Documentation ¶
Index ¶
- Variables
- func HasInboundRootCertificate(client kubernetes.Interface, dstConfigGetter ConfigGetter, dst *corev1.Pod) runner.Runnable
- func HasOutboundRootCertificate(client kubernetes.Interface, srcConfigGetter ConfigGetter, dst *corev1.Pod) runner.Runnable
- func HasServiceCertificate(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) runner.Runnable
- type BadLogsCheck
- type ClusterCheck
- type Config
- type ConfigGetter
- type ConfigGetterStruct
- type DestinationEndpointCheck
- type DynamicWarmingCheck
- type FilterChainType
- type HasValidEnvoyCertificateCheck
- type ListenerCheck
- type ListenerFilterCheck
- type RouteDomainCheck
- func NewInboundRouteDomainPodCheck(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) RouteDomainCheck
- func NewOutboundRouteDomainHostCheck(configGetter ConfigGetter, destinationHost string) RouteDomainCheck
- func NewOutboundRouteDomainPodCheck(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) RouteDomainCheck
- func NewPodServicesRouteDomainCheck(client kubernetes.Interface, configGetter ConfigGetter, podToCheck *corev1.Pod, ...) RouteDomainCheck
- type SDSCertType
Constants ¶
This section is empty.
Variables ¶
var ( // InboundDynamicRouteConfigName is the dynamic route config name for inbound rds routes. InboundDynamicRouteConfigName = "rds-inbound" // OutboundDynamicRouteConfigName is the dynamic route config name for outbound rds routes. OutboundDynamicRouteConfigName = "rds-outbound" )
var ( // ErrEnvoyListenerMissing is an error returned when an Envoy does not have a required listener. ErrEnvoyListenerMissing = errors.New("envoy listener missing") // ErrEnvoyFilterChainMissing is an error returned when an Envoy does not have a required filter chain. ErrEnvoyFilterChainMissing = errors.New("envoy listener filter chain missing") // ErrEnvoyActiveStateListenerMissing is an error returned when an Envoy does not have a required active state listener. ErrEnvoyActiveStateListenerMissing = errors.New("envoy active state listener missing") // ErrEnvoyConfigEmpty is an error returned when an Envoy config is completely missing. ErrEnvoyConfigEmpty = errors.New("envoy config is empty") // ErrOSMControllerVersionUnrecognized is an error returned when the supplied OSM Controller version is not recognized. ErrOSMControllerVersionUnrecognized = errors.New("osm controller version not recognized") // ErrIncorrectlyInitializedConfigGetter is an error returned when the ConfigGetter struct is not correctly initialized. ErrIncorrectlyInitializedConfigGetter = errors.New("incorrectly initialized config getter") // ErrNoDestinationEndpoints is an error returned when an Envoy has no destination endpoints. ErrNoDestinationEndpoints = errors.New("no destination endpoints") // ErrUnmarshalingClusterLoadAssigment is an error returned when the unmarshaling of the Envoy ClusterLoadAssignment struct fails. ErrUnmarshalingClusterLoadAssigment = errors.New("error unmarshaling envoy cluster load assigment") // ErrUnmarshalingListener is an error returned when the unmarshaling of the Envoy Listener struct fails. ErrUnmarshalingListener = errors.New("error unmarshaling envoy listener") // ErrEndpointNotFound is an error returned when a specific endpoint is not found in Envoy EDS config. ErrEndpointNotFound = errors.New("endpoint not found") // ErrUnmarshalingDynamicRouteConfig is an error returned when the unmarshaling of the dynamic RouteConfiguration struct fails. ErrUnmarshalingDynamicRouteConfig = errors.New("error unmarshaling dynamic route configuration") // ErrNoDynamicRouteConfigDomains is an error returned when an Envoy has no dynamic route config domains. ErrNoDynamicRouteConfigDomains = errors.New("no dynamic route config domains") // ErrDynamicRouteConfigDomainNotFound is an error returned when a specific dynamic route config domain is not found. ErrDynamicRouteConfigDomainNotFound = errors.New("dynamic route config domain not found") // ErrDynamicWarmingSecretsConfigDumpNotEmpty is an error returned when the pod's envoy is possibly experiencing dynamic warming issues. ErrDynamicWarmingSecretsConfigDumpNotEmpty = errors.New("possible dynamic warming issue due to non-empty dynamic warming secrets in envoy's secrets config dump") )
Functions ¶
func HasInboundRootCertificate ¶
func HasInboundRootCertificate(client kubernetes.Interface, dstConfigGetter ConfigGetter, dst *corev1.Pod) runner.Runnable
HasInboundRootCertificate creates a new common.Runnable, which checks whether the given Pod has an Envoy with a properly configured inbound root validation certificate.
