crmanager

package
v2.6.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2021 License: Apache-2.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultCustomResourceLabel is a label used for F5 Custom Resources.
	DefaultCustomResourceLabel = "f5cr in (true)"
	// VirtualServer is a F5 Custom Resource Kind.
	VirtualServer = "VirtualServer"
	// TLSProfile is a F5 Custom Resource Kind
	TLSProfile = "TLSProfile"
	// IngressLink is a Custom Resource used by both F5 and Nginx
	IngressLink = "IngressLink"
	// TransportServer is a F5 Custom Resource Kind
	TransportServer = "TransportServer"
	// ExternalDNS is a F5 Customr Resource Kind
	ExternalDNS = "ExternalDNS"
	// IPAM is a F5 Customr Resource Kind
	IPAM = "IPAM"
	// Service is a k8s native Service Resource.
	Service = "Service"
	// Endpoints is a k8s native Endpoint Resource.
	Endpoints = "Endpoints"
	// Namespace is k8s namespace
	Namespace = "Namespace"

	NodePortMode = "nodeport"

	PolicyControlForward = "forwarding"
	// Namespace for IPAM CRD
	IPAMNamespace = "kube-system"

	// TLS Terminations
	TLSEdge             = "edge"
	TLSReencrypt        = "reencrypt"
	TLSPassthrough      = "passthrough"
	TLSRedirectInsecure = "redirect"
	TLSAllowInsecure    = "allow"
	TLSNoInsecure       = "none"

	// HTTP Events for LTM Policy
	HTTPRequest    = "HTTPRequest"
	TLSClientHello = "TLSClientHello"

	LBServiceIPAMLabelAnnotation = "cis.f5.com/ipamLabel"
	HealthMonitorAnnotation      = "cis.f5.com/health"
)
View Source 
const (
	DEFAULT_MODE       string = "tcp"
	DEFAULT_BALANCE    string = "round-robin"
	DEFAULT_HTTP_PORT  int32  = 80
	DEFAULT_HTTPS_PORT int32  = 443
	DEFAULT_SNAT       string = "auto"

	// Constants for CustomProfile.Type as defined in CCCL
	CustomProfileAll    string = "all"
	CustomProfileClient string = "clientside"
	CustomProfileServer string = "serverside"

	// Constants for CustomProfile.PeerCertMode
	PeerCertRequired = "require"
	PeerCertIgnored  = "ignore"
	PeerCertDefault  = PeerCertIgnored

	// Constants
	HttpRedirectIRuleName = "http_redirect_irule"
	// Constants
	HttpRedirectNoHostIRuleName = "http_redirect_irule_nohost"
	// Internal data group for https redirect
	HttpsRedirectDgName = "https_redirect_dg"
	TLSIRuleName        = "tls_irule"
)
View Source 
const (
	// reference for profiles stored in BIG-IP
	BIGIP = "bigip"
	// reference for profiles stores as secrets in k8s cluster
	Secret = "secret"
)

constants for TLS references

View Source 
const (
	NotEnabled = iota
	InvalidInput
	NotRequested
	Requested
	Allocated
)
View Source 
const AbDeploymentDgName = "ab_deployment_dg"

Internal data group for ab deployment routes.

View Source 
const EdgeHostsDgName = "ssl_edge_servername_dg"

Internal data group for edge termination.

View Source 
const EdgeServerSslDgName = "ssl_edge_serverssl_dg"

Internal data group for edge termination that maps the host name to the false. This will help Irule to understand ssl should be disabled on serverside.

View Source 
const ReencryptHostsDgName = "ssl_reencrypt_servername_dg"

Internal data group for reencrypt termination.

View Source 
const ReencryptServerSslDgName = "ssl_reencrypt_serverssl_dg"

Internal data group for reencrypt termination that maps the host name to the server ssl profile.

View Source 
const RuleDep = "Rule"

RuleDep defines the rule for choosing a service from multiple services in VirtualServer, mainly by path.

