies default field value specified in defaultConfig to config if a corresponding field is missing.

func ApplyDefaultPathConfig added in v0.33.0 

func ApplyDefaultPathConfig(ctx context.Context, config *PathConfig, defaultConfig *PathConfig)

func BackendConfigPath added in v0.50.0 

func BackendConfigPath(dir string) string

BackendConfigPath returns the path to nghttpx backend configuration file.

func Checksum added in v0.19.0 

func Checksum(b []byte) []byte

Checksum calculates and returns checksum of b in hex string.

func ConfigPath added in v0.50.0 

func ConfigPath(dir string) string

ConfigPath returns the path to nghttpx configuration file.

func CreateTLSCertPath added in v0.19.0 

func CreateTLSCertPath(dir, name string) string

CreateTLSCertPath returns TLS certificate file path.

func CreateTLSKeyPath added in v0.19.0 

func CreateTLSKeyPath(dir, name string) string

CreateTLSKeyPath returns TLS private key file path.

func CreateTLSOCSPRespPath added in v0.24.0 

func CreateTLSOCSPRespPath(dir, name string) string

CreateTLSOCSPRespPath returns TLS OCSP response file path.

func FixupBackendConfig added in v0.54.0 

func FixupBackendConfig(ctx context.Context, config *BackendConfig)

FixupBackendConfig validates config, and fixes the invalid values inside it.

func FixupPathConfig added in v0.34.0 

func FixupPathConfig(ctx context.Context, config *PathConfig)

FixupPathConfig validates config and fixes the invalid values inside it.

func GenerateCryptoKey added in v0.66.0 

func GenerateCryptoKey(out, info []byte) error

GenerateCryptoKey generates cryptographic key of length len(out) in out. info is an optional context information.

func MkdirAll added in v0.22.0 

func MkdirAll(path string) error

MkdirAll creates directory given as path.

func MrubyRbPath added in v0.50.0 

func MrubyRbPath(dir string) string

MrubyRbPath returns the path to nghttpx mruby.rb file.

func NewInitialQUICKeyingMaterials added in v0.66.0 

func NewInitialQUICKeyingMaterials() ([]byte, error)

func NewInitialTLSTicketKey added in v0.66.0 

func NewInitialTLSTicketKey() ([]byte, error)

func NewQUICKeyingMaterial added in v0.52.0 

func NewQUICKeyingMaterial() ([]byte, error)

NewQUICKeyingMaterial returns new QUIC keying material.

func NewTLSTicketKey added in v0.66.0 

func NewTLSTicketKey() ([]byte, error)

func NormalizePEM added in v0.47.0 

func NormalizePEM(data []byte) ([]byte, error)

NormalizePEM reads series of PEM encoded data and re-encode them in PEM format to remove anomalies.

func ReadConfig added in v0.18.0 

func ReadConfig(ingConfig *IngressConfig, config *corev1.ConfigMap)

ReadConfig obtains the configuration defined by the user merged with the defaults.

func ReadLeafCertificate added in v0.64.0 

func ReadLeafCertificate(certPEM []byte) (*x509.Certificate, error)

func SortTLSCred added in v0.68.0 

func SortTLSCred(creds []*TLSCred)

SortTLSCred sorts creds in ascending order of Key.Path, Cert.Path, and OCSPResp.Path.

func TLSCredCompare added in v0.68.0 

func TLSCredCompare(a, b *TLSCred) int

func TLSCredShareSamePaths added in v0.68.0 

func TLSCredShareSamePaths(a, b *TLSCred) bool

TLSCredShareSamePaths returns if a and b share the same Key.Path, Cert.path, and OCSPResp.Path.

func UpdateQUICKeyingMaterials added in v0.52.0 

func UpdateQUICKeyingMaterials(km []byte) ([]byte, error)

UpdateQUICKeyingMaterials calls UpdateQUICKeyingMaterialsFunc with NewQUICKeyingMaterial.

func UpdateQUICKeyingMaterialsFunc added in v0.66.0 

func UpdateQUICKeyingMaterialsFunc(km []byte, newKeyingMaterialFunc func() ([]byte, error)) ([]byte, error)

UpdateQUICKeyingMaterialsFunc generates new keying material via newKeyingMaterialFunc, and rotates keying materials, then returns new QUIC keying materials. VerifyQUICKeyingMaterials should be called against km and ensure that it succeeds before calling this function.

km must include at least 2 keying materials. New keying material is placed to the last. Because the first keying material is used for encryption, new keying material is not used for encryption immediately. It is started to be used for encryption after the next rotation in order to ensure that all controllers see this keying material. The first 2 bits identifies the key, therefore at most 4 keying materials are retained. The oldest keying materials are discarded if the number of keys exceeds such limit.

