istio: Index | Files

package sds

import ""

Package sds implements secret discovery service in NodeAgent.


Package Files

monitoring.go sdsservice.go server.go


const (
    // SecretType is used for secret discovery service to construct response.
    SecretType = ""

    // JWTPath is the path to the JWT token used for authentication.
    // Note the use of "./", meaning on tests and VMs it is possible to use without root access.
    // Pilot-agent runs with PWD=/
    JWTPath = "./var/run/secrets/tokens/istio-token"

func NewPlugins Uses

func NewPlugins(in []string) []plugin.Plugin

NewPlugins returns a slice of default Plugins.

func NotifyProxy Uses

func NotifyProxy(connKey cache.ConnKey, secret *model.SecretItem) error

NotifyProxy sends notification to proxy about secret update, SDS will close streaming connection if secret is nil.

type ClientDebug Uses

type ClientDebug struct {
    ConnectionID string `json:"connection_id"`
    ProxyID      string `json:"proxy"`
    ResourceName string `json:"resource_name"`

    // fields from secret item
    CertificateChain string `json:"certificate_chain"`
    RootCert         string `json:"root_cert"`
    CreatedTime      string `json:"created_time"`
    ExpireTime       string `json:"expire_time"`

ClientDebug represents a single SDS connection to the ndoe agent

type Debug Uses

type Debug struct {
    Clients []ClientDebug `json:"clients"`

Debug represents all clients connected to this node agent endpoint and their supplied secrets

type Options Uses

type Options struct {
    // PluginNames is plugins' name for certain authentication provider.
    PluginNames []string

    // WorkloadUDSPath is the unix domain socket through which SDS server communicates with workload proxies.
    WorkloadUDSPath string

    // IngressGatewayUDSPath is the unix domain socket through which SDS server communicates with
    // ingress gateway proxies.
    IngressGatewayUDSPath string

    // CertFile is the path of Cert File for gRPC server TLS settings.
    CertFile string

    // KeyFile is the path of Key File for gRPC server TLS settings.
    KeyFile string

    // CAEndpoint is the CA endpoint to which node agent sends CSR request.
    CAEndpoint string

    // The CA provider name.
    CAProviderName string

    // TrustDomain corresponds to the trust root of a system.
    TrustDomain string

    // The Vault CA address.
    VaultAddress string

    // The Vault auth path.
    VaultAuthPath string

    // The Vault role.
    VaultRole string

    // The Vault sign CSR path.
    VaultSignCsrPath string

    // The Vault TLS root certificate.
    VaultTLSRootCert string

    // GrpcServer is an already configured (shared) grpc server. If set, the agent will just register on the server.
    GrpcServer *grpc.Server

    // Recycle job running interval (to clean up staled sds client connections).
    RecycleInterval time.Duration

    // Debug server port from which node_agent serves SDS configuration dumps
    DebugPort int

    // EnableWorkloadSDS indicates whether node agent works as SDS server for workload proxies.
    EnableWorkloadSDS bool

    // EnableIngressGatewaySDS indicates whether node agent works as ingress gateway agent.
    EnableIngressGatewaySDS bool

    // AlwaysValidTokenFlag is set to true for if token used is always valid(ex, normal k8s JWT)
    AlwaysValidTokenFlag bool

    // UseLocalJWT is set when the sds server should use its own local JWT, and not expect one
    // from the UDS caller. Used when it runs in the same container with Envoy.
    UseLocalJWT bool

Options provides all of the configuration parameters for secret discovery service.

type Server Uses

type Server struct {
    // contains filtered or unexported fields

Server is the gPRC server that exposes SDS through UDS.

func NewServer Uses

func NewServer(options Options, workloadSecretCache, gatewaySecretCache cache.SecretManager) (*Server, error)

NewServer creates and starts the Grpc server for SDS.

func (*Server) Stop Uses

func (s *Server) Stop()

Stop closes the gRPC server and debug server.

Package sds imports 29 packages (graph) and is imported by 4 packages. Updated 2019-12-06. Refresh now. Tools for package owners.