nginx

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 14, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TLS Secret
	TLS = iota
	// JWK Secret
	JWK
)
View Source 
const DefaultServerSecretName = "default"

DefaultServerSecretName is the filename of the Secret with a TLS cert and a key for the default server

View Source 
const JWTKeyAnnotation = "nginx.com/jwt-key"

JWTKeyAnnotation is the annotation where the Secret with a JWK is specified.

View Source 
const JWTKeyKey = "jwk"

JWTKeyKey is the key of the data field of a Secret where the JWK must be stored.

View Source 
const TLSSecretFileMode = 0600

TLSSecretFileMode defines the default filemode for files with TLS Secrets

Variables

This section is empty.

Functions

func GenerateCertAndKeyFileContent 

func GenerateCertAndKeyFileContent(secret *api_v1.Secret) []byte

GenerateCertAndKeyFileContent generates a pem file content from the secret

func GetMapKeyAsBool 

func GetMapKeyAsBool(m map[string]string, key string, context apiObject) (bool, bool, error)

GetMapKeyAsBool searches the map for the given key and parses the key as bool

func GetMapKeyAsInt 

func GetMapKeyAsInt(m map[string]string, key string, context apiObject) (int, bool, error)

GetMapKeyAsInt tries to find and parse a key in a map as int

func GetMapKeyAsInt64 

func GetMapKeyAsInt64(m map[string]string, key string, context apiObject) (int64, bool, error)

GetMapKeyAsInt64 tries to find and parse a key in a map as int64

func GetMapKeyAsStringSlice 

func GetMapKeyAsStringSlice(m map[string]string, key string, context apiObject, delimiter string) ([]string, bool, error)

GetMapKeyAsStringSlice tries to find and parse a key in the map as string slice splitting it on delimiter

func GetSecretKind 

func GetSecretKind(secret *api_v1.Secret) (int, error)

GetSecretKind returns the kind of the Secret.

func ParseLBMethod 

func ParseLBMethod(method string) (string, error)

ParseLBMethod parses method and matches it to a corresponding load balancing method in NGINX. An error is returned if method is not valid

func ParseLBMethodForPlus 

func ParseLBMethodForPlus(method string) (string, error)

ParseLBMethodForPlus parses method and matches it to a corresponding load balancing method in NGINX Plus. An error is returned if method is not valid

func ParseSlowStart 

func ParseSlowStart(s string) (string, error)

ParseSlowStart ensures that the slow_start value in the annotation is valid.

func ValidateJWKSecret 

func ValidateJWKSecret(secret *api_v1.Secret) error

ValidateJWKSecret validates the secret. If it is valid, the function returns nil.

func ValidateTLSSecret 

func ValidateTLSSecret(secret *api_v1.Secret) error

ValidateTLSSecret validates the secret. If it is valid, the function returns nil.

Types

type Config 

type Config struct {
	LocationSnippets              []string
	ServerSnippets                []string
	ServerTokens                  string
	ProxyConnectTimeout           string
	ProxyReadTimeout              string
	ClientMaxBodySize             string
	HTTP2                         bool
	RedirectToHTTPS               bool
	SSLRedirect                   bool
	MainMainSnippets              []string
	MainHTTPSnippets              []string
	MainStreamSnippets            []string
	MainServerNamesHashBucketSize string
	MainServerNamesHashMaxSize    string
	MainLogFormat                 string
	MainErrorLogLevel             string
	MainStreamLogFormat           string
	ProxyBuffering                bool
	ProxyBuffers                  string
	ProxyBufferSize               string
	ProxyMaxTempFileSize          string
	ProxyProtocol                 bool
	ProxyHideHeaders              []string
	ProxyPassHeaders              []string
	HSTS                          bool
	HSTSMaxAge                    int64
	HSTSIncludeSubdomains         bool
	LBMethod                      string
	MainWorkerProcesses           string
	MainWorkerCPUAffinity         string
	MainWorkerShutdownTimeout     string
	MainWorkerConnections         string
	MainWorkerRlimitNofile        string
	Keepalive                     int64
	MaxFails                      int
	FailTimeout                   string
	HealthCheckEnabled            bool
	HealthCheckMandatory          bool
	HealthCheckMandatoryQueue     int64
	SlowStart                     string

