Documentation
¶
Index ¶
Constants ¶
View Source
const ( // LeaderElectionEnabled is a constant that represents a value that should be used to enable leader election. LeaderElectionEnabled = "enabled" // LeaderElectionDisabled is a constant that represents a value that should be used to disable leader election. LeaderElectionDisabled = "disabled" )
View Source
const ( // DefaultDataPlanesReadinessReconciliationInterval is the interval at which the manager will run DPs readiness reconciliation loop. // It's the same as the default interval of a Kubernetes container's readiness probe. DefaultDataPlanesReadinessReconciliationInterval = 10 * time.Second // MinDataPlanesReadinessReconciliationInterval is the minimum interval of DPs readiness reconciliation loop. MinDataPlanesReadinessReconciliationInterval = 3 * time.Second // DefaultDataPlanesReadinessCheckTimeout is the default timeout of readiness check. // When a readiness check request did not get response within the timeout, the gateway instance will turn into `Pending` status. DefaultDataPlanesReadinessCheckTimeout = 5 * time.Second )
View Source
const ( // MinKonnectConfigUploadPeriod is the minimum period between operations to upload Kong configuration to Konnect. MinKonnectConfigUploadPeriod = 10 * time.Second // DefaultKonnectConfigUploadPeriod is the default period between operations to upload Kong configuration to Konnect. DefaultKonnectConfigUploadPeriod = 30 * time.Second )
View Source
const ( // GatewayAlphaFeature is the name of the feature-gate for enabling or // disabling the Alpha maturity APIs and relevant features for Gateway API. GatewayAlphaFeature = "GatewayAlpha" // FillIDsFeature is the name of the feature-gate that makes KIC fill in the ID fields of Kong entities (Services, // Routes, and Consumers). It ensures that IDs remain stable across restarts of the controller. FillIDsFeature = "FillIDs" // RewriteURIsFeature is the name of the feature-gate for enabling/disabling konghq.com/rewrite annotation. RewriteURIsFeature = "RewriteURIs" // KongServiceFacadeFeature is the name of the feature-gate for enabling KongServiceFacade CR reconciliation. KongServiceFacadeFeature = "KongServiceFacade" // SanitizeKonnectConfigDumpsFeature is the name of the feature-gate that enables sanitization of Konnect config dumps. SanitizeKonnectConfigDumpsFeature = "SanitizeKonnectConfigDumps" // FallbackConfigurationFeature is the name of the feature-gate that enables generating fallback configuration in the case // of entity errors returned by the Kong Admin API. FallbackConfigurationFeature = "FallbackConfiguration" // KongCustomEntityFeature is the name of the feature-gate for enabling KongCustomEntity CR reconciliation // for configuring custom Kong entities that KIC does not support yet. // Requires feature gate `FillIDs` to be enabled. KongCustomEntityFeature = "KongCustomEntity" )
View Source
const (
// DocsURL provides a link to the documentation for feature gates in the KIC repository.
DocsURL = "https://github.com/Kong/kubernetes-ingress-controller/blob/main/FEATURE_GATES.md"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AdminAPIClientConfig ¶
type AdminAPIClientConfig struct {
// Disable verification of TLS certificate of Kong's Admin endpoint.
TLSSkipVerify bool
// SNI name to use to verify the certificate presented by Kong in TLS.
TLSServerName string
// Path to PEM-encoded CA certificate file to verify Kong's Admin SSL certificate.
CACertPath string
// PEM-encoded CA certificate to verify Kong's Admin SSL certificate.
CACert string
// Array of headers added to every Admin API call.
Headers []string
// TLSClient is TLS client config.