The rotation works as follows:

1. Move the last keying material (which is the new keying material generated in the previous update) to the first. 2. Discard oldest keying materials if the number of keys exceeds 3. 3. Generate new keying material and place it to the last.

func UpdateTLSTicketKey added in v0.66.0 

func UpdateTLSTicketKey(ticketKey []byte) ([]byte, error)

func UpdateTLSTicketKeyFunc added in v0.66.0 

func UpdateTLSTicketKeyFunc(ticketKey []byte, newTLSTicketKeyFunc func() ([]byte, error)) ([]byte, error)

UpdateTLSTicketKeyFunc generates new key via newTLSTicketKeyFunc, and rotates keys, then returns new TLS ticket key. This function assumes that VerifyTLSTicketKey was called against ticketKey and succeeded.

ticketKey must include at least 2 keys. New key is placed to the last. Because the first key is used for encryption, new key is not used for encryption immediately. It starts encrypting TLS ticket after the next rotation in order to ensure that all controllers see this key. At most MaxTLSTicketKeyNum keys, including new key, are retained. The oldest keys are discarded if the number of keys exceeds MaxTLSTicketKeyNum.

The rotation works as follows:

1. Move the last key (which is the new key generated in the previous update) to the first. 2. Discard oldest keys if the number of keys exceeds MaxTLSTicketKeyNum - 1. 3. Generate new key and place it to the last.

func VerifyCertificate added in v0.44.0 

func VerifyCertificate(ctx context.Context, cert *x509.Certificate, currentTime time.Time) error

VerifyCertificate verifies cert.

func VerifyQUICKeyingMaterials added in v0.52.0 

func VerifyQUICKeyingMaterials(km []byte) error

VerifyQUICKeyingMaterials verifies that km is a well formatted QUIC keying material.

func VerifyTLSTicketKey added in v0.66.0 

func VerifyTLSTicketKey(ticketKey []byte) error

func WriteFile added in v0.22.0 

func WriteFile(path string, content []byte) error

Types

type Affinity added in v0.17.0 

type Affinity string
const (
	// AffinityNone indicates no session affinity.
	AffinityNone Affinity = "none"
	// AffinityIP indicates client IP address based session affinity.
	AffinityIP Affinity = "ip"
	// AffinityCookie indicates cookie based session affinity.
	AffinityCookie Affinity = "cookie"
)

type AffinityCookieSecure added in v0.28.0 

type AffinityCookieSecure string
const (
	// AffinityCookieSecureAuto indicates that secure attribute is set based on underlying protocol.
	AffinityCookieSecureAuto AffinityCookieSecure = "auto"
	// AffinityCookieSecureYes indicates that secure attribute is set.
	AffinityCookieSecureYes AffinityCookieSecure = "yes"
	// AffinityCookieSecureNo indicates that secure attribute is not set.
	AffinityCookieSecureNo AffinityCookieSecure = "no"
)

type AffinityCookieStickiness added in v0.54.0 

type AffinityCookieStickiness string
const (
	// AffinityCookieStickinessLoose indicates loose affinity cookie stickiness.
	AffinityCookieStickinessLoose AffinityCookieStickiness = "loose"
	// AffinityCookieStickinessStrict indicates strict affinity cookie stickiness.
	AffinityCookieStickinessStrict AffinityCookieStickiness = "strict"
)

type Backend added in v0.54.0 

type Backend struct {
	Address  string
	Port     string
	Protocol Protocol
	TLS      bool
	SNI      string
	DNS      bool
	Group    string
	Weight   uint32
}

