contour: github.com/projectcontour/contour/internal/dag Index | Files

package dag

import "github.com/projectcontour/contour/internal/dag"

Package dag provides a data model, in the form of a directed acyclic graph, of the relationship between Kubernetes Ingress, Service, and Secret objects.

Index

Package Files

accessors.go builder.go cache.go conditions.go dag.go extension_processor.go httpproxy_processor.go ingress_processor.go listener_processor.go policy.go secret.go status.go

Constants

const CACertificateKey = "ca.crt"

CACertificateKey is the key name for accessing TLS CA certificate bundles in Kubernetes Secrets.

func ValidateRegex Uses

func ValidateRegex(regex string) error

ValidateRegex returns an error if the supplied RE2 regex syntax is invalid.

type Builder Uses

type Builder struct {
    // Source is the source of Kubernetes objects
    // from which to build a DAG.
    Source KubernetesCache

    // Processors is the ordered list of Processors to
    // use to build the DAG.
    Processors []Processor
}

Builder builds a DAG.

func (*Builder) Build Uses

func (b *Builder) Build() *DAG

Build builds and returns a new DAG by running the configured DAG processors, in order.

type CORSPolicy Uses

type CORSPolicy struct {
    // Specifies whether the resource allows credentials.
    AllowCredentials bool
    // AllowOrigin specifies the origins that will be allowed to do CORS requests.
    AllowOrigin []string
    // AllowMethods specifies the content for the *access-control-allow-methods* header.
    AllowMethods []string
    // AllowHeaders specifies the content for the *access-control-allow-headers* header.
    AllowHeaders []string
    // ExposeHeaders Specifies the content for the *access-control-expose-headers* header.
    ExposeHeaders []string
    // MaxAge specifies the content for the *access-control-max-age* header.
    MaxAge timeout.Setting
}

CORSPolicy allows setting the CORS policy

type Cluster Uses

type Cluster struct {
    // Upstream is the backend Kubernetes service traffic arriving
    // at this Cluster will be forwarded too.
    Upstream *Service

    // The relative weight of this Cluster compared to its siblings.
    Weight uint32

    // The protocol to use to speak to this cluster.
    Protocol string

    // UpstreamValidation defines how to verify the backend service's certificate
    UpstreamValidation *PeerValidationContext

    // The load balancer type to use when picking a host in the cluster.
    // See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#enum-config-cluster-v3-cluster-lbpolicy
    LoadBalancerPolicy string

    // Cluster http health check policy
    *HTTPHealthCheckPolicy

    // Cluster tcp health check policy
    *TCPHealthCheckPolicy

    // RequestHeadersPolicy defines how headers are managed during forwarding
    RequestHeadersPolicy *HeadersPolicy

    // ResponseHeadersPolicy defines how headers are managed during forwarding
    ResponseHeadersPolicy *HeadersPolicy

    // SNI is used when a route proxies an upstream using tls.
    // SNI describes how the SNI is set on a Cluster and is configured via RequestHeadersPolicy.Host key.
    // Policies set on service are used before policies set on a route. Otherwise the value of the externalService
    // is used if the route is configured to proxy to an externalService type.
    // If the value is not set, then SNI is not changed.
    SNI string

    // DNSLookupFamily defines how external names are looked up
    // When configured as V4, the DNS resolver will only perform a lookup
    // for addresses in the IPv4 family. If V6 is configured, the DNS resolver
    // will only perform a lookup for addresses in the IPv6 family.
    // If AUTO is configured, the DNS resolver will first perform a lookup
    // for addresses in the IPv6 family and fallback to a lookup for addresses
    // in the IPv4 family.
    // Note: This only applies to externalName clusters.
    DNSLookupFamily string

    // ClientCertificate is the optional identifier of the TLS secret containing client certificate and
    // private key to be used when establishing TLS connection to upstream cluster.
    ClientCertificate *Secret
}

Cluster holds the connection specific parameters that apply to traffic routed to an upstream service.

func (Cluster) Visit Uses

func (c Cluster) Visit(f func(Vertex))

type DAG Uses

type DAG struct {
    // StatusCache holds a cache of status updates to send.
    StatusCache status.Cache
    // contains filtered or unexported fields
}

A DAG represents a directed acyclic graph of objects representing the relationship between Kubernetes Ingress objects, the backend Services, and Secret objects. The DAG models these relationships as Roots and Vertices.

