istio: Index | Files

package controller

import ""


Package Files

controller.go endpoint_builder.go endpointcontroller.go endpoints.go endpointslice.go multicluster.go namespacecontroller.go pod.go util.go


const (
    // NodeRegionLabel is the well-known label for kubernetes node region in beta
    NodeRegionLabel = ""
    // NodeZoneLabel is the well-known label for kubernetes node zone in beta
    NodeZoneLabel = ""
    // NodeRegionLabelGA is the well-known label for kubernetes node region in ga
    NodeRegionLabelGA = ""
    // NodeZoneLabelGA is the well-known label for kubernetes node zone in ga
    NodeZoneLabelGA = ""
    // IstioSubzoneLabel is custom subzone label for locality-based routing in Kubernetes see:
    IstioSubzoneLabel = ""
    // IstioNamespace used by default for Istio cluster-wide installation
    IstioNamespace = "istio-system"
const (
    // Every NamespaceResyncPeriod, namespaceUpdated() will be invoked
    // for every namespace. This value must be configured so Citadel
    // can update its CA certificate in a ConfigMap in every namespace.
    NamespaceResyncPeriod = time.Second * 60
    // The name of the ConfigMap in each namespace storing the root cert of non-Kube CA.
    CACertNamespaceConfigMap = "istio-ca-root-cert"


var EndpointModeNames = map[EndpointMode]string{
    EndpointsOnly:     "EndpointsOnly",
    EndpointSliceOnly: "EndpointSliceOnly",

func FindPort Uses

func FindPort(pod *v1.Pod, svcPort *v1.ServicePort) (int, error)

Forked from Kubernetes FindPort locates the container port for the given pod and portName. If the targetPort is a number, use that. If the targetPort is a string, look that string up in all named ports in all containers in the target pod. If no match is found, fail.

type Controller Uses

type Controller struct {
    // contains filtered or unexported fields

Controller is a collection of synchronized resource watchers Caches are thread-safe

func NewController Uses

func NewController(kubeClient kubelib.Client, options Options) *Controller

NewController creates a new Kubernetes controller Created by bootstrap and multicluster (see secretcontroler).

func (*Controller) AppendInstanceHandler Uses

func (c *Controller) AppendInstanceHandler(f func(*model.ServiceInstance, model.Event)) error

AppendInstanceHandler implements a service catalog operation

func (*Controller) AppendServiceHandler Uses

func (c *Controller) AppendServiceHandler(f func(*model.Service, model.Event)) error

AppendServiceHandler implements a service catalog operation

func (*Controller) Cluster Uses

func (c *Controller) Cluster() string

func (*Controller) ForeignServiceInstanceHandler Uses

func (c *Controller) ForeignServiceInstanceHandler(si *model.ServiceInstance, event model.Event)

ForeignServiceInstanceHandler defines the handler for service instances generated by other registries

func (*Controller) GetIstioServiceAccounts Uses

func (c *Controller) GetIstioServiceAccounts(svc *model.Service, ports []int) []string

GetIstioServiceAccounts returns the Istio service accounts running a serivce hostname. Each service account is encoded according to the SPIFFE VSID spec. For example, a service account named "bar" in namespace "foo" is encoded as "spiffe://cluster.local/ns/foo/sa/bar".

func (*Controller) GetProxyServiceInstances Uses

func (c *Controller) GetProxyServiceInstances(proxy *model.Proxy) ([]*model.ServiceInstance, error)

GetProxyServiceInstances returns service instances co-located with a given proxy TODO: this code does not return k8s service instances when the proxy's IP is a workload entry To tackle this, we need a ip2instance map like what we have in service entry.

func (*Controller) GetProxyWorkloadLabels Uses

func (c *Controller) GetProxyWorkloadLabels(proxy *model.Proxy) (labels.Collection, error)

func (*Controller) GetService Uses

func (c *Controller) GetService(hostname host.Name) (*model.Service, error)

GetService implements a service catalog operation by hostname specified.

func (*Controller) HasSynced Uses

func (c *Controller) HasSynced() bool

HasSynced returns true after the initial state synchronization

func (*Controller) InstancesByPort Uses

func (c *Controller) InstancesByPort(svc *model.Service, reqSvcPort int,
    labelsList labels.Collection) ([]*model.ServiceInstance, error)

InstancesByPort implements a service catalog operation

func (*Controller) Provider Uses

func (c *Controller) Provider() serviceregistry.ProviderID

func (*Controller) Run Uses

func (c *Controller) Run(stop <-chan struct{})