Variables

View Source 
var DEFAULT_PARTITION string
View Source 
var K8SCoreServices = [...]string{"kube-dns", "kube-scheduler", "kube-controller-manager", "docker-registry", "kubernetes", "registry-console", "router", "kubelet", "console", "alertmanager-main", "alertmanager-operated", "cluster-monitoring-operator", "grafana", "kube-state-metrics", "node-exporter", "prometheus-k8s", "prometheus-operated", "prometheus-operatorwebconsole"}

Functions

func AS3NameFormatter 

func AS3NameFormatter(name string) string

AS3NameFormatter formarts resources names according to AS3 convention TODO: Should we use this? Or this will be done in agent?

func DeepEqualJSON 

func DeepEqualJSON(decl1, decl2 as3Declaration) bool

func JoinBigipPath 

func JoinBigipPath(partition, objName string) string

Types

type Agent 

type Agent struct {
	*PostManager
	Partition       string
	ConfigWriter    writer.Writer
	EventChan       chan interface{}
	PythonDriverPID int
	// contains filtered or unexported fields
}

func NewAgent 

func NewAgent(params AgentParams) *Agent

func (*Agent) PostConfig 

func (agent *Agent) PostConfig(config ResourceConfigWrapper)

func (Agent) PostGTMConfig 

func (agent Agent) PostGTMConfig(config ResourceConfigWrapper)

func (*Agent) Stop 

func (agent *Agent) Stop()

type AgentParams 

type AgentParams struct {
	PostParams PostParams
	GTMParams  GTMParams
	//VxlnParams      VXLANParams
	Partition      string
	LogLevel       string
	VerifyInterval int
	VXLANName      string
	PythonBaseDir  string
	UserAgent      string
}

type CRInformer 

type CRInformer struct {
	// contains filtered or unexported fields
}

CRInformer defines the structure of Custom Resource Informer

type CRManager 

type CRManager struct {
	Partition      string
	Agent          *Agent
	ControllerMode string

	UseNodeInternal bool

	SSLContext map[string]*v1.Secret

	TeemData *teem.TeemsData
	// contains filtered or unexported fields
}

CRManager defines the structure of Custom Resource Manager

func NewCRManager 

func NewCRManager(params Params) *CRManager

NewCRManager creates a new CRManager Instance.

func (*CRManager) ProcessAssociatedExternalDNS 

func (crMgr *CRManager) ProcessAssociatedExternalDNS(hostnames []string)

func (*CRManager) ProcessNodeUpdate 

func (crMgr *CRManager) ProcessNodeUpdate(
	obj interface{}, err error,
)

Check for a change in Node state

func (*CRManager) SetupNodePolling 

func (crMgr *CRManager) SetupNodePolling(
	nodePollInterval int,
	nodeLabelSelector string,
	vxlanMode string,
	vxlanName string,
) error

func (*CRManager) Start 

func (crMgr *CRManager) Start()

Start the Custom Resource Manager

func (*CRManager) Stop 

func (crMgr *CRManager) Stop()

Stop the Custom Resource Manager.

type CustomProfile 

type CustomProfile struct {
	Name         string `json:"name"`
	Partition    string `json:"-"`
	Context      string `json:"context"` // 'clientside', 'serverside', or 'all'
	Cert         string `json:"cert"`
	Key          string `json:"key"`
	ServerName   string `json:"serverName,omitempty"`
	SNIDefault   bool   `json:"sniDefault,omitempty"`
	PeerCertMode string `json:"peerCertMode,omitempty"`
	CAFile       string `json:"caFile,omitempty"`
}

SSL Profile loaded from Secret or Route object

func NewCustomProfile 

func NewCustomProfile(
	profile ProfileRef,
	cert,
	key,
	serverName string,
	sni bool,
	peerCertMode,
	caFile string,
) CustomProfile

type CustomProfileStore 

type CustomProfileStore struct {
	sync.Mutex
	Profs map[SecretKey]CustomProfile
}