func (*DAG) AddRoot Uses

func (d *DAG) AddRoot(root Vertex)

AddRoot appends the given root to the DAG's roots.

func (*DAG) EnsureSecureVirtualHost Uses

func (dag *DAG) EnsureSecureVirtualHost(name string) *SecureVirtualHost

EnsureSecureVirtualHost adds a secure virtual host with the provided name to the DAG if it does not already exist, and returns it.

func (*DAG) EnsureService Uses

func (dag *DAG) EnsureService(meta types.NamespacedName, port intstr.IntOrString, cache *KubernetesCache) (*Service, error)

EnsureService looks for a Kubernetes service in the cache matching the provided namespace, name and port, and returns a DAG service for it. If a matching service cannot be found in the cache, an error is returned.

func (*DAG) EnsureVirtualHost Uses

func (dag *DAG) EnsureVirtualHost(name string) *VirtualHost

EnsureVirtualHost adds a virtual host with the provided name to the DAG if it does not already exist, and returns it.

func (*DAG) GetExtensionCluster Uses

func (dag *DAG) GetExtensionCluster(name string) *ExtensionCluster

GetExtensionCluster returns the extension cluster in the DAG that matches the provided name, or nil if no matching extension cluster is found.

func (*DAG) GetExtensionClusters Uses

func (dag *DAG) GetExtensionClusters() map[string]*ExtensionCluster

GetExtensionClusters returns all extension clusters in the DAG.

func (*DAG) GetSecureVirtualHost Uses

func (dag *DAG) GetSecureVirtualHost(name string) *SecureVirtualHost

GetSecureVirtualHost returns the secure virtual host in the DAG that matches the provided name, or nil if no matching secure virtual host is found.

func (*DAG) GetSecureVirtualHosts Uses

func (dag *DAG) GetSecureVirtualHosts() map[string]*SecureVirtualHost

GetSecureVirtualHosts returns all secure virtual hosts in the DAG.

func (*DAG) GetService Uses

func (dag *DAG) GetService(meta types.NamespacedName, port int32) *Service

GetService returns the service in the DAG that matches the provided namespace, name and port, or nil if no matching service is found.

func (*DAG) GetServices Uses

func (dag *DAG) GetServices() map[RouteServiceName]*Service

GetServices returns all services in the DAG.

func (*DAG) GetVirtualHost Uses

func (dag *DAG) GetVirtualHost(name string) *VirtualHost

GetVirtualHost returns the virtual host in the DAG that matches the provided name, or nil if no matching virtual host is found.

func (*DAG) GetVirtualHosts Uses

func (dag *DAG) GetVirtualHosts() map[string]*VirtualHost

GetVirtualHosts returns all virtual hosts in the DAG.

func (*DAG) RemoveRoot Uses

func (d *DAG) RemoveRoot(root Vertex)

RemoveRoot removes the given root from the DAG's roots if it exists.

func (*DAG) Visit Uses

func (d *DAG) Visit(fn func(Vertex))

Visit calls fn on each root of this DAG.

type ExtensionCluster Uses

type ExtensionCluster struct {
    // Name is the (globally unique) name of the corresponding Envoy cluster resource.
    Name string

    // Upstream is the cluster that receives network traffic.
    Upstream ServiceCluster

    // The protocol to use to speak to this cluster.
    Protocol string

    // UpstreamValidation defines how to verify the backend service's certificate
    UpstreamValidation *PeerValidationContext

    // The load balancer type to use when picking a host in the cluster.
    // See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#enum-config-cluster-v3-cluster-lbpolicy
    LoadBalancerPolicy string

    // TimeoutPolicy specifies how to handle timeouts to this extension.
    TimeoutPolicy TimeoutPolicy

    // SNI is used when a route proxies an upstream using TLS.
    SNI string

    // ClientCertificate is the optional identifier of the TLS secret containing client certificate and
    // private key to be used when establishing TLS connection to upstream cluster.
    ClientCertificate *Secret
}

ExtensionCluster generates an Envoy cluster (aka ClusterLoadAssignment) for an ExtensionService resource.

func (*ExtensionCluster) Visit Uses

func (e *ExtensionCluster) Visit(f func(Vertex))

Visit processes extension clusters.