func HasOutboundRootCertificate ¶
func HasOutboundRootCertificate(client kubernetes.Interface, srcConfigGetter ConfigGetter, dst *corev1.Pod) runner.Runnable
HasOutboundRootCertificate creates a new common.Runnable, which checks whether the source Pod has an Envoy with a properly configured outbound root validation certificate for the given destination Pod.
func HasServiceCertificate ¶
func HasServiceCertificate(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) runner.Runnable
HasServiceCertificate creates a new common.Runnable, which checks whether the given Pod has an Envoy with a properly configured service certificate.
Types ¶
type BadLogsCheck ¶
type BadLogsCheck struct {
// contains filtered or unexported fields
}
BadLogsCheck implements common.Runnable
func NewBadLogsCheck ¶
func NewBadLogsCheck(client kubernetes.Interface, pod *corev1.Pod) BadLogsCheck
NewBadLogsCheck creates an BadLogsCheck which checks whether the envoy container of the pod has bad (fatal/error/warning/fail) log messages
func (BadLogsCheck) Description ¶
func (check BadLogsCheck) Description() string
Description implements common.Runnable
func (BadLogsCheck) FixIt ¶
func (check BadLogsCheck) FixIt() error
FixIt implements common.Runnable.
func (BadLogsCheck) Run ¶
func (check BadLogsCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (BadLogsCheck) Suggestion ¶
func (check BadLogsCheck) Suggestion() string
Suggestion implements common.Runnable.
type ClusterCheck ¶
type ClusterCheck struct { ConfigGetter // contains filtered or unexported fields }
ClusterCheck implements common.Runnable
func NewClusterCheck ¶
func NewClusterCheck(client kubernetes.Interface, configGetter ConfigGetter, dstPod *corev1.Pod) ClusterCheck
NewClusterCheck creates a ClusterCheck which checks whether the given Pod has an Envoy with properly configured cluster.
func (ClusterCheck) Description ¶
func (c ClusterCheck) Description() string
Description implements common.Runnable
func (ClusterCheck) Run ¶
func (c ClusterCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (ClusterCheck) Suggestion ¶
func (c ClusterCheck) Suggestion() string
Suggestion implements common.Runnable
type Config ¶
type Config struct { // Boostrap is an Envoy xDS proto. Boostrap v3.BootstrapConfigDump // Clusters is an Envoy xDS proto. Clusters v3.ClustersConfigDump // Endpoints is an Envoy xDS proto. Endpoints v3.EndpointsConfigDump // Listeners is an Envoy xDS proto. Listeners v3.ListenersConfigDump // SecretsConfigDump is an Envoy xDS proto. SecretsConfigDump v3.SecretsConfigDump // ScopedRoutesConfigDump is an Envoy xDS proto. ScopedRoutesConfigDump v3.ScopedRoutesConfigDump // Routes is an Envoy xDS proto. Routes v3.RoutesConfigDump }
Config is Envoy config dump.
func ParseEnvoyConfig ¶
ParseEnvoyConfig parses Envoy config_dump
type ConfigGetter ¶
type ConfigGetter interface { // GetConfig returns Envoy config. GetConfig() (*Config, error) // GetObjectName returns the name of the object (Pod) from which we fetch Envoy config. GetObjectName() string }
ConfigGetter is an interface for getting Envoy config from Pods' sidecars.
func GetEnvoyConfigGetterForPod ¶
func GetEnvoyConfigGetterForPod(pod *corev1.Pod, osmVersion version.ControllerVersion) (ConfigGetter, error)
GetEnvoyConfigGetterForPod returns a ConfigGetter struct, which can fetch the Envoy config for the given pod.
type ConfigGetterStruct ¶
type ConfigGetterStruct struct { *corev1.Pod version.ControllerVersion }
ConfigGetterStruct implements ConfigGetter interface.
func (ConfigGetterStruct) GetConfig ¶
func (mcg ConfigGetterStruct) GetConfig() (*Config, error)
GetConfig implements ConfigGetter interface.
