forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
types.go
143 lines (123 loc) · 5.81 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package templaterouter
import (
"strings"
routeapi "github.com/openshift/origin/pkg/route/apis/route"
)
// ServiceUnit represents a service and its endpoints.
type ServiceUnit struct {
// Name corresponds to a service name & namespace. Uniquely identifies the ServiceUnit
Name string
// Hostname is the name of this service.
Hostname string
// EndpointTable are endpoints that back the service, this translates into a final backend
// implementation for routers.
EndpointTable []Endpoint
}
// ServiceAliasConfig is a route for a service. Uniquely identified by host + path.
type ServiceAliasConfig struct {
// Name is the user-specified name of the route.
Name string
// Namespace is the namespace of the route.
Namespace string
// Host is a required host name ie. www.example.com
Host string
// Path is an optional path ie. www.example.com/myservice where "myservice" is the path
Path string
// TLSTermination is the termination policy for this backend and drives the mapping files and router configuration
TLSTermination routeapi.TLSTerminationType
// Certificates used for securing this backend. Keyed by the cert id
Certificates map[string]Certificate
// VerifyServiceHostname is true if the backend service(s) are expected to have serving certificates that sign for
// the name "service.namespace.svc".
VerifyServiceHostname bool
// Indicates the status of configuration that needs to be persisted. Right now this only
// includes the certificates and is not an indicator of being written to the underlying
// router implementation
Status ServiceAliasConfigStatus
// Indicates the port the user wishes to expose. If empty, a port will be selected for the service.
PreferPort string
// InsecureEdgeTerminationPolicy indicates desired behavior for
// insecure connections to an edge-terminated route:
// none (or disable), allow or redirect
InsecureEdgeTerminationPolicy routeapi.InsecureEdgeTerminationPolicyType
// Hash of the route name - used to obscure cookieId
RoutingKeyName string
// IsWildcard indicates this service unit needs wildcarding support.
IsWildcard bool
// Annotations attached to this route
Annotations map[string]string
// ServiceUnits is the weight for each service assigned to the route keyed by service name.
// It is used in calculating the weight for the server that is found in ServiceUnitNames
ServiceUnits map[string]int32
// ServiceUnitNames is the weight to apply to each endpoint of each service supporting this route.
// The key is the service name, the value is the scaled portion of the service weight to assign
// to each endpoint in the service.
ServiceUnitNames map[string]int32
// ActiveServiceUnits is a count of the service units with a non-zero weight
ActiveServiceUnits int
// ActiveEndpoints is a count of the route endpoints that are part of a service unit with a non-zero weight
ActiveEndpoints int
}
type ServiceAliasConfigStatus string
const (
// ServiceAliasConfigStatusSaved indicates that the necessary files for this config have
// been persisted to disk.
ServiceAliasConfigStatusSaved ServiceAliasConfigStatus = "saved"
)
// Certificate represents a pub/private key pair. It is identified by ID which will become the file name.
// A CA certificate will not have a PrivateKey set.
type Certificate struct {
ID string
Contents string
PrivateKey string
}
// Endpoint is an internal representation of a k8s endpoint.
type Endpoint struct {
ID string
IP string
Port string
TargetName string
PortName string
IdHash string
NoHealthCheck bool
}
// certificateManager provides the ability to write certificates for a ServiceAliasConfig
type certificateManager interface {
// WriteCertificatesForConfig writes all certificates for all ServiceAliasConfigs in config
WriteCertificatesForConfig(config *ServiceAliasConfig) error
// DeleteCertificatesForConfig deletes all certificates for all ServiceAliasConfigs in config
DeleteCertificatesForConfig(config *ServiceAliasConfig) error
// Commit commits all the changes made to the certificateManager.
Commit() error
// CertificateWriter provides direct access to the underlying writer if required
CertificateWriter() certificateWriter
}
// certManagerConfig provides the configuration necessary for certmanager to manipulate certificates.
type certificateManagerConfig struct {
// certKeyFunc is used to find the edge certificate (which also has the key) from the cert map
// of the ServiceAliasConfig
certKeyFunc certificateKeyFunc
// caCertKeyFunc is used to find the edge ca certificate from the cert map of the ServiceAliasConfig
caCertKeyFunc certificateKeyFunc
// destCertKeyFunc is used to find the ca certificate of a destination (pod) from the cert map
// of the ServiceAliasConfig
destCertKeyFunc certificateKeyFunc
// certDir is where the edge certificates will be written.
certDir string
// caCertDir is where the edge certificates will be written. It must be different than certDir
caCertDir string
}
// certificateKeyFunc provides the certificateManager a way to create keys the same way the template
// router creates them so it can retrieve the certificates from a ServiceAliasConfig correctly
type certificateKeyFunc func(config *ServiceAliasConfig) string
// certificateWriter is used by a certificateManager to perform the actual writing. It is abstracteed
// out in order to provide the ability to inject a test writer for unit testing
type certificateWriter interface {
WriteCertificate(directory string, id string, cert []byte) error
DeleteCertificate(directory, id string) error
}
//TemplateSafeName provides a name that can be used in the template that does not contain restricted
//characters like / which is used to concat namespace and name in the service unit key
func (s ServiceUnit) TemplateSafeName() string {
return strings.Replace(s.Name, "/", "-", -1)
}