Store of CustomProfiles

func NewCustomProfiles 

func NewCustomProfiles() *CustomProfileStore

NewCustomProfiles is a Constructor for CustomProfiles

type DNSConfig 

type DNSConfig map[string]WideIP

type DataGroupNamespaceMap 

type DataGroupNamespaceMap map[string]*InternalDataGroup

type GSLBPool 

type GSLBPool struct {
	Name       string   `json:"name"`
	RecordType string   `json:"recordType"`
	LBMethod   string   `json:"LoadBalancingMode"`
	Members    []string `json:"members"`
	Monitor    *Monitor `json:"monitor,omitempty"`
}

type GTMParams 

type GTMParams struct {
	GTMBigIpUsername string
	GTMBigIpPassword string
	GTMBigIpUrl      string
}

type IRule 

type IRule struct {
	Name      string `json:"name"`
	Partition string `json:"-"`
	Code      string `json:"apiAnonymous"`
}

iRules

func NewIRule 

func NewIRule(name, partition, code string) *IRule

type IRulesMap 

type IRulesMap map[NameRef]*IRule

type InternalDataGroup 

type InternalDataGroup struct {
	Name      string                   `json:"name"`
	Partition string                   `json:"-"`
	Records   InternalDataGroupRecords `json:"records"`
}

func (*InternalDataGroup) AddOrUpdateRecord 

func (idg *InternalDataGroup) AddOrUpdateRecord(name, data string) bool

func (*InternalDataGroup) RemoveRecord 

func (idg *InternalDataGroup) RemoveRecord(name string) bool

type InternalDataGroupMap 

type InternalDataGroupMap map[NameRef]DataGroupNamespaceMap

type InternalDataGroupRecord 

type InternalDataGroupRecord struct {
	Name string `json:"name"`
	Data string `json:"data"`
}

type InternalDataGroupRecords 

type InternalDataGroupRecords []InternalDataGroupRecord

func (InternalDataGroupRecords) Len 

func (slice InternalDataGroupRecords) Len() int

func (InternalDataGroupRecords) Less 

func (slice InternalDataGroupRecords) Less(i, j int) bool

func (InternalDataGroupRecords) Swap 

func (slice InternalDataGroupRecords) Swap(i, j int)

type Member 

type Member struct {
	Address string `json:"address"`
	Port    int32  `json:"port"`
	SvcPort int32  `json:"svcPort,omitempty"`
	Session string `json:"session,omitempty"`
}

type Monitor 

type Monitor struct {
	Name       string `json:"name"`
	Partition  string `json:"-"`
	Interval   int    `json:"interval,omitempty"`
	Type       string `json:"type,omitempty"`
	Send       string `json:"send,omitempty"`
	Recv       string `json:"recv"`
	Timeout    int    `json:"timeout,omitempty"`
	TargetPort int32  `json:"targetPort,omitempty"`
}

Monitor is Pool health monitor

type Monitors 

type Monitors []Monitor

Monitors is slice of monitor

type NSInformer 

type NSInformer struct {
	// contains filtered or unexported fields
}

type NameRef 

type NameRef struct {
	Name      string `json:"name"`
	Partition string `json:"partition"`
}

virtual server policy/profile reference

type Node 

type Node struct {
	Name   string
	Addr   string
	Labels map[string]string
}

type ObjectDependencies 

type ObjectDependencies map[ObjectDependency]int

ObjectDependencies contains each dependency and its use count (usually 1)

type ObjectDependency 

type ObjectDependency struct {
	Kind      string
	Namespace string
	Name      string
	Service   string
}

ObjectDependency TODO => dep can be replaced with internal DS rqkey ObjectDependency identifies a K8s Object

type ObjectDependencyMap 

type ObjectDependencyMap map[ObjectDependency]ObjectDependencies

ObjectDependencyMap key is a VirtualServer and the value is a map of other objects it depends on - typically services.

type Params 

type Params struct {
	Config             *rest.Config
	Namespaces         []string
	NamespaceLabel     string
	Partition          string
	Agent              *Agent
	ControllerMode     string
	VXLANName          string
	VXLANMode          string
	UseNodeInternal    bool
	NodePollInterval   int
	NodeLabelSelector  string
	ShareNodes         bool
	IPAM               bool
	DefaultRouteDomain int
}

Params defines parameters

type Policies 

type Policies []Policy

Policies is slice of policy

type Policy 

type Policy struct {
	Name        string   `json:"name"`
	Partition   string   `json:"-"`
	SubPath     string   `json:"subPath,omitempty"`
	Controls    []string `json:"controls,omitempty"`
	Description string   `json:"description,omitempty"`
	Legacy      bool     `json:"legacy,omitempty"`
	Requires    []string `json:"requires,omitempty"`
	Rules       Rules    `json:"rules,omitempty"`
	Strategy    string   `json:"strategy,omitempty"`
}

