proxy

package
v0.27.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 27, 2025 License: Apache-2.0 Imports: 40 Imported by: 2

Documentation

Overview

Package proxy provides a reverse proxy that accepts client certificates and forwards Common Name and Organizations to backend API servers in HTTP headers. The proxy terminates client TLS and communicates with API servers via mTLS. Traffic is routed based on paths.

An example configuration:

  • path: /services/ backend: https://localhost:6444 backend_server_ca: certs/kcp-ca-cert.pem proxy_client_cert: certs/proxy-client-cert.pem proxy_client_key: certs/proxy-client-key.pem
  • path: / backend: https://localhost:6443 backend_server_ca: certs/kcp-ca-cert.pem proxy_client_cert: certs/proxy-client-cert.pem proxy_client_key: certs/proxy-client-key.pem

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHandler 

func NewHandler(ctx context.Context, o *proxyoptions.Options, index index.Index) (http.Handler, error)

func ShardURLFrom 

func ShardURLFrom(ctx context.Context) *url.URL

func WithProxyAuthHeaders 

func WithProxyAuthHeaders(delegate http.Handler, userHeader, groupHeader string, extraHeaderPrefix string) http.HandlerFunc

WithProxyAuthHeaders does client cert termination by extracting the user and groups and passing them through access headers to the shard.

func WithShardURL 

func WithShardURL(parent context.Context, shardURL *url.URL) context.Context

Types

type CompletedConfig added in v0.9.0 

type CompletedConfig struct {
	// contains filtered or unexported fields
}

type Config added in v0.9.0 

type Config struct {
	Options *proxyoptions.Options

	ExtraConfig
}

func NewConfig added in v0.9.0 

func NewConfig(ctx context.Context, opts *proxyoptions.Options) (*Config, error)

NewConfig returns a new Config for the given options.

func (*Config) Complete added in v0.9.0 

func (c *Config) Complete() (CompletedConfig, error)

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type ExtraConfig added in v0.9.0 

type ExtraConfig struct {
	// resolveIdentities is to be called on server start until it succeeds. It injects the kcp
	// resource identities into the rest.Config used by the client. Only after it succeeds,
	// the clients can wildcard-list/watch most kcp resources.
	ResolveIdentities func(ctx context.Context) error
	RootShardConfig   *rest.Config
	ShardsConfig      *rest.Config

	AuthenticationInfo    genericapiserver.AuthenticationInfo
	ServingInfo           *genericapiserver.SecureServingInfo
	AdditionalAuthEnabled bool
}

type Server added in v0.9.0 

type Server struct {
	CompletedConfig
	Handler                  http.Handler
	IndexController          *index.Controller
	KcpSharedInformerFactory kcpinformers.SharedScopedInformerFactory
}

func NewServer added in v0.9.0 

func NewServer(ctx context.Context, c CompletedConfig) (*Server, error)

func (*Server) PrepareRun added in v0.9.0 

func (s *Server) PrepareRun(ctx context.Context) (preparedServer, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.