Backend describes a server in an nghttpx upstream

func NewDefaultBackend added in v0.54.0 

func NewDefaultBackend() Backend

NewDefaultBackend return a Backend to be use as default server that returns 503.

type BackendConfig added in v0.54.0 

type BackendConfig struct {
	// backend application protocol.  At the moment, this should be either ProtocolH2 or ProtocolH1.
	Proto *Protocol `json:"proto,omitempty"`
	// true if backend connection requires TLS
	TLS *bool `json:"tls,omitempty"`
	// SNI hostname for backend TLS connection
	SNI *string `json:"sni,omitempty"`
	// DNS is true if backend hostname is resolved dynamically rather than start up or configuration reloading.
	DNS *bool `json:"dns,omitempty"`
	// Weight is a weight of backend selection.
	Weight *uint32 `json:"weight,omitempty"`
}

BackendConfig is a backend configuration obtained from ingress annotation, specified per service port

func (*BackendConfig) GetDNS added in v0.54.0 

func (pbc *BackendConfig) GetDNS() bool

func (*BackendConfig) GetProto added in v0.54.0 

func (pbc *BackendConfig) GetProto() Protocol

func (*BackendConfig) GetSNI added in v0.54.0 

func (pbc *BackendConfig) GetSNI() string

func (*BackendConfig) GetTLS added in v0.54.0 

func (pbc *BackendConfig) GetTLS() bool

func (*BackendConfig) GetWeight added in v0.54.0 

func (pbc *BackendConfig) GetWeight() uint32

func (*BackendConfig) SetDNS added in v0.54.0 

func (pbc *BackendConfig) SetDNS(dns bool)

func (*BackendConfig) SetProto added in v0.54.0 

func (pbc *BackendConfig) SetProto(proto Protocol)

func (*BackendConfig) SetSNI added in v0.54.0 

func (pbc *BackendConfig) SetSNI(sni string)

func (*BackendConfig) SetTLS added in v0.54.0 

func (pbc *BackendConfig) SetTLS(tls bool)

func (*BackendConfig) SetWeight added in v0.54.0 

func (pbc *BackendConfig) SetWeight(weight uint32)

type BackendConfigMapper added in v0.54.0 

type BackendConfigMapper struct {
	DefaultBackendConfig *BackendConfig
	BackendConfigMapping BackendConfigMapping
}

BackendConfigMapper is a convenient object for querying BackendConfig for given service and port.

func NewBackendConfigMapper added in v0.54.0 

func NewBackendConfigMapper(defaultBackendConfig *BackendConfig, backendConfigMapping BackendConfigMapping) *BackendConfigMapper

NewBackendConfigMapper returns new BackendConfigMapper.

func (*BackendConfigMapper) ConfigFor added in v0.54.0 

func (bcm *BackendConfigMapper) ConfigFor(ctx context.Context, svc, port string) *BackendConfig

ConfigFor returns BackendConfig for given svc and port. svc is Service name, and port is either a named Service port or a numeric port number.

type BackendConfigMapping added in v0.54.0 

type BackendConfigMapping map[string]map[string]*BackendConfig

type ChecksumFile added in v0.19.0 

type ChecksumFile struct {
	Path     string
	Content  []byte
	Checksum []byte
}

ChecksumFile represents a file with path, its arbitrary content, and its checksum.

func CreatePerPatternMrubyChecksumFile added in v0.33.0 

func CreatePerPatternMrubyChecksumFile(dir string, mruby []byte) *ChecksumFile

CreatePerPatternMrubyChecksumFile creates ChecksumFile for given mruby content.