func (ConfigGetterStruct) GetObjectName ¶
func (mcg ConfigGetterStruct) GetObjectName() string
GetObjectName implements ConfigGetter
type DestinationEndpointCheck ¶
type DestinationEndpointCheck struct { *corev1.Pod ConfigGetter }
DestinationEndpointCheck implements common.Runnable
func NewDestinationEndpointCheck ¶
func NewDestinationEndpointCheck(configGetter ConfigGetter) DestinationEndpointCheck
NewDestinationEndpointCheck creates a DestinationEndpointCheck which checks whether the given Pod has an Envoy with any endpoints configured.
func NewSpecificEndpointCheck ¶
func NewSpecificEndpointCheck(configGetter ConfigGetter, pod *corev1.Pod) DestinationEndpointCheck
NewSpecificEndpointCheck creates a DestinationEndpointCheck which checks whether the given Pod has an Envoy with an endpoint configured mapping to a specific destination Pod.
func (DestinationEndpointCheck) Description ¶
func (l DestinationEndpointCheck) Description() string
Description implements common.Runnable
func (DestinationEndpointCheck) FixIt ¶
func (l DestinationEndpointCheck) FixIt() error
FixIt implements common.Runnable
func (DestinationEndpointCheck) Run ¶
func (l DestinationEndpointCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (DestinationEndpointCheck) Suggestion ¶
func (l DestinationEndpointCheck) Suggestion() string
Suggestion implements common.Runnable
type DynamicWarmingCheck ¶
type DynamicWarmingCheck struct {
ConfigGetter
}
DynamicWarmingCheck implements common.Runnable
func NewDynamicWarmingCheck ¶
func NewDynamicWarmingCheck(configGetter ConfigGetter) DynamicWarmingCheck
NewDynamicWarmingCheck creates a DynamicWarmingCheck which checks whether the given Pod's envoy has dynamic warming issues.
func (DynamicWarmingCheck) Description ¶
func (l DynamicWarmingCheck) Description() string
Description implements common.Runnable
func (DynamicWarmingCheck) FixIt ¶
func (l DynamicWarmingCheck) FixIt() error
FixIt implements common.Runnable
func (DynamicWarmingCheck) Run ¶
func (l DynamicWarmingCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (DynamicWarmingCheck) Suggestion ¶
func (l DynamicWarmingCheck) Suggestion() string
Suggestion implements common.Runnable
type FilterChainType ¶
type FilterChainType string
FilterChainType is the prefix for the filter chain name
const ( // InboundMeshHTTPFilterChainPrefix is the prefix for an inbound http filter chain InboundMeshHTTPFilterChainPrefix FilterChainType = "inbound-mesh-http-filter-chain" // OutboundMeshHTTPFilterChainPrefix is the prefix for an outbound http filter chain OutboundMeshHTTPFilterChainPrefix FilterChainType = "outbound-mesh-http-filter-chain" // InboundMeshTCPFilterChainPrefix is the prefix for inbound tcp filter chain InboundMeshTCPFilterChainPrefix FilterChainType = "inbound-mesh-tcp-filter-chain" // OutboundMeshTCPFilterChainPrefix is the prefix for an outbound tcp filter chain OutboundMeshTCPFilterChainPrefix FilterChainType = "outbound-mesh-tcp-filter-chain" )
type HasValidEnvoyCertificateCheck ¶
type HasValidEnvoyCertificateCheck struct { ConfigGetter // contains filtered or unexported fields }
HasValidEnvoyCertificateCheck implements common.Runnable
func (HasValidEnvoyCertificateCheck) Description ¶
func (c HasValidEnvoyCertificateCheck) Description() string
Description implements common.Runnable
func (HasValidEnvoyCertificateCheck) FixIt ¶
func (c HasValidEnvoyCertificateCheck) FixIt() error
FixIt implements common.Runnable
func (HasValidEnvoyCertificateCheck) Run ¶
func (c HasValidEnvoyCertificateCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (HasValidEnvoyCertificateCheck) Suggestion ¶
func (c HasValidEnvoyCertificateCheck) Suggestion() string
Suggestion implements common.Runnable
type ListenerCheck ¶
type ListenerCheck struct { ConfigGetter version.ControllerVersion // contains filtered or unexported fields }
ListenerCheck implements common.Runnable
func NewInboundListenerCheck ¶
func NewInboundListenerCheck(configGetter ConfigGetter, osmVersion version.ControllerVersion) ListenerCheck
NewInboundListenerCheck creates a ListenerCheck which checks whether the given Pod has an Envoy with properly configured listener.
func NewOutboundListenerCheck ¶
func NewOutboundListenerCheck(configGetter ConfigGetter, osmVersion version.ControllerVersion) ListenerCheck
NewOutboundListenerCheck creates a ListenerCheck which checks whether the given Pod has an Envoy with properly configured listener.
