haproxy

package
v0.0.0-...-cc11b02 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 22, 2023 License: BSD-2-Clause Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsInvalidProblem 

func IsInvalidProblem(err error) bool

IsInvalidProblem returns true iff err is of type *Problem, and represents an error response from the k8s-crt-dnldr REST API that a TLS Secret is invalid -- one of the required fields "tls.crt" or "tls.key" is missing, or its value is empty.

func IsNotFoundProblem 

func IsNotFoundProblem(err error) bool

IsNotFoundProblem returns true iff err is of type *Problem, and represents a Not Found error from the k8s-crt-dnldr REST API.

func IsPermissionProblem 

func IsPermissionProblem(err error) bool

IsPermissionProblem returns true iff err is of type *Problem, and represents an error response from the k8s-crt-dnldr REST API that there was a file permission error on writing or deleting the certificate for the TLS Secret.

Types

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Controller (or haproxy controller) remotely administers a haproxy container to configure TLS offload for Ingress. For the most part, this is done with the dataplane API -- see the documentaion of DataplaneClient, and the links shown there.

func NewOffloaderController 

func NewOffloaderController(
	log *logrus.Logger, monIntvl time.Duration) *Controller

NewOffloaderController returns a controller to remotely administer a haproxy container for Ingress TLS offload, logging its work with the given logger.

XXX monIntvl is meant to be the interval for a monitor loop, analogous to the monitor for Varnish instances; currently not implemented.

func (*Controller) AddOrUpdateOffloader 

func (hc *Controller) AddOrUpdateOffloader(
	key string,
	addrs []OffldAddr,
	secrName string,
) update.Status

AddOrUpdateOffloader sets the configuration for the offloader designated by key, using the given addresses for remote admin, and the Secret designated by secrName as the password for Basic Auth in requests to the dataplane API.

func (*Controller) AddOrUpdateTLSSecret 

func (hc *Controller) AddOrUpdateTLSSecret(
	svcKey string, secret SecretSpec,
) update.Status

AddOrUpdateTLSSecret sends requests to instances of svcKey, instructing them to write certificate files for the specified TLS Secret.

If the operation is successful, the instances will use the certificate after the next reload.

func (*Controller) DeleteDataplaneSecret 

func (hc *Controller) DeleteDataplaneSecret(name string)

DeleteDataplaneSecret removes the Secret designated by name.

func (*Controller) DeleteOffldSvc 

func (hc *Controller) DeleteOffldSvc(svcKey string) update.Status

DeleteOffldSvc removes the TLS offloader service designated by svcKey -- the haproxy configuration is deleted, and the specification is removed from the controller's configuration.

func (*Controller) DeleteTLSSecret 

func (hc *Controller) DeleteTLSSecret(
	svcKey string, secret SecretSpec,
) update.Status

DeleteTLSSecret sends requests to instances of svcKey, instructing them to delete certificate files for the specified TLS Secret.

If the operation is successful, the instances will no longer use the certificate after the next reload.

func (*Controller) HasOffloader 

func (hc *Controller) HasOffloader(svcKey string) bool

HasOffloader returns true iff the controller has configured the TLS offloader designated by svcKey.

func (*Controller) Quit 

func (hc *Controller) Quit()

Quit stops the offloader controller.

func (*Controller) SetDataplaneSecret 

func (hc *Controller) SetDataplaneSecret(key string, secret []byte)

SetDataplaneSecret stores the secret to be used as the Basic Auth password used in requests to a dataplane API, under the name given in key (from the namespace/name of a k8s Secret).

func (*Controller) SetOffldSecret 

func (hc *Controller) SetOffldSecret(svcKey, secretKey string)

SetOffldSecret specifies secretKey as the name of the Secret to be used to authorize use of the dataplane API for the TLS offloader designated by SetOffldSecret. SetDataplaneSecret(), in turns, sets the secret contents for secretKey.

func (*Controller) Start 

func (hc *Controller) Start()

Start initiates a haproxy controller.

XXX currently little more than a no-op, will start the monitor

func (*Controller) Update 

func (hc *Controller) Update(
	svcKey string,
	addrs []OffldAddr,
	spec Spec,
) update.Status

Update the TLS offloader designated by svcKey to the configuration given by spec.

type CrtDnldrClient 

type CrtDnldrClient struct {
	// contains filtered or unexported fields
}

CrtDnldrClient sends requests to the REST API of a k8s-crt-dnldr app, to instruct it to write or delete PEM files corresponding to TLS Secrets. This determines the certificates available to haproxy at configuration reload.