type ExtensionServiceProcessor Uses

type ExtensionServiceProcessor struct {
    logrus.FieldLogger

    // ClientCertificate is the optional identifier of the TLS
    // secret containing client certificate and private key to be
    // used when establishing TLS connection to upstream cluster.
    ClientCertificate *types.NamespacedName
}

func (*ExtensionServiceProcessor) Run Uses

func (p *ExtensionServiceProcessor) Run(dag *DAG, cache *KubernetesCache)

type HTTPHealthCheckPolicy Uses

type HTTPHealthCheckPolicy struct {
    Path               string
    Host               string
    Interval           time.Duration
    Timeout            time.Duration
    UnhealthyThreshold uint32
    HealthyThreshold   uint32
}

Cluster http health check policy

type HTTPProxyProcessor Uses

type HTTPProxyProcessor struct {

    // DisablePermitInsecure disables the use of the
    // permitInsecure field in HTTPProxy.
    DisablePermitInsecure bool

    // FallbackCertificate is the optional identifier of the
    // TLS secret to use by default when SNI is not set on a
    // request.
    FallbackCertificate *types.NamespacedName

    // DNSLookupFamily defines how external names are looked up
    // When configured as V4, the DNS resolver will only perform a lookup
    // for addresses in the IPv4 family. If V6 is configured, the DNS resolver
    // will only perform a lookup for addresses in the IPv6 family.
    // If AUTO is configured, the DNS resolver will first perform a lookup
    // for addresses in the IPv6 family and fallback to a lookup for addresses
    // in the IPv4 family.
    // Note: This only applies to externalName clusters.
    DNSLookupFamily config.ClusterDNSFamilyType

    // ClientCertificate is the optional identifier of the TLS secret containing client certificate and
    // private key to be used when establishing TLS connection to upstream cluster.
    ClientCertificate *types.NamespacedName
    // contains filtered or unexported fields
}

HTTPProxyProcessor translates HTTPProxies into DAG objects and adds them to the DAG.

func (*HTTPProxyProcessor) Run Uses

func (p *HTTPProxyProcessor) Run(dag *DAG, source *KubernetesCache)

Run translates HTTPProxies into DAG objects and adds them to the DAG.

type HeaderMatchCondition Uses

type HeaderMatchCondition struct {
    Name      string
    Value     string
    MatchType string
    Invert    bool
}

HeaderMatchCondition matches request headers by MatchType

func (*HeaderMatchCondition) String Uses

func (hc *HeaderMatchCondition) String() string

type HeaderValue Uses

type HeaderValue struct {
    // Name represents a key of a header
    Key string
    // Value represents the value of a header specified by a key
    Value string
}

type HeadersPolicy Uses

type HeadersPolicy struct {
    // HostRewrite defines if a host should be rewritten on upstream requests
    HostRewrite string

    Set    map[string]string
    Remove []string
}

HeadersPolicy defines how headers are managed during forwarding

type IngressProcessor Uses

type IngressProcessor struct {
    logrus.FieldLogger

    // ClientCertificate is the optional identifier of the TLS secret containing client certificate and
    // private key to be used when establishing TLS connection to upstream cluster.
    ClientCertificate *types.NamespacedName
    // contains filtered or unexported fields
}

IngressProcessor translates Ingresses into DAG objects and adds them to the DAG.

func (*IngressProcessor) Run Uses

func (p *IngressProcessor) Run(dag *DAG, source *KubernetesCache)

Run translates Ingresses into DAG objects and adds them to the DAG.

type KubernetesCache Uses

type KubernetesCache struct {
    // RootNamespaces specifies the namespaces where root
    // HTTPProxies can be defined. If empty, roots can be defined in any
    // namespace.
    RootNamespaces []string

    // Contour's IngressClass.
    // If not set, defaults to DEFAULT_INGRESS_CLASS.
    IngressClass string

    // Secrets that are referred from the configuration file.
    ConfiguredSecretRefs []*types.NamespacedName

    logrus.FieldLogger
    // contains filtered or unexported fields
}

A KubernetesCache holds Kubernetes objects and associated configuration and produces DAG values.

func (*KubernetesCache) DelegationPermitted Uses

func (kc *KubernetesCache) DelegationPermitted(secret types.NamespacedName, targetNamespace string) bool