func (*ChecksumFile) GetPath added in v0.68.0 

func (c *ChecksumFile) GetPath() string

type IngressConfig 

type IngressConfig struct {
	Upstreams      []*Upstream
	TLS            bool
	DefaultTLSCred *TLSCred
	SubTLSCred     []*TLSCred
	// https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n
	// Set the number of worker threads.
	Workers int32
	// https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-worker-process-grace-shutdown-period
	// WorkerProcessGraceShutdownPeriod is the maximum period for an nghttpx worker process to terminate gracefully.
	WorkerProcessGraceShutdownPeriod time.Duration
	// https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-max-worker-processes
	// MaxWorkerProcesses is the maximum number of nghttpx worker processes which are spawned in every configuration reload.
	MaxWorkerProcesses int32
	// ExtraConfig is the extra configurations in a format that nghttpx accepts in --conf.
	ExtraConfig string
	// MrubyFileContent is the extra mruby script.  It is saved in the container disk space, and will be referenced by mruby-file from
	// configuration file.
	MrubyFile *ChecksumFile
	// HealthzMruby is the mruby script to setup healthz endpoint.  It is only enabled when deferred shutdown period is configured.
	HealthzMruby *ChecksumFile
	// HealthPort is the port for health monitor endpoint.
	HealthPort int32
	// APIPort is the port for API endpoint.
	APIPort int32
	// ConfDir is the path to the directory which includes nghttpx configuration files.
	ConfDir string
	// HTTPPort is the port to listen to for HTTP (non-TLS) request.
	HTTPPort int32
	// HTTPSPort is the port to listen to for HTTPS (TLS) request.
	HTTPSPort int32
	// FetchOCSPRespFromSecret is true if OCSP response is fetched from TLS secret.
	FetchOCSPRespFromSecret bool
	// ProxyProto toggles the use of PROXY protocol for all public-facing frontends.
	ProxyProto bool
	// HTTP3 enables HTTP/3.
	HTTP3 bool
	// QUICSecretFile is the file which contains QUIC keying materials.
	QUICSecretFile *PrivateChecksumFile
	// ShareTLSTicketKey, if true, shares TLS ticket key among ingress controllers via Secret.
	ShareTLSTicketKey bool
	// TLSTicketKeyFiles is the list of files that contain TLS ticket key.
	TLSTicketKeyFiles []*PrivateChecksumFile
}

IngressConfig describes an nghttpx configuration

type LoadBalancer added in v0.55.0 

type LoadBalancer struct {
	// contains filtered or unexported fields
}

LoadBalancer starts nghttpx and reloads its configuration on demand. It implements ServerReloader.

func NewLoadBalancer added in v0.55.0 

func NewLoadBalancer(config LoadBalancerConfig) (*LoadBalancer, error)

NewLoadBalancer creates new LoadBalancer.

func (*LoadBalancer) CheckAndReload added in v0.55.0 

func (lb *LoadBalancer) CheckAndReload(ctx context.Context, ingressCfg *IngressConfig) (bool, error)

CheckAndReload checks whether the nghttpx configuration changed and if so, makes nghttpx reload its configuration.

The current running nghttpx master process executes new nghttpx with new configuration. If its invocation succeeds, current nghttpx is going to shutdown gracefully. The invocation of new process may fail due to invalid configurations.

func (*LoadBalancer) Start added in v0.55.0 

func (lb *LoadBalancer) Start(ctx context.Context, path, confPath string) error

Start starts a nghttpx process using nghttpx executable at path, and wait.

type LoadBalancerConfig added in v0.55.0 

type LoadBalancerConfig struct {
	NghttpxHealthPort    int32
	NghttpxAPIPort       int32
	NghttpxConfDir       string
	Pod                  *corev1.Pod
	EventRecorder        events.EventRecorder
	ReloadTimeout        time.Duration
	StaleAssetsThreshold time.Duration
}

type PathConfig added in v0.33.0 

type PathConfig struct {
	// Mruby is mruby script
	Mruby *string `json:"mruby,omitempty"`
	// Affinity is session affinity method nghttpx supports.  See affinity parameter in backend option of nghttpx.
	Affinity *Affinity `json:"affinity,omitempty"`
	// AffinityCookieName is a name of cookie to use for cookie-based session affinity.
	AffinityCookieName *string `json:"affinityCookieName,omitempty"`
	// AffinityCookiePath is a path of cookie for cookie-based session affinity.
	AffinityCookiePath *string `json:"affinityCookiePath,omitempty"`
	// AffinityCookieSecure controls whether Secure attribute is added to session affinity cookie.
	AffinityCookieSecure *AffinityCookieSecure `json:"affinityCookieSecure,omitempty"`
	// AffinityCookieStickiness controls the stickiness of affinity cookie.
	AffinityCookieStickiness *AffinityCookieStickiness `json:"affinityCookieStickiness,omitempty"`
	// ReadTimeout is a read timeout when this path is selected.
	ReadTimeout *metav1.Duration `json:"readTimeout,omitempty"`
	// WriteTimeout is a write timeout when this path is selected.
	WriteTimeout *metav1.Duration `json:"writeTimeout,omitempty"`
	// RedirectIfNotTLS, if set to true, redirects cleartext HTTP to HTTPS.
	RedirectIfNotTLS *bool `json:"redirectIfNotTLS,omitempty"`
	// DoNotForward, if set to true, does not forward a request to a backend.
	DoNotForward *bool `json:"doNotForward,omitempty"`
}