func (ListenerCheck) Description ¶
func (l ListenerCheck) Description() string
Description implements common.Runnable
func (ListenerCheck) Run ¶
func (l ListenerCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (ListenerCheck) Suggestion ¶
func (l ListenerCheck) Suggestion() string
Suggestion implements common.Runnable
type ListenerFilterCheck ¶
type ListenerFilterCheck struct {
// contains filtered or unexported fields
}
ListenerFilterCheck implements common.Runnable
func NewListenerFilterCheck ¶
func NewListenerFilterCheck( srcConfigGetter ConfigGetter, dstConfigGetter ConfigGetter, osmVersion version.ControllerVersion, cfg configurator.Configurator, srcPod *corev1.Pod, dstPod *corev1.Pod, accessClient smiAccessClient.Interface, k8s kubernetes.Interface) ListenerFilterCheck
NewListenerFilterCheck creates a ListenerFilterCheck which checks whether the given Pods have Envoys with properly configured listener filter chains.
func (ListenerFilterCheck) Description ¶
func (l ListenerFilterCheck) Description() string
Description implements common.Runnable
func (ListenerFilterCheck) FixIt ¶
func (l ListenerFilterCheck) FixIt() error
FixIt implements common.Runnable
func (ListenerFilterCheck) Run ¶
func (l ListenerFilterCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (ListenerFilterCheck) Suggestion ¶
func (l ListenerFilterCheck) Suggestion() string
Suggestion implements common.Runnable
type RouteDomainCheck ¶
type RouteDomainCheck struct { ConfigGetter RouteName string Domains map[string]bool }
RouteDomainCheck implements common.Runnable
func NewInboundRouteDomainPodCheck ¶
func NewInboundRouteDomainPodCheck(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) RouteDomainCheck
NewInboundRouteDomainPodCheck creates a new common.Runnable, which checks whether the Envoy config has inbound dynamic route domains from the Pod's services.
func NewOutboundRouteDomainHostCheck ¶
func NewOutboundRouteDomainHostCheck(configGetter ConfigGetter, destinationHost string) RouteDomainCheck
NewOutboundRouteDomainHostCheck creates a DestinationEndpointCheck which checks whether the Envoy config has an outbound dynamic route domain to the URL
func NewOutboundRouteDomainPodCheck ¶
func NewOutboundRouteDomainPodCheck(client kubernetes.Interface, configGetter ConfigGetter, pod *corev1.Pod) RouteDomainCheck
NewOutboundRouteDomainPodCheck creates a new common.Runnable, which checks whether the Envoy config has outbound dynamic route domains to the Pod's services.
func NewPodServicesRouteDomainCheck ¶
func NewPodServicesRouteDomainCheck(client kubernetes.Interface, configGetter ConfigGetter, podToCheck *corev1.Pod, routeName string) RouteDomainCheck
NewPodServicesRouteDomainCheck checks whether the pod's corresponding service's domains are contained in the envoy dynamic route config domain list.
func (RouteDomainCheck) Description ¶
func (check RouteDomainCheck) Description() string
Description implements common.Runnable
func (RouteDomainCheck) FixIt ¶
func (check RouteDomainCheck) FixIt() error
FixIt implements common.Runnable
func (RouteDomainCheck) Run ¶
func (check RouteDomainCheck) Run() outcomes.Outcome
Run implements common.Runnable
func (RouteDomainCheck) Suggestion ¶
func (check RouteDomainCheck) Suggestion() string
Suggestion implements common.Runnable
type SDSCertType ¶
type SDSCertType string
SDSCertType is a type of a certificate requested by an Envoy proxy via SDS.
const ( // ServiceCertType is the prefix for the service certificate resource name. // Example: "service-cert:<service namespace>/<service service account>" ServiceCertType SDSCertType = "service-cert" // RootCertTypeForMTLSOutbound is the prefix for the mTLS root certificate // resource name for upstream connectivity. // Example: "root-cert-for-mtls-outbound:<service namespace>/<service name>" RootCertTypeForMTLSOutbound SDSCertType = "root-cert-for-mtls-outbound" // RootCertTypeForMTLSInbound is the prefix for the mTLS root certificate // resource name for downstream connectivity. // Example: "root-cert-for-mtls-inbound:<service namespace>/<service service account>" RootCertTypeForMTLSInbound SDSCertType = "root-cert-for-mtls-inbound" )
func (SDSCertType) String ¶
func (ct SDSCertType) String() string