TLSClient TLSClientConfig
}
AdminAPIClientConfig defines parameters that configure a client for Kong Admin API.
type AdmissionServerConfig ¶
type AdmissionServerConfig struct {
ListenAddr string
CertPath string
Cert string
KeyPath string
Key string
}
AdmissionServerConfig defines parameters that configure the Admission Server run by the controller.
type Config ¶
type Config struct {
// Logging configurations
LogLevel string
LogFormat string
// Kong high-level controller manager configurations
KongAdminAPIConfig AdminAPIClientConfig
KongAdminInitializationRetries uint
KongAdminInitializationRetryDelay time.Duration
KongAdminToken string
KongAdminTokenPath string
KongWorkspace string
AnonymousReports bool
EnableReverseSync bool
UseLastValidConfigForFallback bool
SyncPeriod time.Duration
SkipCACertificates bool
CacheSyncTimeout time.Duration
GracefulShutdownTimeout *time.Duration
// Kong Proxy configurations
APIServerHost string
APIServerQPS int
APIServerBurst int
APIServerCAData []byte
APIServerCertData []byte
APIServerKeyData []byte
MetricsAddr string
MetricsAccessFilter MetricsAccessFilter
ProbeAddr string
KongAdminURLs []string
KongAdminSvc OptionalNamespacedName
GatewayDiscoveryReadinessCheckInterval time.Duration
GatewayDiscoveryReadinessCheckTimeout time.Duration
KongAdminSvcPortNames []string
ProxySyncSeconds float32
InitCacheSyncDuration time.Duration
ProxyTimeoutSeconds float32
// KubeRestConfig takes precedence over any fields related to what it configures,
// such as APIServerHost, APIServerQPS, etc. It's intended to be used when the controller
// is run as a part of Kong Operator. It bypass the mechanism of constructing this config.
KubeRestConfig *rest.Config
// Kubernetes configurations
KubeconfigPath string
IngressClassName string
LeaderElectionNamespace string
LeaderElectionID string
LeaderElectionForce string
Concurrency int
FilterTags []string
WatchNamespaces []string
GatewayAPIControllerName string
Impersonate string
EmitKubernetesEvents bool
ClusterDomain string
// Ingress status
PublishServiceUDP OptionalNamespacedName
PublishService OptionalNamespacedName
PublishStatusAddress []string
PublishStatusAddressUDP []string
UpdateStatus bool
UpdateStatusQueueBufferSize int
// Kubernetes API toggling
IngressNetV1Enabled bool
IngressClassNetV1Enabled bool
IngressClassParametersEnabled bool
UDPIngressEnabled bool
TCPIngressEnabled bool
KongIngressEnabled bool
KongClusterPluginEnabled bool
KongPluginEnabled bool
KongConsumerEnabled bool
ServiceEnabled bool
KongUpstreamPolicyEnabled bool
KongServiceFacadeEnabled bool
KongVaultEnabled bool
KongLicenseEnabled bool
KongCustomEntityEnabled bool
// Gateway API toggling.
GatewayAPIGatewayController bool
GatewayAPIHTTPRouteController bool
GatewayAPIReferenceGrantController bool
GatewayAPIGRPCRouteController bool
// GatewayToReconcile specifies the Gateway to be reconciled.
GatewayToReconcile OptionalNamespacedName
// SecretLabelSelector specifies the label which will be used to limit the ingestion of secrets. Only those that have this label set to "true" will be ingested.
SecretLabelSelector string
// ConfigMapLabelSelector specifies the label which will be used to limit the ingestion of configmaps. Only those that have this label set to "true" will be ingested.
ConfigMapLabelSelector string
// Admission Webhook server config
AdmissionServer AdmissionServerConfig
// Diagnostics and performance
EnableProfiling bool
EnableConfigDumps bool
DumpSensitiveConfig bool
DiagnosticServerPort int
// TODO: https://github.com/Kong/kubernetes-ingress-controller/issues/7285
// instead of this toggle, move the server out of the internal.Manager
DisableRunningDiagnosticsServer bool
// EnableDrainSupport controls whether to include terminating endpoints in Kong upstreams
// with weight=0 for graceful connection draining
EnableDrainSupport bool
// CombinedServicesFromDifferentHTTPRoutes controls whether we should combine rules from different HTTPRoutes
// that are sharing the same combination of backends to one Kong service.