See: https://code.uplex.de/k8s/k8s-crt-dnldr

func NewCrtDnldrClient 

func NewCrtDnldrClient(host string) *CrtDnldrClient

NewCrtDnldrClient returns a client for the REST API listening at host for a k8s-crt-dnldr app.

host may have the form "addr" or "addr:port", where addr may be a host name or IP address.

func (*CrtDnldrClient) Delete 

func (client *CrtDnldrClient) Delete(spec SecretSpec) error

Delete sends a DELETE request to the REST API of the k8s-crt-dnldr app, instructing it to delete the certificate file for the specified TLS Secret.

If the response has Content-Type application/problem+json, then the return value is an instance of *Problem.

func (*CrtDnldrClient) Put 

func (client *CrtDnldrClient) Put(spec SecretSpec) error

Put sends a PUT request to the REST API of the k8s-crt-dnldr app, instructing it to write the certificate file for the specified TLS Secret.

If the response has Content-Type application/problem+json, then the return value is an instance of *Problem.

type DataplaneClient 

type DataplaneClient struct {
	// contains filtered or unexported fields
}

DataplaneClient executes remote administration of a haproxy server using the dataplane API, which runs as a child process in the haproxy container. 

https://www.haproxy.com/documentation/hapee/1-9r1/configuration/dataplaneapi/
https://www.haproxy.com/documentation/dataplaneapi/latest/

func NewDataplaneClient 

func NewDataplaneClient(
	host, pass string, log *logrus.Logger,
) *DataplaneClient

NewDataplaneClient returns a client for the dataplane API server listening at host, using the Basic Auth password pass.

host may have the form "addr" or "addr:port", where addr may be a host name or IP address.

func (*DataplaneClient) AddOffldr 

func (client *DataplaneClient) AddOffldr(tx *models.Transaction) error

AddOffldr adds the offloader configuration for haproxy, in the dataplane transaction tx.

AddOffldr MUST be used if the offloader was not configured previously since the haproxy container was started, or after deletion.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) AddOnldr 

func (client *DataplaneClient) AddOnldr(
	tx *models.Transaction,
	onldSpec *OnloadSpec,
) error

AddOnldr adds the onloader configuration for haproxy, in the dataplane transaction tx. instances specifies the number of servers in the haproxy backend.

AddOnldr MUST be used if the onloader was not configured previously since the haproxy container was started, or after deletion.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) DeleteOffldr 

func (client *DataplaneClient) DeleteOffldr(tx *models.Transaction) error

DeleteOffldr removes the haproxy offloader configuration, in the dataplane transaction tx.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) DeleteOnldr 

func (client *DataplaneClient) DeleteOnldr(tx *models.Transaction) error

DeleteOnldr removes the haproxy onloader configuration, in the dataplane transaction tx.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) DeleteTx 

func (client *DataplaneClient) DeleteTx(tx *models.Transaction) error

DeleteTx removes the dataplane transaction tx. This should be called after a successful invocation of FinishTx(tx).

A non-nil error return may wrap a DataplaneError.

XXX currently a no-op.

func (*DataplaneClient) FinishTx 

func (client *DataplaneClient) FinishTx(
	tx *models.Transaction) (ReloadState, error)

FinishTx completes the dataplane transaction tx. If successful, a haproxy configuration reload may be initiated.

The DataplaneClient does not use the force-reload parameter. This means that dataplane does not reload the configuration synchronously, so as to avoid thrashing re-configuration. Reloads of pending transactions are performed at intervals (usually a few seconds).

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) LoaderStatus 

func (client *DataplaneClient) LoaderStatus() (
	offLoaded, onLoaded bool, version int, err error)

LoaderStatus returns booleans for whether the off- and onloader sites have been loaded by the dataplane API, and returns the current configuration version.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) Reloaded 

func (client *DataplaneClient) Reloaded(id string) (bool, ReloadState, error)

Reloaded returns true if the reload identified by id has been successfully complete, with details about the reload state.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) StartTx 

func (client *DataplaneClient) StartTx(
	version int64) (tx *models.Transaction, err error)

StartTx initiates a dataplane transaction (a POST to the endpoint /services/haproxy/transactions) based on the given configuration version.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) UpdateDefaults 

func (client *DataplaneClient) UpdateDefaults(
	tx *models.Transaction,
	spec *DefaultsSpec,
) error

UpdateDefaults modifies default haproxy configuration (valid for both off- and onload).

func (*DataplaneClient) UpdateOffldr 

func (client *DataplaneClient) UpdateOffldr(tx *models.Transaction) error

UpdateOffldr modifies the offloader configuration for haproxy, in the dataplane transaction tx.

UpdateOffldr MUST be used if the offloader was previously added with AddOffldr, and not removed with DeleteOffldr.

