-
Notifications
You must be signed in to change notification settings - Fork 8
/
methods.go
701 lines (587 loc) · 22.4 KB
/
methods.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
package configurator
import (
"encoding/json"
"fmt"
"os"
"strconv"
"strings"
"time"
corev1 "k8s.io/api/core/v1"
configv1alpha3 "github.com/flomesh-io/fsm/pkg/apis/config/v1alpha3"
"github.com/flomesh-io/fsm/pkg/auth"
"github.com/flomesh-io/fsm/pkg/constants"
"github.com/flomesh-io/fsm/pkg/errcode"
"github.com/flomesh-io/fsm/pkg/trafficpolicy"
)
const (
// defaultServiceCertValidityDuration is the default validity duration for service certificates
defaultServiceCertValidityDuration = 24 * time.Hour
// defaultIngressGatewayCertValidityDuration is the default validity duration for ingress gateway certificates
defaultIngressGatewayCertValidityDuration = 24 * time.Hour
// defaultCertKeyBitSize is the default certificate key bit size
defaultCertKeyBitSize = 2048
// minCertKeyBitSize is the minimum certificate key bit size
minCertKeyBitSize = 2048
// maxCertKeyBitSize is the maximum certificate key bit size
maxCertKeyBitSize = 4096
)
// The functions in this file implement the configurator.Configurator interface
// GetMeshConfig returns the MeshConfig resource corresponding to the control plane
func (c *Client) GetMeshConfig() configv1alpha3.MeshConfig {
return c.getMeshConfig()
}
// GetFSMNamespace returns the namespace in which the FSM controller pod resides.
func (c *Client) GetFSMNamespace() string {
return c.fsmNamespace
}
func marshalConfigToJSON(config configv1alpha3.MeshConfigSpec) (string, error) {
bytes, err := json.MarshalIndent(&config, "", " ")
if err != nil {
return "", err
}
return string(bytes), nil
}
// GetMeshConfigJSON returns the MeshConfig in pretty JSON.
func (c *Client) GetMeshConfigJSON() (string, error) {
cm, err := marshalConfigToJSON(c.getMeshConfig().Spec)
if err != nil {
log.Error().Err(err).Str(errcode.Kind, errcode.GetErrCodeWithMetric(errcode.ErrMeshConfigMarshaling)).Msgf("Error marshaling MeshConfig %s: %+v", c.getMeshConfigCacheKey(), c.getMeshConfig())
return "", err
}
return cm, nil
}
// GetTrafficInterceptionMode returns the traffic interception mode
func (c *Client) GetTrafficInterceptionMode() string {
return c.getMeshConfig().Spec.Traffic.InterceptionMode
}
// IsPermissiveTrafficPolicyMode tells us whether the FSM Control Plane is in permissive mode,
// where all existing traffic is allowed to flow as it is,
// or it is in SMI Spec mode, in which only traffic between source/destinations
// referenced in SMI policies is allowed.
func (c *Client) IsPermissiveTrafficPolicyMode() bool {
return c.getMeshConfig().Spec.Traffic.EnablePermissiveTrafficPolicyMode
}
// GetServiceAccessMode tells us which service access mode,
func (c *Client) GetServiceAccessMode() string {
return c.getMeshConfig().Spec.Traffic.ServiceAccessMode
}
// IsEgressEnabled determines whether egress is globally enabled in the mesh or not.