CombinedServicesFromDifferentHTTPRoutes bool
// Feature Gates
FeatureGates FeatureGates
// TermDelay is the time.Duration which the controller manager will wait
// after receiving SIGTERM or SIGINT before shutting down. This can be
// helpful for advanced cases with load-balancers so that the ingress
// controller can be gracefully removed/drained from their rotation.
TermDelay time.Duration
Konnect KonnectConfig
// AnonymousReportsFixedPayloadCustomizer allows customization of anonymous telemetry reports sent by the controller.
AnonymousReportsFixedPayloadCustomizer types.PayloadCustomizer
// Override default telemetry settings (e.g. for testing). They aren't exposed in the CLI.
SplunkEndpoint string
SplunkEndpointInsecureSkipVerify bool
TelemetryPeriod time.Duration
}
Config is the configuration for the Kong Ingress Controller.
type FeatureGates ¶
func GetFeatureGatesDefaults ¶
func GetFeatureGatesDefaults() FeatureGates
GetFeatureGatesDefaults returns the default values for all feature gates.
NOTE: if you're adding a new feature gate, it needs to be added here.
func NewFeatureGates ¶
func NewFeatureGates(featureGates map[string]bool) (FeatureGates, error)
NewFeatureGates creates FeatureGates from the given feature gate map, overriding the default settings.
func (FeatureGates) Enabled ¶
func (fg FeatureGates) Enabled(feature string) bool
type KonnectConfig ¶
type KonnectConfig struct {
// TODO: https://github.com/Kong/kubernetes-ingress-controller/issues/3922
// ConfigSynchronizationEnabled is the only toggle we had prior to the addition of the license agent.
// We likely want to combine these into a single Konnect toggle or piggyback off other Konnect functionality.
ConfigSynchronizationEnabled bool
ControlPlaneID string
Address string
UploadConfigPeriod time.Duration
RefreshNodePeriod time.Duration
TLSClient TLSClientConfig
LicenseSynchronizationEnabled bool
InitialLicensePollingPeriod time.Duration
LicensePollingPeriod time.Duration
LicenseStorageEnabled bool
ConsumersSyncDisabled bool
}
type MetricsAccessFilter ¶
type MetricsAccessFilter string
MetricsAccessFilter defines the access filter function for the metrics endpoint.
const ( // MetricsAccessFilterOff disabled the access filter on metrics endpoint. MetricsAccessFilterOff MetricsAccessFilter = "off" // MetricsAccessFilterRBAC enables the access filter on metrics endpoint. // For more information consult: // https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/metrics/filters#WithAuthenticationAndAuthorization MetricsAccessFilterRBAC MetricsAccessFilter = "rbac" )
func (MetricsAccessFilter) String ¶
func (mf MetricsAccessFilter) String() string
String returns the string representation of the MetricsFilter.
type OptionalNamespacedName ¶
type OptionalNamespacedName = mo.Option[k8stypes.NamespacedName]
OptionalNamespacedName is a type that represents a NamespacedName that can be omitted in config.
type TLSClientConfig ¶
type TLSClientConfig struct {
// Cert is a client certificate.
Cert string
// CertFile is a client certificate file path.
CertFile string
// Key is a client key.
Key string
// KeyFile is a client key file path.
KeyFile string
}
TLSClientConfig contains TLS client certificate and client key to be used when connecting with Admin APIs. It's validated with manager.validateClientTLS before passing it further down. It guarantees that only the allowed combinations of variables will be passed: - only one of Cert / CertFile, - only one of Key / KeyFile, - if any of Cert / CertFile is set, one of Key / KeyFile has to be set, - if any of Key / KeyFile is set, one of Cert / CertFile has to be set.
func (TLSClientConfig) IsZero ¶
func (c TLSClientConfig) IsZero() bool
Source Files
Click to show internal directories.
Click to hide internal directories.