A non-nil error return may wrap a DataplaneError.

func (*DataplaneClient) UpdateOnldr 

func (client *DataplaneClient) UpdateOnldr(
	tx *models.Transaction,
	onldSpec *OnloadSpec,
) error

UpdateOnldr modifies the onloader configuration for haproxy, in the dataplane transaction tx. instances specifies the number of servers in the haproxy backend.

UpdateOnldr MUST be used if the onloader was previously added with AddOnldr, and not removed with DeleteOnldr.

A non-nil error return may wrap a DataplaneError.

type DataplaneError 

type DataplaneError struct {
	// Err encapsulates the dataplane API's error object.
	Err *models.Error
	// Status is the HTTP response code.
	Status int
	// Version is the configuration-version returned in the response.
	Version int
}

DataplaneError represents an error response from the dataplane API. Satisifies the error interface.

func (*DataplaneError) Error 

func (err *DataplaneError) Error() string

type DefaultTimeoutsSpec 

type DefaultTimeoutsSpec struct {
	Connect *int64
	Client  *int64
	Server  *int64
}

DefaultTimeoutsSpec specifies haproxy global default timeouts.

type DefaultsSpec 

type DefaultsSpec struct {
	Timeouts DefaultTimeoutsSpec
}

DefaultsSpec specifies haproxy global default configuration.

type OffldAddr 

type OffldAddr struct {
	PodNamespace  string
	PodName       string
	IP            string
	DataplanePort int32
	CrtDnldrPort  int32
}

OffldAddr encapsulate the networking information for remote administration of a TLS offloader for Ingress, implemented by haproxy.

Includes the namespace and name of the Pod in which haproxy runs, and the addresses of the dataplane and k8s-crt-dnldr REST APIs.

type OffldrError 

type OffldrError struct {
	// contains filtered or unexported fields
}

OffldrError encapsulates an error in the interaction of the haproxy controller with a haproxy container.

func (OffldrError) Error 

func (offldrErr OffldrError) Error() string

type OffldrErrors 

type OffldrErrors []OffldrError

OffldrErrors encapsulates a group of errors in the interaction with a haproxy container. Most of the controllers actions apply to all of the replicas in a Pod, and the controller does not stop at the first error. So any errors encountered along the way, are collected and returned by this type. This makes it possible for an action to succeed for some of the replicas. If an action had no error, usually nil is returned for the error value (rather than an empty slice).

This type satisfies the error interface.

func (OffldrErrors) Error 

func (offldrErrs OffldrErrors) Error() string

type OnloadSpec 

type OnloadSpec struct {
	Verify     bool
	Authority  bool
	Instances  int
	StickTblSz int
	MaxConn    int
}

OnloadSpec specifies the configuration of TLS onload for haproxy. The haproxy configuration specifically works together with the via feature of the klarlack implementation of Varnish. See: https://github.com/varnishcache/varnish-cache/pull/3128

type Problem 

type Problem struct {
	Type     string `json:"type"`
	Title    string `json:"title"`
	Status   int    `json:"status"`
	Detail   string `json:"detail"`
	Instance string `json:"instance"`
}

Problem Details object per RFC7807

func (Problem) Error 

func (problem Problem) Error() string

type ReloadState 

type ReloadState struct {
	// ID is generated by the dataplane API (usually a UUID)-
	ID string
	// Response is the dataplane API's text message about the reload.
	Response string
	// Timestamp is set by the dataplane API.
	Timestamp time.Time
	// Status of the dataplane reload.
	Status ReloadStatus
}

ReloadState encapsulates the dataplane API's reload object.

type ReloadStatus 

type ReloadStatus uint8

ReloadStatus classifies the current state of a dataplane reload. 

const (
	// Unknown dataplane reload status.
	Unknown ReloadStatus = iota
	// Failed dataplane reload.
	Failed
	// InProgress dataplane reload.
	InProgress
	// Succeeded dataplane reload.
	Succeeded
)

func (ReloadStatus) String 

func (status ReloadStatus) String() string

type SecretSpec 

type SecretSpec struct {
	Namespace       string
	Name            string
	UID             string
	ResourceVersion string
}

SecretSpec specifies an Ingress TLS Secret for the purposes of the haproxy controller. It suffices to identify the *exact* k8s configuration of the Secret, including UID and ResourceVersion.

func (SecretSpec) String 

func (spec SecretSpec) String() string

type Spec 

type Spec struct {
	Namespace string
	Name      string
	Secrets   []SecretSpec
	Onload    *OnloadSpec
	Defaults  *DefaultsSpec
}

Spec specifies the configuration of TLS offload for haproxy. It includes the namespace and name of the Varnish admin Service (the headless k8s Service specifying ports for remote administration), and a list of specs for Ingress TLS Secrets.

func (Spec) String 

func (spec Spec) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.