Documentation
¶
Index ¶
Constants ¶
View Source
const ( InjectInitCopyContainerName = "copy-consul-bin" InjectInitContainerName = "consul-connect-inject-init" )
View Source
const ( MetaKeyPodName = "pod-name" MetaKeyKubeServiceName = "k8s-service-name" MetaKeyKubeNS = "k8s-namespace" MetaKeyManagedBy = "managed-by" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EndpointsController ¶ added in v0.26.0
type EndpointsController struct {
client.Client
// ConsulClient points at the agent local to the connect-inject deployment pod.
ConsulClient *api.Client
// ConsulClientCfg is the client config used by the ConsulClient when calling NewClient().
ConsulClientCfg *api.Config
// ConsulScheme is the scheme to use when making API calls to Consul,
// i.e. "http" or "https".
ConsulScheme string
// ConsulPort is the port to make HTTP API calls to Consul agents on.
ConsulPort string
// Only endpoints in the AllowK8sNamespacesSet are reconciled.
AllowK8sNamespacesSet mapset.Set
// Endpoints in the DenyK8sNamespacesSet are ignored.
DenyK8sNamespacesSet mapset.Set
// EnableConsulNamespaces indicates that a user is running Consul Enterprise
// with version 1.7+ which supports namespaces.
EnableConsulNamespaces bool
// ConsulDestinationNamespace is the name of the Consul namespace to create
// all config entries in. If EnableNSMirroring is true this is ignored.
ConsulDestinationNamespace string
// EnableNSMirroring causes Consul namespaces to be created to match the
// k8s namespace of any config entry custom resource. Config entries will
// be created in the matching Consul namespace.
EnableNSMirroring bool
// NSMirroringPrefix is an optional prefix that can be added to the Consul
// namespaces created while mirroring. For example, if it is set to "k8s-",
// then the k8s `default` namespace will be mirrored in Consul's
// `k8s-default` namespace.
NSMirroringPrefix string
// CrossNSACLPolicy is the name of the ACL policy to attach to
// any created Consul namespaces to allow cross namespace service discovery.
// Only necessary if ACLs are enabled.
CrossNSACLPolicy string
// ReleaseName is the Consul Helm installation release.
ReleaseName string
// ReleaseNamespace is the namespace where Consul is installed.
ReleaseNamespace string
// EnableTransparentProxy controls whether transparent proxy should be enabled
// for all proxy service registrations.
EnableTransparentProxy bool
// TProxyOverwriteProbes controls whether the endpoints controller should expose pod's HTTP probes
// via Envoy proxy.
TProxyOverwriteProbes bool
MetricsConfig MetricsConfig
Log logr.Logger
Scheme *runtime.Scheme
context.Context
}
func (*EndpointsController) Logger ¶ added in v0.26.0
func (r *EndpointsController) Logger(name types.NamespacedName) logr.Logger
func (*EndpointsController) SetupWithManager ¶ added in v0.26.0
func (r *EndpointsController) SetupWithManager(mgr ctrl.Manager) error
type Handler ¶
type Handler struct {
ConsulClient *api.Client
Clientset kubernetes.Interface
// ImageConsul is the container image for Consul to use.
// ImageEnvoy is the container image for Envoy to use.
//
// Both of these MUST be set.
ImageConsul string
ImageEnvoy string
// ImageConsulK8S is the container image for consul-k8s to use.
// This image is used for the consul-sidecar container.
ImageConsulK8S string
// Optional: set when you need extra options to be set when running envoy
// See a list of args here: https://www.envoyproxy.io/docs/envoy/latest/operations/cli
EnvoyExtraArgs string
// RequireAnnotation means that the annotation must be given to inject.
// If this is false, injection is default.
RequireAnnotation bool
// AuthMethod is the name of the Kubernetes Auth Method to
// use for identity with connectInjection if ACLs are enabled
AuthMethod string
// The PEM-encoded CA certificate string
// to use when communicating with Consul clients over HTTPS.
// If not set, will use HTTP.
ConsulCACert string
// EnableNamespaces indicates that a user is running Consul Enterprise
// with version 1.7+ which is namespace aware. It enables Consul namespaces,
// with injection into either a single Consul namespace or mirrored from
// k8s namespaces.
EnableNamespaces bool
// AllowK8sNamespacesSet is a set of k8s namespaces to explicitly allow for
// injection. It supports the special character `*` which indicates that
// all k8s namespaces are eligible unless explicitly denied. This filter
// is applied before checking pod annotations.
AllowK8sNamespacesSet mapset.Set
// DenyK8sNamespacesSet is a set of k8s namespaces to explicitly deny
// injection and thus service registration with Consul. An empty set
// means that no namespaces are removed from consideration. This filter
// takes precedence over AllowK8sNamespacesSet.
DenyK8sNamespacesSet mapset.Set
// ConsulDestinationNamespace is the name of the Consul namespace to register all
// injected services into if Consul namespaces are enabled and mirroring
// is disabled. This may be set, but will not be used if mirroring is enabled.
ConsulDestinationNamespace string
// EnableK8SNSMirroring causes Consul namespaces to be created to match the
// k8s namespace of any service being registered into Consul. Services are
// registered into the Consul namespace that mirrors their k8s namespace.
EnableK8SNSMirroring bool
// K8SNSMirroringPrefix is an optional prefix that can be added to the Consul
// namespaces created while mirroring. For example, if it is set to "k8s-",
// then the k8s `default` namespace will be mirrored in Consul's
// `k8s-default` namespace.
K8SNSMirroringPrefix string
// CrossNamespaceACLPolicy is the name of the ACL policy to attach to
// any created Consul namespaces to allow cross namespace service discovery.
// Only necessary if ACLs are enabled.
CrossNamespaceACLPolicy string
// Default resource settings for sidecar proxies. Some of these
// fields may be empty.
DefaultProxyCPURequest resource.Quantity
DefaultProxyCPULimit resource.Quantity
DefaultProxyMemoryRequest resource.Quantity
DefaultProxyMemoryLimit resource.Quantity
// MetricsConfig contains metrics configuration from the inject-connect command and has methods to determine whether
// configuration should come from the default flags or annotations. The handler uses this to configure prometheus
// annotations and the merged metrics server.
MetricsConfig MetricsConfig
// Resource settings for init container. All of these fields
// will be populated by the defaults provided in the initial flags.
InitContainerResources corev1.ResourceRequirements
// Resource settings for Consul sidecar. All of these fields
// will be populated by the defaults provided in the initial flags.
ConsulSidecarResources corev1.ResourceRequirements
// EnableTransparentProxy enables transparent proxy mode.
// This means that the injected init container will apply traffic redirection rules
// so that all traffic will go through the Envoy proxy.
EnableTransparentProxy bool
// TProxyOverwriteProbes controls whether the webhook should mutate pod's HTTP probes
// to point them to the Envoy proxy.
TProxyOverwriteProbes bool
// EnableOpenShift indicates that when tproxy is enabled, the security context for the Envoy and init
// containers should not be added because OpenShift sets a random user for those and will not allow
// those containers to be created otherwise.
EnableOpenShift bool
// Log
Log logr.Logger
// contains filtered or unexported fields
}
Handler is the HTTP handler for admission webhooks.
type MetricsConfig ¶ added in v0.26.0
type MetricsConfig struct {
DefaultEnableMetrics bool
DefaultEnableMetricsMerging bool
DefaultMergedMetricsPort string
DefaultPrometheusScrapePort string
DefaultPrometheusScrapePath string
}
MetricsConfig represents configuration common to connect-inject components related to metrics.
Source Files
Click to show internal directories.
Click to hide internal directories.