func (c *Client) IsEgressEnabled() bool {
return c.getMeshConfig().Spec.Traffic.EnableEgress
}
// IsDebugServerEnabled determines whether fsm debug HTTP server is enabled
func (c *Client) IsDebugServerEnabled() bool {
return c.getMeshConfig().Spec.Observability.EnableDebugServer
}
// IsTracingEnabled returns whether tracing is enabled
func (c *Client) IsTracingEnabled() bool {
return c.getMeshConfig().Spec.Observability.Tracing.Enable
}
// IsLocalDNSProxyEnabled returns whether local DNS proxy is enabled
func (c *Client) IsLocalDNSProxyEnabled() bool {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.Enable
}
// IsSearchesWithNamespace returns whether dns searches contains namespace
func (c *Client) IsSearchesWithNamespace() bool {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.SearchesWithNamespace
}
// IsSearchesWithTrustDomain returns whether dns searches contains trust domain
func (c *Client) IsSearchesWithTrustDomain() bool {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.SearchesWithTrustDomain
}
// IsWildcardDNSProxyEnabled returns whether wildcard DNS proxy is enabled
func (c *Client) IsWildcardDNSProxyEnabled() bool {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.Wildcard.Enable
}
// GetLocalDNSProxyPrimaryUpstream returns the primary upstream DNS server for local DNS Proxy
func (c *Client) GetLocalDNSProxyPrimaryUpstream() string {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.PrimaryUpstreamDNSServerIPAddr
}
// GetLocalDNSProxySecondaryUpstream returns the secondary upstream DNS server for local DNS Proxy
func (c *Client) GetLocalDNSProxySecondaryUpstream() string {
return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.SecondaryUpstreamDNSServerIPAddr
}
// GetTracingHost is the host to which we send tracing spans
func (c *Client) GetTracingHost() string {
tracingAddress := c.getMeshConfig().Spec.Observability.Tracing.Address
if tracingAddress != "" {
return tracingAddress
}
return fmt.Sprintf("%s.%s.svc.cluster.local", constants.DefaultTracingHost, c.GetFSMNamespace())
}
// GetTracingPort returns the tracing listener port
func (c *Client) GetTracingPort() uint32 {
tracingPort := c.getMeshConfig().Spec.Observability.Tracing.Port
if tracingPort != 0 {
return uint32(tracingPort)
}
return constants.DefaultTracingPort
}
// GetTracingEndpoint returns the listener's collector endpoint
func (c *Client) GetTracingEndpoint() string {
tracingEndpoint := c.getMeshConfig().Spec.Observability.Tracing.Endpoint
if tracingEndpoint != "" {
return tracingEndpoint
}
return constants.DefaultTracingEndpoint
}
// GetTracingSampledFraction returns the sampled fraction
func (c *Client) GetTracingSampledFraction() float32 {
sampledFraction := c.getMeshConfig().Spec.Observability.Tracing.SampledFraction
if sampledFraction != nil && len(*sampledFraction) > 0 {
if v, e := strconv.ParseFloat(*sampledFraction, 32); e == nil {
return float32(v)
}
}
return 1
}
// IsRemoteLoggingEnabled returns whether remote logging is enabled
func (c *Client) IsRemoteLoggingEnabled() bool {
return c.getMeshConfig().Spec.Observability.RemoteLogging.Enable
}
// GetRemoteLoggingLevel returns the remote logging level
func (c *Client) GetRemoteLoggingLevel() uint16 {
return c.getMeshConfig().Spec.Observability.RemoteLogging.Level
}
// GetRemoteLoggingHost is the host to which we send logging spans
func (c *Client) GetRemoteLoggingHost() string {
remoteLoggingAddress := c.getMeshConfig().Spec.Observability.RemoteLogging.Address
if remoteLoggingAddress != "" {
return remoteLoggingAddress
}
return ""
}
// GetRemoteLoggingPort returns the remote logging listener port
func (c *Client) GetRemoteLoggingPort() uint32 {
remoteLoggingPort := c.getMeshConfig().Spec.Observability.RemoteLogging.Port
if remoteLoggingPort != 0 {
return uint32(remoteLoggingPort)
}
return 0
}
// GetRemoteLoggingEndpoint returns the collector endpoint
func (c *Client) GetRemoteLoggingEndpoint() string {
remoteLoggingEndpoint := c.getMeshConfig().Spec.Observability.RemoteLogging.Endpoint
if remoteLoggingEndpoint != "" {
return remoteLoggingEndpoint
}
return ""
}
// GetRemoteLoggingAuthorization returns the access entity that allows to authorize someone in remote logging service.
func (c *Client) GetRemoteLoggingAuthorization() string {
remoteLoggingAuthorization := c.getMeshConfig().Spec.Observability.RemoteLogging.Authorization
if remoteLoggingAuthorization != "" {
return remoteLoggingAuthorization
}
return ""
}
// GetRemoteLoggingSampledFraction returns the sampled fraction
func (c *Client) GetRemoteLoggingSampledFraction() float32 {
sampledFraction := c.getMeshConfig().Spec.Observability.RemoteLogging.SampledFraction
if sampledFraction != nil && len(*sampledFraction) > 0 {
if v, e := strconv.ParseFloat(*sampledFraction, 32); e == nil {
return float32(v)
}
}
return 1
}
// GetRemoteLoggingSecretName returns the name of the secret that contains the credentials to access the remote logging service.
