Documentation
¶
Overview ¶
Package egressservices contains shared types for exposing tailnet services to cluster workloads. These are split into a separate package for consumption of non-Kubernetes shared libraries and binaries. Be mindful of not increasing dependency size for those consumers when adding anything new here.
Index ¶
Constants ¶
const ( // KeyEgressServices is name of the proxy state Secret field that contains the // currently applied egress proxy config. KeyEgressServices = "egress-services" // KeyHEPPings is the number of times an egress service health check endpoint needs to be pinged to ensure that // each currently configured backend is hit. In practice, it depends on the number of ProxyGroup replicas. KeyHEPPings = "hep-pings" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
HealthCheckEndpoint string `json:"healthCheckEndpoint"`
// TailnetTarget is the target to which cluster traffic for this service
// should be proxied.
TailnetTarget TailnetTarget `json:"tailnetTarget"`
// Ports contains mappings for ports that can be accessed on the tailnet target.
Ports PortMaps `json:"ports"`
}
Config is an egress service configuration. TODO(irbekrm): version this?
type Configs ¶
Configs contains the desired configuration for egress services keyed by service name.
type PortMap ¶
type PortMap struct {
Protocol string `json:"protocol"`
MatchPort uint16 `json:"matchPort"`
TargetPort uint16 `json:"targetPort"`
}
PorMap is a mapping between match port on which proxy receives cluster traffic and target port where traffic received on match port should be fowardded to.
type PortMaps ¶
type PortMaps map[PortMap]struct{}
func (PortMaps) MarshalJSON ¶
func (*PortMaps) UnmarshalJSON ¶
type ServiceStatus ¶
type ServiceStatus struct {
Ports PortMaps `json:"ports"`
// TailnetTargetIPs are the tailnet target IPs that were used to
// configure these firewall rules. For a TailnetTarget with IP set, this
// is the same as IP.
TailnetTargetIPs []netip.Addr `json:"tailnetTargetIPs"`
TailnetTarget TailnetTarget `json:"tailnetTarget"`
}
ServiceStatus is the currently configured firewall rules for an egress service.
type Status ¶
type Status struct {
PodIPv4 string `json:"podIPv4"`
// All egress service status keyed by service name.
Services map[string]*ServiceStatus `json:"services"`
}
Status represents the currently configured firewall rules for all egress services for a proxy identified by the PodIP.
type TailnetTarget ¶
type TailnetTarget struct {
// IP is the tailnet IP of the target.
IP string `json:"ip"`
// FQDN is the full tailnet FQDN of the target.
FQDN string `json:"fqdn"`
}
TailnetTarget is the tailnet target to which traffic for the egress service should be proxied. Exactly one of IP or FQDN should be set.
Source Files