PathConfig is per-pattern configuration obtained from Ingress annotation, specified per host and path pattern.

func ResolvePathConfig added in v0.33.0 

func ResolvePathConfig(host, path string, defaultPathConfig *PathConfig, pathConfig PathConfigMapping) *PathConfig

ResolvePathConfig returns a PathConfig which should be used for the pattern denoted by host and path.

func (*PathConfig) GetAffinity added in v0.33.0 

func (pc *PathConfig) GetAffinity() Affinity

func (*PathConfig) GetAffinityCookieName added in v0.33.0 

func (pc *PathConfig) GetAffinityCookieName() string

func (*PathConfig) GetAffinityCookiePath added in v0.33.0 

func (pc *PathConfig) GetAffinityCookiePath() string

func (*PathConfig) GetAffinityCookieSecure added in v0.33.0 

func (pc *PathConfig) GetAffinityCookieSecure() AffinityCookieSecure

func (*PathConfig) GetAffinityCookieStickiness added in v0.54.0 

func (pc *PathConfig) GetAffinityCookieStickiness() AffinityCookieStickiness

func (*PathConfig) GetDoNotForward added in v0.51.0 

func (pc *PathConfig) GetDoNotForward() bool

func (*PathConfig) GetMruby added in v0.33.0 

func (pc *PathConfig) GetMruby() string

func (*PathConfig) GetReadTimeout added in v0.34.0 

func (pc *PathConfig) GetReadTimeout() *metav1.Duration

func (*PathConfig) GetRedirectIfNotTLS added in v0.40.0 

func (pc *PathConfig) GetRedirectIfNotTLS() bool

func (*PathConfig) GetWriteTimeout added in v0.34.0 

func (pc *PathConfig) GetWriteTimeout() *metav1.Duration

func (*PathConfig) SetAffinity added in v0.33.0 

func (pc *PathConfig) SetAffinity(affinity Affinity)

func (*PathConfig) SetAffinityCookieName added in v0.33.0 

func (pc *PathConfig) SetAffinityCookieName(affinityCookieName string)

func (*PathConfig) SetAffinityCookiePath added in v0.33.0 

func (pc *PathConfig) SetAffinityCookiePath(affinityCookiePath string)

func (*PathConfig) SetAffinityCookieSecure added in v0.33.0 

func (pc *PathConfig) SetAffinityCookieSecure(affinityCookieSecure AffinityCookieSecure)

func (*PathConfig) SetAffinityCookieStickiness added in v0.54.0 

func (pc *PathConfig) SetAffinityCookieStickiness(affinityCookieStickiness AffinityCookieStickiness)

func (*PathConfig) SetDoNotForward added in v0.51.0 

func (pc *PathConfig) SetDoNotForward(b bool)

func (*PathConfig) SetMruby added in v0.33.0 

func (pc *PathConfig) SetMruby(mruby string)

func (*PathConfig) SetReadTimeout added in v0.34.0 

func (pc *PathConfig) SetReadTimeout(readTimeout metav1.Duration)

func (*PathConfig) SetRedirectIfNotTLS added in v0.40.0 

func (pc *PathConfig) SetRedirectIfNotTLS(b bool)

func (*PathConfig) SetWriteTimeout added in v0.34.0 

func (pc *PathConfig) SetWriteTimeout(writeTimeout metav1.Duration)

type PathConfigMapper added in v0.54.0 

type PathConfigMapper struct {
	DefaultPathConfig *PathConfig
	PathConfigMapping PathConfigMapping
}