Policy Virtual policy

func (*Policy) AddRules 

func (pol *Policy) AddRules(rls *Rules)

type Pool 

type Pool struct {
	Name            string   `json:"name"`
	Partition       string   `json:"-"`
	ServiceName     string   `json:"-"`
	ServicePort     int32    `json:"-"`
	Members         []Member `json:"members"`
	NodeMemberLabel string   `json:"-"`
	MonitorNames    []string `json:"monitors,omitempty"`
}

Pool config

type Pools 

type Pools []Pool

Pools is slice of pool

type PostManager 

type PostManager struct {
	PostParams
	// contains filtered or unexported fields
}

func NewPostManager 

func NewPostManager(params PostParams) *PostManager

func (*PostManager) GetBigipAS3Version 

func (postMgr *PostManager) GetBigipAS3Version() error

GetBigipAS3Version ...

func (*PostManager) Write 

func (postMgr *PostManager) Write(
	data string,
	partitions []string,
)

Write sets activeConfig with the latest config received, so that configWorker can use latest configuration Write enqueues postChan to unblock configWorker, which gets blocked on postChan

type PostParams 

type PostParams struct {
	BIGIPUsername string
	BIGIPPassword string
	BIGIPURL      string
	TrustedCerts  string
	SSLInsecure   bool
	AS3PostDelay  int
	//Log the AS3 response body in Controller logs
	LogResponse bool
}

type ProfileRef 

type ProfileRef struct {
	Name      string `json:"name"`
	Partition string `json:"partition"`
	Context   string `json:"context"` // 'clientside', 'serverside', or 'all'
	// Used as reference to which Namespace/Ingress this profile came from
	// (for deletion purposes)
	Namespace string `json:"-"`
}

ProfileRef is a Reference to pre-existing profiles

func ConvertStringToProfileRef 

func ConvertStringToProfileRef(profileName, context, ns string) ProfileRef

ConvertStringToProfileRef converts strings to profile references

type ProfileRefs 

type ProfileRefs []ProfileRef

ProfileRefs is a list of ProfileRef

func (ProfileRefs) Len 

func (slice ProfileRefs) Len() int

func (ProfileRefs) Less 

func (slice ProfileRefs) Less(i, j int) bool

func (ProfileRefs) Swap 

func (slice ProfileRefs) Swap(i, j int)

type ResourceConfig 

type ResourceConfig struct {
	MetaData       metaData         `json:"-"`
	Virtual        Virtual          `json:"virtual,omitempty"`
	Pools          Pools            `json:"pools,omitempty"`
	Policies       Policies         `json:"policies,omitempty"`
	Monitors       []Monitor        `json:"monitors,omitempty"`
	ServiceAddress []ServiceAddress `json:"serviceAddress,omitempty"`
	IRulesMap      IRulesMap
	IntDgMap       InternalDataGroupMap
	// contains filtered or unexported fields
}

ResourceConfig is a Config for a single VirtualServer.

func (*ResourceConfig) FindPolicy 

func (rc *ResourceConfig) FindPolicy(controlType string) *Policy

FindPolicy gets the information of a policy

func (*ResourceConfig) GetName 

func (cfg *ResourceConfig) GetName() string

func (*ResourceConfig) SetPolicy 

func (rc *ResourceConfig) SetPolicy(policy Policy)

SetPolicy sets a policy

type ResourceConfigMap 

type ResourceConfigMap map[string]*ResourceConfig

ResourceConfigMap key is resource name, value is pointer to config. May be shared.

type ResourceConfigWrapper 

type ResourceConfigWrapper struct {
	// contains filtered or unexported fields
}

type ResourceConfigs 

type ResourceConfigs []*ResourceConfig

ResourceConfigs is group of ResourceConfig

func (ResourceConfigs) GetAllPoolMembers 

func (rcs ResourceConfigs) GetAllPoolMembers() []Member

type Resources 

type Resources struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Resources is Map of Resource configs

func NewResources 

func NewResources() *Resources

NewResources is Constructor for Resources

func (*Resources) GetAllResources 

func (rs *Resources) GetAllResources() ResourceConfigs

GetAllResources is list of all resource configs

func (*Resources) GetByName 

func (rs *Resources) GetByName(name string) (*ResourceConfig, bool)