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool

	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	MainServerSSLProtocols           string
	MainServerSSLPreferServerCiphers bool
	MainServerSSLCiphers             string
	MainServerSSLDHParam             string
	MainServerSSLDHParamFileContent  *string

	MainTemplate    *string
	IngressTemplate *string

	JWTRealm    string
	JWTKey      string
	JWTToken    string
	JWTLoginURL string

	Ports    []int
	SSLPorts []int
}

Config holds NGINX configuration parameters

func NewDefaultConfig 

func NewDefaultConfig() *Config

NewDefaultConfig creates a Config with default values

func ParseConfigMap 

func ParseConfigMap(cfgm *api_v1.ConfigMap, nginxPlus bool) *Config

ParseConfigMap Parse ConfigMap to Config

type Configurator 

type Configurator struct {
	// contains filtered or unexported fields
}

Configurator transforms an Ingress resource into NGINX Configuration

func NewConfigurator 

func NewConfigurator(nginx *Controller, config *Config, nginxAPI *plus.NginxAPIController, templateExecutor *TemplateExecutor) *Configurator

NewConfigurator creates a new Configurator

func (*Configurator) AddOrUpdateDHParam 

func (cnf *Configurator) AddOrUpdateDHParam(content string) (string, error)

AddOrUpdateDHParam creates a dhparam file with the content of the string.

func (*Configurator) AddOrUpdateDefaultServerTLSSecret 

func (cnf *Configurator) AddOrUpdateDefaultServerTLSSecret(secret *api_v1.Secret) error

AddOrUpdateDefaultServerTLSSecret creates or updates a file with a TLS cert and a key from the secret for the default server.

func (*Configurator) AddOrUpdateIngress 

func (cnf *Configurator) AddOrUpdateIngress(ingEx *IngressEx) error

AddOrUpdateIngress adds or updates NGINX configuration for the Ingress resource

func (*Configurator) AddOrUpdateMergeableIngress 

func (cnf *Configurator) AddOrUpdateMergeableIngress(mergeableIngs *MergeableIngresses) error

AddOrUpdateMergeableIngress adds or updates NGINX configuration for the Ingress resources with Mergeable Types

func (*Configurator) AddOrUpdateSecret 

func (cnf *Configurator) AddOrUpdateSecret(secret *api_v1.Secret, ingExes []IngressEx, mergeableIngresses []MergeableIngresses) error

AddOrUpdateSecret creates or updates a file with the content of the secret

func (*Configurator) DeleteIngress 

func (cnf *Configurator) DeleteIngress(key string) error

DeleteIngress deletes NGINX configuration for the Ingress resource

func (*Configurator) DeleteSecret 

func (cnf *Configurator) DeleteSecret(key string, ingExes []IngressEx, mergeableIngresses []MergeableIngresses) error

DeleteSecret deletes the file associated with the secret and the configuration files for the Ingress resources. NGINX is reloaded only when len(ings) > 0

func (*Configurator) HasIngress 

func (cnf *Configurator) HasIngress(ing *extensions.Ingress) bool

HasIngress checks if the Ingress resource is present in NGINX configuration

func (*Configurator) HasMinion 

func (cnf *Configurator) HasMinion(master *extensions.Ingress, minion *extensions.Ingress) bool

HasMinion checks if the minion Ingress resource of the master is present in NGINX configuration

func (*Configurator) UpdateConfig 

func (cnf *Configurator) UpdateConfig(config *Config, ingExes []*IngressEx, mergeableIngs map[string]*MergeableIngresses) error

UpdateConfig updates NGINX Configuration parameters

func (*Configurator) UpdateEndpoints 

func (cnf *Configurator) UpdateEndpoints(ingExes []*IngressEx) error

UpdateEndpoints updates endpoints in NGINX configuration for the Ingress resources

func (*Configurator) UpdateEndpointsMergeableIngress 

func (cnf *Configurator) UpdateEndpointsMergeableIngress(mergableIngressesSlice []*MergeableIngresses) error

UpdateEndpointsMergeableIngress updates endpoints in NGINX configuration for a mergeable Ingress resource

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Controller updates NGINX configuration, starts and reloads NGINX

func NewNginxController 

func NewNginxController(nginxConfPath string, nginxBinaryPath string, local bool) *Controller