PathConfigMapper is a convenient object for querying PathConfig for given host and path.

func NewPathConfigMapper added in v0.54.0 

func NewPathConfigMapper(defaultPathConfig *PathConfig, pathConfigMapping PathConfigMapping) *PathConfigMapper

NewPathConfigMapper returns new PathConfigMapper.

func (*PathConfigMapper) ConfigFor added in v0.54.0 

func (pcm *PathConfigMapper) ConfigFor(host, path string) *PathConfig

ConfigFor returns PathConfig for given host and path.

type PathConfigMapping added in v0.54.0 

type PathConfigMapping map[string]*PathConfig

type PrivateChecksumFile added in v0.52.0 

type PrivateChecksumFile ChecksumFile

PrivateChecksumFile is a kind of ChecksumFile and it contains private data which should not be spilled out into log.

func CreateQUICSecretFile added in v0.52.0 

func CreateQUICSecretFile(dir string, quicKeyingMaterials []byte) *PrivateChecksumFile

CreateQUICSecretFile creates given QUIC keying materials file.

func CreateTLSTicketKeyFiles added in v0.66.0 

func CreateTLSTicketKeyFiles(dir string, ticketKey []byte) []*PrivateChecksumFile

CreateTLSTicketKeyFiles creates TLS ticket key files. This function assume that VerifyTLSTicketKey was called against ticketKey and succeeded.

func (PrivateChecksumFile) MarshalJSON added in v0.52.0 

func (c PrivateChecksumFile) MarshalJSON() ([]byte, error)

type Protocol added in v0.17.0 

type Protocol string
const (
	// ProtocolH2 indicates HTTP/2 protocol.
	ProtocolH2 Protocol = "h2"
	// ProtocolH1 indicates HTTP/1.1 protocol.
	ProtocolH1 Protocol = "http/1.1"
)

type ServerReloader added in v0.55.0 

type ServerReloader interface {
	// Start starts a nghttpx process using executable at path with configuration file at confPath, and waits for the process to finish.
	// If ctx is canceled, kill nghttpx process, and return.
	Start(ctx context.Context, path, confPath string) error
	// CheckAndReload checks whether the nghttpx configuration changed, and if so, make nghttpx reload its configuration.  If reloading
	// is required, and it successfully issues reloading, returns true.  If there is no need to reloading, it returns false.  On error,
	// it returns false, and non-nil error.
	CheckAndReload(ctx context.Context, ingressCfg *IngressConfig) (bool, error)
}

ServerReloader is the API to update underlying load balancer.

type TLSCred 

type TLSCred struct {
	Name     string
	Key      PrivateChecksumFile
	Cert     ChecksumFile
	OCSPResp *ChecksumFile
}

TLSCred stores TLS server private key, certificate file path, and optionally OCSP response. OCSP response must be DER encoded byte string.

func CreateTLSCred added in v0.19.0 

func CreateTLSCred(dir, name string, cert, key, ocspResp []byte) *TLSCred

CreateTLSCred creates TLSCred for given private key and certificate. ocspResp is optional, and could be nil.

func RemoveDuplicateTLSCred added in v0.68.0 

func RemoveDuplicateTLSCred(creds []*TLSCred) []*TLSCred

RemoveDuplicateTLSCred removes duplicates from creds, which share the same Key.Path, Cert.Path, and OCSPResp.Path. It assumes that creds are sorted by SortTLSCred.

type Upstream 

type Upstream struct {
	Name                     string
	Ingress                  types.NamespacedName
	Host                     string
	Path                     string
	Backends                 []Backend
	RedirectIfNotTLS         bool
	Mruby                    *ChecksumFile
	Affinity                 Affinity
	AffinityCookieName       string
	AffinityCookiePath       string
	AffinityCookieSecure     AffinityCookieSecure
	AffinityCookieStickiness AffinityCookieStickiness
	ReadTimeout              *metav1.Duration
	WriteTimeout             *metav1.Duration
	DoNotForward             bool
}

Upstream describes an nghttpx upstream

func (*Upstream) String added in v0.56.0 

func (ups *Upstream) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.