func (c *Client) GetRemoteLoggingSecretName() string {
return c.getMeshConfig().Spec.Observability.RemoteLogging.SecretName
}
// GetMaxDataPlaneConnections returns the max data plane connections allowed, 0 if disabled
func (c *Client) GetMaxDataPlaneConnections() int {
return c.getMeshConfig().Spec.Sidecar.MaxDataPlaneConnections
}
// GetSidecarTimeout returns connect/idle/read/write timeout
func (c *Client) GetSidecarTimeout() int {
timeout := c.getMeshConfig().Spec.Sidecar.SidecarTimeout
if timeout <= 0 {
timeout = 60
}
return timeout
}
// GetSidecarLogLevel returns the sidecar log level
func (c *Client) GetSidecarLogLevel() string {
logLevel := c.getMeshConfig().Spec.Sidecar.LogLevel
if logLevel != "" {
return logLevel
}
return constants.DefaultSidecarLogLevel
}
// GetSidecarClass returns the sidecar class
func (c *Client) GetSidecarClass() string {
return constants.SidecarClassPipy
}
// GetSidecarImage returns the sidecar image
func (c *Client) GetSidecarImage() string {
image := c.getMeshConfig().Spec.Sidecar.SidecarImage
if len(image) == 0 {
image = os.Getenv("FSM_DEFAULT_SIDECAR_IMAGE")
}
return image
}
// GetInitContainerImage returns the init container image
func (c *Client) GetInitContainerImage() string {
return os.Getenv("FSM_DEFAULT_INIT_CONTAINER_IMAGE")
}
// GetProxyServerPort returns the port on which the Discovery Service listens for new connections from Sidecars
func (c *Client) GetProxyServerPort() uint32 {
port := c.getMeshConfig().Spec.RepoServer.Port
if port > 0 {
return uint32(port)
}
return constants.ProxyServerPort
}
// GetSidecarDisabledMTLS returns the status of mTLS
func (c *Client) GetSidecarDisabledMTLS() bool {
return c.getMeshConfig().Spec.Sidecar.SidecarDisabledMTLS
}
// GetRepoServerIPAddr returns the ip address of RepoServer
func (c *Client) GetRepoServerIPAddr() string {
ipAddr := os.Getenv("FSM_REPO_SERVER_IPADDR")
if len(ipAddr) == 0 {
ipAddr = c.getMeshConfig().Spec.RepoServer.IPAddr
}
if len(ipAddr) == 0 {
ipAddr = "127.0.0.1"
}
return ipAddr
}
// GetRepoServerCodebase returns the codebase of RepoServer
func (c *Client) GetRepoServerCodebase() string {
codebase := os.Getenv("FSM_REPO_SERVER_CODEBASE")
if len(codebase) == 0 {
codebase = c.getMeshConfig().Spec.RepoServer.Codebase
}
if len(codebase) > 0 && strings.HasSuffix(codebase, "/") {
codebase = strings.TrimSuffix(codebase, "/")
}
if len(codebase) > 0 && strings.HasPrefix(codebase, "/") {
codebase = strings.TrimPrefix(codebase, "/")
}
return codebase
}
// GetServiceCertValidityPeriod returns the validity duration for service certificates, and a default in case of invalid duration
func (c *Client) GetServiceCertValidityPeriod() time.Duration {
durationStr := c.getMeshConfig().Spec.Certificate.ServiceCertValidityDuration
validityDuration, err := time.ParseDuration(durationStr)
if err != nil {
log.Error().Err(err).Msgf("Error parsing service certificate validity duration %s", durationStr)
return defaultServiceCertValidityDuration
}
return validityDuration
}
// GetIngressGatewayCertValidityPeriod returns the validity duration for ingress gateway certificates, and a default in case of unspecified or invalid duration
func (c *Client) GetIngressGatewayCertValidityPeriod() time.Duration {
ingressGatewayCertSpec := c.getMeshConfig().Spec.Certificate.IngressGateway
if ingressGatewayCertSpec == nil {
log.Warn().Msgf("Attempting to get the ingress gateway certificate validity duration even though a cert has not been specified in the mesh config")
return defaultIngressGatewayCertValidityDuration
}
validityDuration, err := time.ParseDuration(ingressGatewayCertSpec.ValidityDuration)
if err != nil {
log.Error().Err(err).Msgf("Error parsing ingress gateway certificate validity duration %s", ingressGatewayCertSpec.ValidityDuration)
return defaultServiceCertValidityDuration
}
return validityDuration
}
// GetCertKeyBitSize returns the certificate key bit size to be used
func (c *Client) GetCertKeyBitSize() int {
bitSize := c.getMeshConfig().Spec.Certificate.CertKeyBitSize
if bitSize < minCertKeyBitSize || bitSize > maxCertKeyBitSize {
log.Error().Msgf("Invalid key bit size: %d", bitSize)
return defaultCertKeyBitSize
}
return bitSize
}
// IsPrivilegedInitContainer returns whether init containers should be privileged
func (c *Client) IsPrivilegedInitContainer() bool {
return c.getMeshConfig().Spec.Sidecar.EnablePrivilegedInitContainer
}
// GetConfigResyncInterval returns the duration for resync interval.