NewNginxController creates a NGINX controller

func (*Controller) AddOrUpdateDHParam 

func (nginx *Controller) AddOrUpdateDHParam(dhparam string) (string, error)

AddOrUpdateDHParam creates the servers dhparam.pem file

func (*Controller) AddOrUpdateSecretFile 

func (nginx *Controller) AddOrUpdateSecretFile(name string, content []byte, mode os.FileMode) string

AddOrUpdateSecretFile creates a file with the specified name, content and mode.

func (*Controller) DeleteIngress 

func (nginx *Controller) DeleteIngress(name string)

DeleteIngress deletes the configuration file, which corresponds for the specified ingress from NGINX conf directory

func (*Controller) DeleteSecretFile 

func (nginx *Controller) DeleteSecretFile(name string)

DeleteSecretFile the file with a Secret

func (*Controller) Quit 

func (nginx *Controller) Quit()

Quit shutdowns NGINX gracefully

func (*Controller) Reload 

func (nginx *Controller) Reload() error

Reload reloads NGINX

func (*Controller) Start 

func (nginx *Controller) Start(done chan error)

Start starts NGINX

func (*Controller) UpdateConfigVersionFile 

func (nginx *Controller) UpdateConfigVersionFile()

UpdateConfigVersionFile writes the config version file.

func (*Controller) UpdateIngressConfigFile 

func (nginx *Controller) UpdateIngressConfigFile(name string, cfg []byte)

UpdateIngressConfigFile writes the Ingress configuration file to the filesystem

func (*Controller) UpdateMainConfigFile 

func (nginx *Controller) UpdateMainConfigFile(cfg []byte)

UpdateMainConfigFile writes the main NGINX configuration file to the filesystem

type HealthCheck 

type HealthCheck struct {
	UpstreamName   string
	URI            string
	Interval       int32
	Fails          int32
	Passes         int32
	Scheme         string
	Mandatory      bool
	Headers        map[string]string
	TimeoutSeconds int64
}

HealthCheck describes an active HTTP health check

type Ingress 

type Ingress struct {
	Name        string
	Namespace   string
	Annotations map[string]string
}

Ingress holds information about an Ingress resource

type IngressEx 

type IngressEx struct {
	Ingress      *extensions.Ingress
	TLSSecrets   map[string]*api_v1.Secret
	JWTKey       JWTKey
	Endpoints    map[string][]string
	HealthChecks map[string]*api_v1.Probe
}

IngressEx holds an Ingress along with Secrets and Endpoints of the services that are referenced in this Ingress

func (*IngressEx) String 

func (ingEx *IngressEx) String() string

type IngressNginxConfig 

type IngressNginxConfig struct {
	Upstreams []Upstream
	Servers   []Server
	Keepalive string
	Ingress   Ingress
}

IngressNginxConfig describes an NGINX configuration

type JWTAuth 

type JWTAuth struct {
	Key                  string
	Realm                string
	Token                string
	RedirectLocationName string
}

JWTAuth holds JWT authentication configuration

type JWTKey 

type JWTKey struct {
	Name   string
	Secret *api_v1.Secret
}

JWTKey represents a secret that holds JSON Web Key

type JWTRedirectLocation 

type JWTRedirectLocation struct {
	Name     string
	LoginURL string
}

JWTRedirectLocation describes a location for redirecting client requests to a login URL for JWT Authentication

type Location 

type Location struct {
	LocationSnippets     []string
	Path                 string
	Upstream             Upstream
	ProxyConnectTimeout  string
	ProxyReadTimeout     string
	ClientMaxBodySize    string
	Websocket            bool
	Rewrite              string
	SSL                  bool
	GRPC                 bool
	ProxyBuffering       bool
	ProxyBuffers         string
	ProxyBufferSize      string
	ProxyMaxTempFileSize string
	JWTAuth              *JWTAuth