GetByName gets a specific Resource cfg

func (*Resources) Init 

func (rs *Resources) Init()

Init is Receiver to initialize the object.

type Rule 

type Rule struct {
	Name       string       `json:"name"`
	FullURI    string       `json:"-"`
	Ordinal    int          `json:"ordinal,omitempty"`
	Actions    []*action    `json:"actions,omitempty"`
	Conditions []*condition `json:"conditions,omitempty"`
}

Rule config for a Policy

type Rules 

type Rules []*Rule

Rules is a slice of Rule

func (Rules) Len 

func (rules Rules) Len() int

func (Rules) Less 

func (rules Rules) Less(i, j int) bool

func (Rules) Swap 

func (rules Rules) Swap(i, j int)

type SecretKey 

type SecretKey struct {
	Name         string
	ResourceName string
}

type ServiceAddress 

type ServiceAddress struct {
	ArpEnabled         bool   `json:"arpEnabled,omitempty"`
	ICMPEcho           string `json:"icmpEcho,omitempty"`
	RouteAdvertisement string `json:"routeAdvertisement,omitempty"`
	TrafficGroup       string `json:"trafficGroup,omitempty"`
	SpanningEnabled    bool   `json:"spanningEnabled,omitempty"`
}

ServiceAddress Service IP address definition (BIG-IP virtual-address).

type ServiceTypeLBHealthMonitor 

type ServiceTypeLBHealthMonitor struct {
	Interval int `json:"interval"`
	Timeout  int `json:"timeout"`
}

This is the format for each item in the health monitor annotation used in the ServiceType LB objects.

type Services 

type Services []v1.Service

func (Services) Len 

func (svcs Services) Len() int

sort services by timestamp

func (Services) Less 

func (svcs Services) Less(i, j int) bool

func (Services) Swap 

func (svcs Services) Swap(i, j int)

type SourceAddrTranslation 

type SourceAddrTranslation struct {
	Type string `json:"type"`
	Pool string `json:"pool,omitempty"`
}

SourceAddrTranslation is Virtual Server Source Address Translation

type Virtual 

type Virtual struct {
	Name                   string                `json:"name"`
	PoolName               string                `json:"pool,omitempty"`
	Partition              string                `json:"-"`
	Destination            string                `json:"destination"`
	Enabled                bool                  `json:"enabled"`
	IpProtocol             string                `json:"ipProtocol,omitempty"`
	SourceAddrTranslation  SourceAddrTranslation `json:"sourceAddressTranslation,omitempty"`
	Policies               []nameRef             `json:"policies,omitempty"`
	Profiles               ProfileRefs           `json:"profiles,omitempty"`
	IRules                 []string              `json:"rules,omitempty"`
	Description            string                `json:"description,omitempty"`
	VirtualAddress         *virtualAddress       `json:"-"`
	SNAT                   string                `json:"snat,omitempty"`
	WAF                    string                `json:"waf,omitempty"`
	Mode                   string                `json:"mode,omitempty"`
	TranslateServerAddress bool                  `json:"translateServerAddress"`
	TranslateServerPort    bool                  `json:"translateServerPort"`
	Source                 string                `json:"source,omitempty"`
	AllowVLANs             []string              `json:"allowVlans,omitempty"`
	PersistenceMethods     []string              `json:"-"`
}

Virtual server config

func (*Virtual) AddIRule 

func (v *Virtual) AddIRule(ruleName string) bool

Adds an IRule reference to a Virtual object

func (*Virtual) AddOrUpdateProfile 

func (v *Virtual) AddOrUpdateProfile(prof ProfileRef) bool

AddOrUpdateProfile updates profile to rsCfg

func (*Virtual) SetVirtualAddress 

func (v *Virtual) SetVirtualAddress(bindAddr string, port int32)

SetVirtualAddress sets a VirtualAddress

type Virtuals 

type Virtuals []Virtual

Virtuals is slice of virtuals

type WideIP 

type WideIP struct {
	DomainName string     `json:"name"`
	RecordType string     `json:"recordType"`
	LBMethod   string     `json:"LoadBalancingMode"`
	Pools      []GSLBPool `json:"pools"`
}

type WideIPs 

type WideIPs struct {
	WideIPs []WideIP `json:"wideIPs"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.