// If error or non-parsable value, returns 0 duration
func (c *Client) GetConfigResyncInterval() time.Duration {
resyncDuration := c.getMeshConfig().Spec.Sidecar.ConfigResyncInterval
duration, err := time.ParseDuration(resyncDuration)
if err != nil {
log.Warn().Msgf("Error parsing config resync interval: %s", duration)
return time.Duration(0)
}
return duration
}
// GetProxyResources returns the `Resources` configured for proxies, if any
func (c *Client) GetProxyResources() corev1.ResourceRequirements {
return c.getMeshConfig().Spec.Sidecar.Resources
}
// GetInjectedInitResources returns the `Resources` configured for proxies, if any
func (c *Client) GetInjectedInitResources() corev1.ResourceRequirements {
return c.getMeshConfig().Spec.Sidecar.InitResources
}
// GetInjectedHealthcheckResources returns the `Resources` configured for proxies, if any
func (c *Client) GetInjectedHealthcheckResources() corev1.ResourceRequirements {
return c.getMeshConfig().Spec.Sidecar.HealthcheckResources
}
// GetInboundExternalAuthConfig returns the External Authentication configuration for incoming traffic, if any
func (c *Client) GetInboundExternalAuthConfig() auth.ExtAuthConfig {
extAuthConfig := auth.ExtAuthConfig{}
inboundExtAuthzMeshConfig := c.getMeshConfig().Spec.Traffic.InboundExternalAuthorization
extAuthConfig.Enable = inboundExtAuthzMeshConfig.Enable
extAuthConfig.Address = inboundExtAuthzMeshConfig.Address
extAuthConfig.Port = uint16(inboundExtAuthzMeshConfig.Port)
extAuthConfig.StatPrefix = inboundExtAuthzMeshConfig.StatPrefix
extAuthConfig.FailureModeAllow = inboundExtAuthzMeshConfig.FailureModeAllow
duration, err := time.ParseDuration(inboundExtAuthzMeshConfig.Timeout)
if err != nil {
log.Debug().Err(err).Msgf("ExternAuthzTimeout: Not a valid duration %s. defaulting to 1s.", duration)
duration = 1 * time.Second
}
extAuthConfig.AuthzTimeout = duration
return extAuthConfig
}
// GetFeatureFlags returns FSM's feature flags
func (c *Client) GetFeatureFlags() configv1alpha3.FeatureFlags {
return c.getMeshConfig().Spec.FeatureFlags
}
// GetFSMLogLevel returns the configured FSM log level
func (c *Client) GetFSMLogLevel() string {
return c.getMeshConfig().Spec.Observability.FSMLogLevel
}
// GetGlobalPluginChains returns plugin chains
func (c *Client) GetGlobalPluginChains() map[string][]trafficpolicy.Plugin {
pluginChainMap := make(map[string][]trafficpolicy.Plugin)
pluginChainSpec := c.getMeshConfig().Spec.PluginChains
inboundTCPChains := make([]trafficpolicy.Plugin, 0)
for _, plugin := range pluginChainSpec.InboundTCPChains {
if plugin.Disable {
continue
}
inboundTCPChains = append(inboundTCPChains, trafficpolicy.Plugin{
Name: plugin.Plugin,
Priority: plugin.Priority,
BuildIn: true,
})
}
inboundHTTPChains := make([]trafficpolicy.Plugin, 0)
for _, plugin := range pluginChainSpec.InboundHTTPChains {
if plugin.Disable {
continue
}
inboundHTTPChains = append(inboundHTTPChains, trafficpolicy.Plugin{
Name: plugin.Plugin,
Priority: plugin.Priority,
BuildIn: true,
})
}
outboundTCPChains := make([]trafficpolicy.Plugin, 0)
for _, plugin := range pluginChainSpec.OutboundTCPChains {
if plugin.Disable {
continue
}
outboundTCPChains = append(outboundTCPChains, trafficpolicy.Plugin{
Name: plugin.Plugin,
Priority: plugin.Priority,
BuildIn: true,
})
}
outboundHTTPChains := make([]trafficpolicy.Plugin, 0)