	MinionIngress *Ingress
}

Location describes an NGINX location

type MainConfig 

type MainConfig struct {
	ServerNamesHashBucketSize string
	ServerNamesHashMaxSize    string
	LogFormat                 string
	ErrorLogLevel             string
	StreamLogFormat           string
	HealthStatus              bool
	NginxStatus               bool
	NginxStatusAllowCIDRs     []string
	NginxStatusPort           int
	MainSnippets              []string
	HTTPSnippets              []string
	StreamSnippets            []string
	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html
	SSLProtocols           string
	SSLPreferServerCiphers bool
	SSLCiphers             string
	SSLDHParam             string
	HTTP2                  bool
	ServerTokens           string
	ProxyProtocol          bool
	WorkerProcesses        string
	WorkerCPUAffinity      string
	WorkerShutdownTimeout  string
	WorkerConnections      string
	WorkerRlimitNofile     string
}

MainConfig describe the main NGINX configuration file

func GenerateNginxMainConfig 

func GenerateNginxMainConfig(config *Config) *MainConfig

GenerateNginxMainConfig generate NginxMainConfig from Config

type MergeableIngresses 

type MergeableIngresses struct {
	Master  *IngressEx
	Minions []*IngressEx
}

MergeableIngresses is a mergeable ingress of a master and minions

type Server 

type Server struct {
	ServerSnippets        []string
	Name                  string
	ServerTokens          string
	Locations             []Location
	SSL                   bool
	SSLCertificate        string
	SSLCertificateKey     string
	SSLCiphers            string
	GRPCOnly              bool
	StatusZone            string
	HTTP2                 bool
	RedirectToHTTPS       bool
	SSLRedirect           bool
	ProxyProtocol         bool
	HSTS                  bool
	HSTSMaxAge            int64
	HSTSIncludeSubdomains bool
	ProxyHideHeaders      []string
	ProxyPassHeaders      []string

	HealthChecks map[string]HealthCheck

	// http://nginx.org/en/docs/http/ngx_http_realip_module.html
	RealIPHeader    string
	SetRealIPFrom   []string
	RealIPRecursive bool

	JWTAuth              *JWTAuth
	JWTRedirectLocations []JWTRedirectLocation

	Ports    []int
	SSLPorts []int
}

Server describes an NGINX server

type TemplateExecutor 

type TemplateExecutor struct {
	HealthStatus          bool
	NginxStatus           bool
	NginxStatusAllowCIDRs []string
	NginxStatusPort       int
	// contains filtered or unexported fields
}

TemplateExecutor executes NGINX configuration templates

func NewTemplateExecutor 

func NewTemplateExecutor(mainTemplatePath string, ingressTemplatePath string, healthStatus bool, nginxStatus bool, nginxStatusAllowCIDRs []string, nginxStatusPort int) (*TemplateExecutor, error)

NewTemplateExecutor creates a TemplateExecutor

func (*TemplateExecutor) ExecuteIngressConfigTemplate 

func (te *TemplateExecutor) ExecuteIngressConfigTemplate(cfg *IngressNginxConfig) ([]byte, error)

ExecuteIngressConfigTemplate generates the content of a NGINX configuration file for an Ingress resource

func (*TemplateExecutor) ExecuteMainConfigTemplate 

func (te *TemplateExecutor) ExecuteMainConfigTemplate(cfg *MainConfig) ([]byte, error)

ExecuteMainConfigTemplate generates the content of the main NGINX configuration file

func (*TemplateExecutor) UpdateIngressTemplate 

func (te *TemplateExecutor) UpdateIngressTemplate(templateString *string) error

UpdateIngressTemplate updates the ingress template

func (*TemplateExecutor) UpdateMainTemplate 

func (te *TemplateExecutor) UpdateMainTemplate(templateString *string) error

UpdateMainTemplate updates the main NGINX template

type Upstream 

type Upstream struct {
	Name            string
	UpstreamServers []UpstreamServer
	StickyCookie    string
	LBMethod        string
	Queue           int64
	QueueTimeout    int64
}

Upstream describes an NGINX upstream

func NewUpstreamWithDefaultServer 

func NewUpstreamWithDefaultServer(name string) Upstream

NewUpstreamWithDefaultServer creates an upstream with the default server. proxy_pass to an upstream with the default server returns 502. We use it for services that have no endpoints

type UpstreamServer 

type UpstreamServer struct {
	Address     string
	Port        string
	MaxFails    int
	FailTimeout string
	SlowStart   string
}

UpstreamServer describes a server in an NGINX upstream

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.