DelegationPermitted returns true if the referenced secret has been delegated to the namespace where the ingress object is located.

func (*KubernetesCache) Insert Uses

func (kc *KubernetesCache) Insert(obj interface{}) bool

Insert inserts obj into the KubernetesCache. Insert returns true if the cache accepted the object, or false if the value is not interesting to the cache. If an object with a matching type, name, and namespace exists, it will be overwritten.

func (*KubernetesCache) LookupDownstreamValidation Uses

func (kc *KubernetesCache) LookupDownstreamValidation(vc *contour_api_v1.DownstreamValidation, namespace string) (*PeerValidationContext, error)

func (*KubernetesCache) LookupSecret Uses

func (kc *KubernetesCache) LookupSecret(name types.NamespacedName, validate func(*v1.Secret) error) (*Secret, error)

LookupSecret returns a Secret if present or nil if the underlying kubernetes secret fails validation or is missing.

func (*KubernetesCache) LookupService Uses

func (kc *KubernetesCache) LookupService(meta types.NamespacedName, port intstr.IntOrString) (*v1.Service, v1.ServicePort, error)

LookupService returns the Kubernetes service and port matching the provided parameters, or an error if a match can't be found.

func (*KubernetesCache) LookupUpstreamValidation Uses

func (kc *KubernetesCache) LookupUpstreamValidation(uv *contour_api_v1.UpstreamValidation, namespace string) (*PeerValidationContext, error)

func (*KubernetesCache) Remove Uses

func (kc *KubernetesCache) Remove(obj interface{}) bool

Remove removes obj from the KubernetesCache. Remove returns a boolean indicating if the cache changed after the remove operation.

type Listener Uses

type Listener struct {

    // Address is the TCP address to listen on.
    // If blank 0.0.0.0, or ::/0 for IPv6, is assumed.
    Address string

    // Port is the TCP port to listen on.
    Port int

    VirtualHosts []Vertex
}

A Listener represents a TCP socket that accepts incoming connections.

func (*Listener) Visit Uses

func (l *Listener) Visit(f func(Vertex))

type ListenerProcessor Uses

type ListenerProcessor struct{}

ListenerProcessor adds an HTTP and an HTTPS listener to the DAG if there are virtual hosts and secure virtual hosts already defined as roots in the DAG.

func (*ListenerProcessor) Run Uses

func (p *ListenerProcessor) Run(dag *DAG, _ *KubernetesCache)

Run adds HTTP and HTTPS listeners to the DAG if there are virtual hosts and secure virtual hosts already defined as roots in the DAG.

type LocalRateLimitPolicy Uses

type LocalRateLimitPolicy struct {
    MaxTokens            uint32
    TokensPerFill        uint32
    FillInterval         time.Duration
    ResponseStatusCode   uint32
    ResponseHeadersToAdd map[string]string
}

LocalRateLimitPolicy holds local rate limiting parameters.

type MatchCondition Uses

type MatchCondition interface {
    fmt.Stringer
}

type MirrorPolicy Uses

type MirrorPolicy struct {
    Cluster *Cluster
}

MirrorPolicy defines the mirroring policy for a route.

type ObjectStatusWriter Uses

type ObjectStatusWriter struct {
    // contains filtered or unexported fields
}

func (*ObjectStatusWriter) SetInvalid Uses

func (osw *ObjectStatusWriter) SetInvalid(format string, args ...interface{})

func (*ObjectStatusWriter) SetValid Uses

func (osw *ObjectStatusWriter) SetValid()

func (*ObjectStatusWriter) WithObject Uses

func (osw *ObjectStatusWriter) WithObject(obj k8s.Object) (_ *ObjectStatusWriter, commit func())

WithObject returns a new ObjectStatusWriter with a copy of the current ObjectStatusWriter's values, including its status if set. This is convenient if the object shares a relationship with its parent. The caller should arrange for the commit function to be called to write the final status of the object.

func (*ObjectStatusWriter) WithValue Uses

func (osw *ObjectStatusWriter) WithValue(key, val string) *ObjectStatusWriter

type Observer Uses

type Observer interface {
    OnChange(*DAG)
}

Observer is an interface for receiving notification of DAG updates.

func ComposeObservers Uses

func ComposeObservers(observers ...Observer) Observer

ComposeObservers returns a new Observer that calls each of its arguments in turn.

type ObserverFunc Uses

type ObserverFunc func(*DAG)

ObserverFunc is a function that implements the Observer interface by calling itself. It can be nil.

func (ObserverFunc) OnChange Uses

func (f ObserverFunc) OnChange(d *DAG)

type PeerValidationContext Uses

type PeerValidationContext struct {
    // CACertificate holds a reference to the Secret containing the CA to be used to
    // verify the upstream connection.
    CACertificate *Secret
    // SubjectName holds an optional subject name which Envoy will check against the
    // certificate presented by the upstream.
    SubjectName string
}

PeerValidationContext defines how to validate the certificate on the upstream service.

func (*PeerValidationContext) GetCACertificate Uses

func (pvc *PeerValidationContext) GetCACertificate() []byte

GetCACertificate returns the CA certificate from PeerValidationContext.

func (*PeerValidationContext) GetSubjectName Uses

func (pvc *PeerValidationContext) GetSubjectName() string

GetSubjectName returns the SubjectName from PeerValidationContext.

type PrefixMatchCondition Uses

type PrefixMatchCondition struct {
    Prefix string
}

PrefixMatchCondition matches the start of a URL.

func (*PrefixMatchCondition) String Uses

func (pc *PrefixMatchCondition) String() string

type Processor Uses

type Processor interface {
    // Run executes the processor.
    Run(dag *DAG, source *KubernetesCache)
}

Processor constructs part of a DAG.

type ProcessorFunc Uses

type ProcessorFunc func(*DAG, *KubernetesCache)

ProcessorFunc adapts a function to the Processor interface.

func (ProcessorFunc) Run Uses

func (pf ProcessorFunc) Run(dag *DAG, source *KubernetesCache)

type RateLimitPolicy Uses

type RateLimitPolicy struct {
    Local *LocalRateLimitPolicy
}

RateLimitPolicy holds rate limiting parameters.

type RegexMatchCondition Uses

type RegexMatchCondition struct {
    Regex string
}

RegexMatchCondition matches the URL by regular expression.

func (*RegexMatchCondition) String Uses

func (rc *RegexMatchCondition) String() string

type RetryPolicy Uses

type RetryPolicy struct {
    // RetryOn specifies the conditions under which retry takes place.
    // If empty, retries will not be performed.
    RetryOn string

    // RetriableStatusCodes specifies the HTTP status codes under which retry takes place.
    RetriableStatusCodes []uint32

    // NumRetries specifies the allowed number of retries.
    // Ignored if RetryOn is blank, or defaults to 1 if RetryOn is set.
    NumRetries uint32

    // PerTryTimeout specifies the timeout per retry attempt.
    // Ignored if RetryOn is blank.
    PerTryTimeout timeout.Setting
}

RetryPolicy defines the retry / number / timeout options

type Route Uses

type Route struct {

    // PathMatchCondition specifies a MatchCondition to match on the request path.
    // Must not be nil.
    PathMatchCondition MatchCondition

    // HeaderMatchConditions specifies a set of additional Conditions to
    // match on the request headers.
    HeaderMatchConditions []HeaderMatchCondition

    Clusters []*Cluster

    // Should this route generate a 301 upgrade if accessed
    // over HTTP?
    HTTPSUpgrade bool

    // AuthDisabled is set if authorization should be disabled
    // for this route. If authorization is disabled, the AuthContext
    // field has no effect.
    AuthDisabled bool

    // AuthContext sets the authorization context (if authorization is enabled).
    AuthContext map[string]string

    // Is this a websocket route?
    // TODO(dfc) this should go on the service
    Websocket bool

    // TimeoutPolicy defines the timeout request/idle
    TimeoutPolicy TimeoutPolicy

    // RetryPolicy defines the retry / number / timeout options for a route
    RetryPolicy *RetryPolicy

    // Indicates that during forwarding, the matched prefix (or path) should be swapped with this value
    PrefixRewrite string

    // Mirror Policy defines the mirroring policy for this Route.
    MirrorPolicy *MirrorPolicy

    // RequestHeadersPolicy defines how headers are managed during forwarding
    RequestHeadersPolicy *HeadersPolicy

    // ResponseHeadersPolicy defines how headers are managed during forwarding
    ResponseHeadersPolicy *HeadersPolicy

    // RateLimitPolicy defines if/how requests for the route are rate limited.
    RateLimitPolicy *RateLimitPolicy
}

Route defines the properties of a route to a Cluster.

func (*Route) HasPathPrefix Uses

func (r *Route) HasPathPrefix() bool

HasPathPrefix returns whether this route has a PrefixPathCondition.

func (*Route) HasPathRegex Uses

func (r *Route) HasPathRegex() bool

HasPathRegex returns whether this route has a RegexPathCondition.

func (*Route) Visit Uses

func (r *Route) Visit(f func(Vertex))

type RouteServiceName Uses

type RouteServiceName struct {
    Name      string
    Namespace string
    Port      int32
}

RouteServiceName identifies a service used in a route.

type Secret Uses

type Secret struct {
    Object *v1.Secret
}

Secret represents a K8s Secret for TLS usage as a DAG Vertex. A Secret is a leaf in the DAG.

func (*Secret) Cert Uses

func (s *Secret) Cert() []byte

Cert returns the secret's tls certificate

func (*Secret) Data Uses

func (s *Secret) Data() map[string][]byte

Data returns the contents of the backing secret's map.

func (*Secret) Name Uses

func (s *Secret) Name() string

func (*Secret) Namespace Uses

func (s *Secret) Namespace() string

func (*Secret) PrivateKey Uses

func (s *Secret) PrivateKey() []byte

PrivateKey returns the secret's tls private key

func (*Secret) Visit Uses

func (s *Secret) Visit(func(Vertex))

type SecureVirtualHost Uses

type SecureVirtualHost struct {
    VirtualHost

    // TLS minimum protocol version. Defaults to envoy_tls_v3.TlsParameters_TLS_AUTO
    MinTLSVersion string

    // The cert and key for this host.
    Secret *Secret

    // FallbackCertificate
    FallbackCertificate *Secret

    // Service to TCP proxy all incoming connections.
    *TCPProxy

    // DownstreamValidation defines how to verify the client's certificate.
    DownstreamValidation *PeerValidationContext

    // AuthorizationService points to the extension that client
    // requests are forwarded to for authorization. If nil, no
    // authorization is enabled for this host.
    AuthorizationService *ExtensionCluster

    // AuthorizationResponseTimeout sets how long the proxy should wait
    // for authorization server responses.
    AuthorizationResponseTimeout timeout.Setting

    // AuthorizationFailOpen sets whether authorization server
    // failures should cause the client request to also fail. The
    // only reason to set this to `true` is when you are migrating
    // from internal to external authorization.
    AuthorizationFailOpen bool
}

A SecureVirtualHost represents a HTTP host protected by TLS.

func (*SecureVirtualHost) Valid Uses

func (s *SecureVirtualHost) Valid() bool

func (*SecureVirtualHost) Visit Uses

func (s *SecureVirtualHost) Visit(f func(Vertex))

type Service Uses

type Service struct {
    Weighted WeightedService

    // Protocol is the layer 7 protocol of this service
    // One of "", "h2", "h2c", or "tls".
    Protocol string

    // Max connections is maximum number of connections
    // that Envoy will make to the upstream cluster.
    MaxConnections uint32

    // MaxPendingRequests is maximum number of pending
    // requests that Envoy will allow to the upstream cluster.
    MaxPendingRequests uint32

    // MaxRequests is the maximum number of parallel requests that
    // Envoy will make to the upstream cluster.
    MaxRequests uint32

    // MaxRetries is the maximum number of parallel retries that
    // Envoy will allow to the upstream cluster.
    MaxRetries uint32

    // ExternalName is an optional field referencing a dns entry for Service type "ExternalName"
    ExternalName string
}

Service represents a single Kubernetes' Service's Port.

func (*Service) Visit Uses

func (s *Service) Visit(f func(Vertex))

Visit applies the visitor function to the Service vertex.

type ServiceCluster Uses

type ServiceCluster struct {
    // ClusterName is a globally unique name for this ServiceCluster.
    // It is eventually used as the Envoy ClusterLoadAssignment
    // name, and must not be empty.
    ClusterName string
    // Services are the load balancing targets. This slice must not be empty.
    Services []WeightedService
}

ServiceCluster capture the set of Kubernetes Services that will compose the endpoints for a Envoy cluster. Traffic is balanced across the Service slice based on the weight of the elements.