for _, plugin := range pluginChainSpec.OutboundHTTPChains {
if plugin.Disable {
continue
}
outboundHTTPChains = append(outboundHTTPChains, trafficpolicy.Plugin{
Name: plugin.Plugin,
Priority: plugin.Priority,
BuildIn: true,
})
}
pluginChainMap["inbound-tcp"] = inboundTCPChains
pluginChainMap["inbound-http"] = inboundHTTPChains
pluginChainMap["outbound-tcp"] = outboundTCPChains
pluginChainMap["outbound-http"] = outboundHTTPChains
return pluginChainMap
}
// IsGatewayAPIEnabled returns whether GatewayAPI is enabled
func (c *Client) IsGatewayAPIEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.Enabled && !mcSpec.Ingress.Enabled
}
// GetFSMGatewayLogLevel returns log level of FSM Gateway
func (c *Client) GetFSMGatewayLogLevel() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.LogLevel
}
// GetFGWLogLevel returns log level of FGW
func (c *Client) GetFGWLogLevel() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.FGWLogLevel
}
// IsFGWStripAnyHostPort returns whether to strip any host port
func (c *Client) IsFGWStripAnyHostPort() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.StripAnyHostPort
}
// IsFGWProxyPreserveHost returns whether to preserve host
func (c *Client) IsFGWProxyPreserveHost() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.ProxyPreserveHost
}
// GetFGWSSLPassthroughUpstreamPort returns the default upstream port that FGW used for SSL Passthrough
func (c *Client) GetFGWSSLPassthroughUpstreamPort() int32 {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.SSLPassthroughUpstreamPort
}
// IsFGWHTTP1PerRequestLoadBalancingEnabled returns whether per-request load balancing is enabled for HTTP1 protocol
func (c *Client) IsFGWHTTP1PerRequestLoadBalancingEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.HTTP1PerRequestLoadBalancing
}
// IsFGWHTTP2PerRequestLoadBalancingEnabled returns whether per-request load balancing is enabled for HTTP2 protocol
func (c *Client) IsFGWHTTP2PerRequestLoadBalancingEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.HTTP2PerRequestLoadBalancing
}
func (c *Client) GetFGWProxyTag() configv1alpha3.ProxyTag {
mcSpec := c.getMeshConfig().Spec
return mcSpec.GatewayAPI.ProxyTag
}
// IsIngressEnabled returns whether Ingress is enabled
func (c *Client) IsIngressEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Ingress.Enabled && !mcSpec.GatewayAPI.Enabled
}
// IsNamespacedIngressEnabled returns whether Namespaced Ingress is enabled
func (c *Client) IsNamespacedIngressEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return c.IsIngressEnabled() && mcSpec.Ingress.Namespaced
}
// IsServiceLBEnabled returns whether ServiceLB is enabled
func (c *Client) IsServiceLBEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.ServiceLB.Enabled
}
// IsFLBEnabled returns whether FLB is enabled
func (c *Client) IsFLBEnabled() bool {
mcSpec := c.getMeshConfig().Spec
return mcSpec.FLB.Enabled
}
func (c *Client) GetFLBUpstreamMode() configv1alpha3.FLBUpstreamMode {
mcSpec := c.getMeshConfig().Spec
return mcSpec.FLB.UpstreamMode
}
// IsMultiClusterControlPlane returns whether current cluster is the control plane of a multi cluster set
func (c *Client) IsMultiClusterControlPlane() bool {
clusterSet := c.getMeshConfig().Spec.ClusterSet
return clusterSet.ControlPlaneUID == "" ||
clusterSet.UID == clusterSet.ControlPlaneUID
}
// GetImageRegistry returns the image registry