Run all controllers until a signal is received

func (*Controller) Services Uses

func (c *Controller) Services() ([]*model.Service, error)

Services implements a service catalog operation

func (*Controller) Stop Uses

func (c *Controller) Stop()

Stop the controller. Only for tests, to simplify the code (defer c.Stop())

type EndpointBuilder Uses

type EndpointBuilder struct {
    // contains filtered or unexported fields

A stateful IstioEndpoint builder with metadata used to build IstioEndpoint

func NewEndpointBuilder Uses

func NewEndpointBuilder(c *Controller, pod *v1.Pod) *EndpointBuilder

type EndpointMode Uses

type EndpointMode int

EndpointMode decides what source to use to get endpoint information

const (
    // EndpointsOnly type will use only Kubernetes Endpoints
    EndpointsOnly EndpointMode = iota

    // EndpointSliceOnly type will use only Kubernetes EndpointSlices

func (EndpointMode) String Uses

func (m EndpointMode) String() string

type Multicluster Uses

type Multicluster struct {
    WatchedNamespaces string
    DomainSuffix      string
    ResyncPeriod      time.Duration

    XDSUpdater model.XDSUpdater
    // contains filtered or unexported fields

Multicluster structure holds the remote kube Controllers and multicluster specific attributes.

func NewMulticluster Uses

func NewMulticluster(kc kubernetes.Interface, secretNamespace string, opts Options,
    serviceController *aggregate.Controller, xds model.XDSUpdater, networksWatcher mesh.NetworksWatcher) (*Multicluster, error)

NewMulticluster initializes data structure to store multicluster information It also starts the secret controller

func (*Multicluster) AddMemberCluster Uses

func (m *Multicluster) AddMemberCluster(clients kubelib.Client, clusterID string) error

AddMemberCluster is passed to the secret controller as a callback to be called when a remote cluster is added. This function needs to set up all the handlers to watch for resources being added, deleted or changed on remote clusters.

func (*Multicluster) DeleteMemberCluster Uses

func (m *Multicluster) DeleteMemberCluster(clusterID string) error

DeleteMemberCluster is passed to the secret controller as a callback to be called when a remote cluster is deleted. Also must clear the cache so remote resources are removed.

func (*Multicluster) GetRemoteKubeClient Uses

func (m *Multicluster) GetRemoteKubeClient(clusterID string) kubernetes.Interface

func (*Multicluster) UpdateMemberCluster Uses

func (m *Multicluster) UpdateMemberCluster(clients kubelib.Client, clusterID string) error

type NamespaceController Uses

type NamespaceController struct {
    // contains filtered or unexported fields

NamespaceController manages reconciles a configmap in each namespace with a desired set of data.

func NewNamespaceController Uses

func NewNamespaceController(data func() map[string]string, options Options, kubeClient kubernetes.Interface) *NamespaceController

NewNamespaceController returns a pointer to a newly constructed NamespaceController instance.

func (*NamespaceController) Run Uses

func (nc *NamespaceController) Run(stopCh <-chan struct{})

Run starts the NamespaceController until a value is sent to stopCh.

type Options Uses

type Options struct {
    // Namespace the controller watches. If set to meta_v1.NamespaceAll (""), controller watches all namespaces
    WatchedNamespaces string
    ResyncPeriod      time.Duration
    DomainSuffix      string

    // ClusterID identifies the remote cluster in a multicluster env.
    ClusterID string

    // FetchCaRoot defines the function to get caRoot
    FetchCaRoot func() map[string]string

    // Metrics for capturing node-based metrics.
    Metrics model.Metrics

    // XDSUpdater will push changes to the xDS server.
    XDSUpdater model.XDSUpdater

    // TrustDomain used in SPIFFE identity
    TrustDomain string

    // NetworksWatcher observes changes to the mesh networks config.
    NetworksWatcher mesh.NetworksWatcher

    // EndpointMode decides what source to use to get endpoint information
    EndpointMode EndpointMode

    // CABundlePath defines the caBundle path for istiod Server
    CABundlePath string

Options stores the configurable attributes of a Controller.

type PodCache Uses

type PodCache struct {

    // IPByPods is a reverse map of podsByIP. This exists to allow us to prune stale entries in the
    // pod cache if a pod changes IP.
    IPByPods map[string]string
    // contains filtered or unexported fields

PodCache is an eventually consistent pod cache

Package controller imports 46 packages (graph) and is imported by 15 packages. Updated 2020-07-06. Refresh now. Tools for package owners.