func (*ServiceCluster) AddService Uses

func (s *ServiceCluster) AddService(name types.NamespacedName, port v1.ServicePort)

AddService adds the given service with a default weight of 1.

func (*ServiceCluster) AddWeightedService Uses

func (s *ServiceCluster) AddWeightedService(weight uint32, name types.NamespacedName, port v1.ServicePort)

AddWeightedService adds the given service with the given weight.

func (*ServiceCluster) DeepCopy Uses

func (s *ServiceCluster) DeepCopy() *ServiceCluster

TODO(jpeach): apply deepcopy-gen to DAG objects.

func (*ServiceCluster) Rebalance Uses

func (s *ServiceCluster) Rebalance()

Rebalance rewrites the weights for the service cluster so that if no weights are specifies, the traffic is evenly distributed. This matches the behavior of weighted routes. Note that this is a destructive operation.

func (*ServiceCluster) Validate Uses

func (s *ServiceCluster) Validate() error

Validate checks whether this ServiceCluster satisfies its semantic invariants.

func (*ServiceCluster) Visit Uses

func (s *ServiceCluster) Visit(func(Vertex))

type Status Uses

type Status struct {
    Object      k8s.Object
    Status      string
    Description string
    Vhost       string
}

Status contains the status for an HTTPProxy (valid / invalid / orphan, etc)

type StatusWriter Uses

type StatusWriter struct {
    // contains filtered or unexported fields
}

func (*StatusWriter) WithObject Uses

func (sw *StatusWriter) WithObject(obj k8s.Object) (_ *ObjectStatusWriter, commit func())

WithObject returns an ObjectStatusWriter that can be used to set the state of the object. The state can be set as many times as necessary. The state of the object can be made permanent by calling the commit function returned from WithObject. The caller should pass the ObjectStatusWriter to functions interested in writing status, but keep the commit function for itself. The commit function should be either called via a defer, or directly if statuses are being set in a loop (as defers will not fire until the end of the function).

type TCPHealthCheckPolicy Uses

type TCPHealthCheckPolicy struct {
    Interval           time.Duration
    Timeout            time.Duration
    UnhealthyThreshold uint32
    HealthyThreshold   uint32
}

Cluster tcp health check policy

type TCPProxy Uses

type TCPProxy struct {

    // Clusters is the, possibly weighted, set
    // of upstream services to forward decrypted traffic.
    Clusters []*Cluster
}

TCPProxy represents a cluster of TCP endpoints.

func (*TCPProxy) Visit Uses

func (t *TCPProxy) Visit(f func(Vertex))

type TimeoutPolicy Uses

type TimeoutPolicy struct {
    // ResponseTimeout is the timeout applied to the response
    // from the backend server.
    ResponseTimeout timeout.Setting

    // IdleTimeout is the timeout applied to idle connections.
    IdleTimeout timeout.Setting
}

TimeoutPolicy defines the timeout policy for a route.

type Vertex Uses

type Vertex interface {
    Visit(func(Vertex))
}

Vertex is a node in the DAG that can be visited.

type VirtualHost Uses

type VirtualHost struct {
    // Name is the fully qualified domain name of a network host,
    // as defined by RFC 3986.
    Name string

    // CORSPolicy is the cross-origin policy to apply to the VirtualHost.
    CORSPolicy *CORSPolicy

    // RateLimitPolicy defines if/how requests for the virtual host
    // are rate limited.
    RateLimitPolicy *RateLimitPolicy
    // contains filtered or unexported fields
}

A VirtualHost represents a named L4/L7 service.

func (*VirtualHost) Valid Uses

func (v *VirtualHost) Valid() bool

func (*VirtualHost) Visit Uses

func (v *VirtualHost) Visit(f func(Vertex))

type WeightedService Uses

type WeightedService struct {
    // Weight is the integral load balancing weight.
    Weight uint32
    // ServiceName is the v1.Service name.
    ServiceName string
    // ServiceNamespace is the v1.Service namespace.
    ServiceNamespace string
    // ServicePort is the port to which we forward traffic.
    ServicePort v1.ServicePort
}

WeightedService represents the load balancing weight of a particular v1.Weighted port.

Package dag imports 31 packages (graph) and is imported by 18 packages. Updated 2021-01-22. Refresh now. Tools for package owners.