func (c *Client) GetImageRegistry() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Image.Registry
}
// GetImageTag returns the image tag
func (c *Client) GetImageTag() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Image.Tag
}
func (c *Client) GetImagePullPolicy() corev1.PullPolicy {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Image.PullPolicy
}
// ServiceLBImage returns the image for service load balancer
func (c *Client) ServiceLBImage() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.ServiceLB.Image
}
func (c *Client) GetCurlImage() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Misc.CurlImage
}
// GetFLBSecretName returns the secret name for FLB
func (c *Client) GetFLBSecretName() string {
return c.getMeshConfig().Spec.FLB.SecretName
}
// IsFLBStrictModeEnabled returns whether FLB is in strict mode
func (c *Client) IsFLBStrictModeEnabled() bool {
return c.getMeshConfig().Spec.FLB.StrictMode
}
// IsManaged returns whether the cluster is managed
func (c *Client) IsManaged() bool {
return c.getMeshConfig().Spec.ClusterSet.IsManaged
}
// GetClusterUID returns the UID of the cluster
func (c *Client) GetClusterUID() string {
return c.getMeshConfig().Spec.ClusterSet.UID
}
// GetMultiClusterControlPlaneUID returns the UID of the control plane of the multi cluster set
func (c *Client) GetMultiClusterControlPlaneUID() string {
return c.getMeshConfig().Spec.ClusterSet.ControlPlaneUID
}
// IsIngressTLSEnabled returns whether TLS is enabled for ingress
func (c *Client) IsIngressTLSEnabled() bool {
tls := c.getMeshConfig().Spec.Ingress.TLS
if tls != nil {
return tls.Enabled
}
return false
}
// GetIngressTLSListenPort returns the port that ingress listens on for TLS
func (c *Client) GetIngressTLSListenPort() int32 {
tls := c.getMeshConfig().Spec.Ingress.TLS
if tls != nil {
return tls.Listen
}
return 443
}
// IsIngressMTLSEnabled returns whether mTLS is enabled for ingress
func (c *Client) IsIngressMTLSEnabled() bool {
tls := c.getMeshConfig().Spec.Ingress.TLS
if tls != nil {
return tls.MTLS
}
return false
}
// IsIngressSSLPassthroughEnabled returns whether SSL Passthrough is enabled for ingress
func (c *Client) IsIngressSSLPassthroughEnabled() bool {
tls := c.getMeshConfig().Spec.Ingress.TLS
if tls != nil {
if passthrough := tls.SSLPassthrough; passthrough != nil {
return passthrough.Enabled
}
return false
}
return false
}
// GetIngressSSLPassthroughUpstreamPort returns the port that ingress listens on for SSL Passthrough
func (c *Client) GetIngressSSLPassthroughUpstreamPort() int32 {
tls := c.getMeshConfig().Spec.Ingress.TLS
if tls != nil {
if passthrough := tls.SSLPassthrough; passthrough != nil {
return passthrough.UpstreamPort
}
return 443
}
return 443
}
// IsIngressHTTPEnabled returns whether HTTP is enabled for ingress
func (c *Client) IsIngressHTTPEnabled() bool {
http := c.getMeshConfig().Spec.Ingress.HTTP
if http != nil {
return http.Enabled
}
return false
}
// GetIngressHTTPListenPort returns the port that ingress listens on for HTTP
func (c *Client) GetIngressHTTPListenPort() int32 {
http := c.getMeshConfig().Spec.Ingress.HTTP
if http != nil {
return http.Listen
}
return 80
}
// GetFSMIngressLogLevel returns the log level of ingress
func (c *Client) GetFSMIngressLogLevel() string {
mcSpec := c.getMeshConfig().Spec
return mcSpec.Ingress.LogLevel
}