controller

package

v0.0.0-...-e94d887 Latest Latest Go to latest Published: Jul 26, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/acorn-io/acorn-istio-plugin

Links

Open Source Insights

Documentation ¶

Index ¶

func AddLabels(req router.Request, resp router.Response) error
func DoNothing(req router.Request, resp router.Response) error
func GCOrphans(req router.Request, resp router.Response) error
func PoliciesForIngress(req router.Request, resp router.Response) error
func PoliciesForService(req router.Request, resp router.Response) error
func RegisterRoutes(router *router.Router, client kubernetes.Interface, ...) error
func Start(ctx context.Context, opt Options) error
func VirtualServiceForLink(req router.Request, resp router.Response) error
type Handler
- func (h Handler) KillIstioSidecar(req router.Request, resp router.Response) error
- func (h Handler) PoliciesForApp(req router.Request, resp router.Response) error
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddLabels ¶

func AddLabels(req router.Request, resp router.Response) error

AddLabels adds the "istio-injection: enabled" label on every Acorn project namespace

func DoNothing ¶

func DoNothing(req router.Request, resp router.Response) error

func GCOrphans ¶

func GCOrphans(req router.Request, resp router.Response) error

func PoliciesForIngress ¶

func PoliciesForIngress(req router.Request, resp router.Response) error

PoliciesForIngress creates Istio an PeerAuthentication for each Ingress resource created by Acorn. The PeerAuthentication sets mTLS to PERMISSIVE mode on the ports exposed by the Ingresses so that the containers will accept traffic coming from outside the Istio mesh.

func PoliciesForService ¶

func PoliciesForService(req router.Request, resp router.Response) error

PoliciesForService creates an Istio PeerAuthentication for each LoadBalancer Service created by Acorn. The PeerAuthentication sets mTLS to PERMISSIVE mode on the ports targeted by the Service so that the containers will accept traffic coming from outside the Istio mesh.

func RegisterRoutes ¶

func RegisterRoutes(router *router.Router, client kubernetes.Interface, debugImage, allowTrafficFromNamespaces string) error

func Start ¶

func Start(ctx context.Context, opt Options) error

func VirtualServiceForLink ¶

func VirtualServiceForLink(req router.Request, resp router.Response) error

VirtualServiceForLink creates an Istio VirtualService for each link between Acorn apps. This is in order to make mTLS work between workloads across namespaces.

Types ¶

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

func (Handler) KillIstioSidecar ¶

func (h Handler) KillIstioSidecar(req router.Request, resp router.Response) error

KillIstioSidecar kills the Istio sidecar on every pod that corresponds to an Acorn job, once the job is complete

func (Handler) PoliciesForApp ¶

func (h Handler) PoliciesForApp(req router.Request, resp router.Response) error

PoliciesForApp creates an Istio PeerAuthentication in each app's namespace. The PeerAuthentication sets mTLS to STRICT mode, meaning that all pods in the namespace will only accept incoming network traffic from other pods in the Istio mesh.

type Options ¶

type Options struct {
	K8s                        kubernetes.Interface
	DebugImage                 string
	AllowTrafficFromNamespaces string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL