Categorygithub.com/szymongib/kymacomponentsapi-controller
package
0.0.0-20190628093746-affaa533fc2e
Repository: https://github.com/szymongib/kyma.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

API Controller

Overview

The Kyma API Controller is a core component that manages Istio authentication policies and VirtualServices, and allows to expose services using the Kyma Console or API resources. It is implemented according to the Kubernetes Operator principles and operates on api.gateway.kyma-project.io CustomResourceDefinition (CRD) resources.

This Helm chart defines the component's installation.

Prerequisites

You need these tools to work with the API Controller:

Details

This section describes how to run the controller locally, how to build the Docker image for the production environment, how to use the environment variables, and how to test the Kyma API Controller.

Run the component locally

Run Minikube with Istio to use the API Controller locally. Run this command to run the application without building the binary:

$ go run cmd/controller/main.go

Use environment variables

Use these environment variables to configure the application:

NameRequiredDefaultDescriptionPossible values
API_CONTROLLER_LOG_LEVELNoinfoShow detailed logs in the application.info, debug
DEFAULT_ISSUERYes-Used to set default issuer in the Policy.any string
DEFAULT_JWKS_URIYes-Used to set default jwksUri in the Policy.any string
GATEWAY_FQDNYes-Used to set gateway in the Virtual Service specification.any string
DOMAIN_NAMEYes-Used to set a hostname in the Virtual Service specification if a short version of the hostname is provided.any string
CORS_ALLOW_ORIGINNo""Used to set the corsPolicy.allowOrigin field in the specification of the Virtual Service."*" or comma-separated list of origins
CORS_ALLOW_METHODSNo""Used to set the corsPolicy.allowMethods field in the specification of the Virtual Service.comma-separated list of methods
CORS_ALLOW_HEADERSNo""Used to set the corsPolicy.allowHeaders field in the specification of the Virtual Service."*" or comma-separated list of headers
BLACKLISTED_SERVICESNo""Used to defined a list of services for which the API Controller doesn't create Virtual Services or Policies.Comma-separated list of services and their source Namespace in the {SERVICE_NAME}.{NAMESPACE} format.

Blacklisted services

The API Controller doesn't create a Virtual Service or Authentication Policies for these services:

  • kubernetes.default
  • istio-citadel.istio-system
  • istio-galley.istio-system
  • istio-ingressgateway.istio-system
  • istio-pilot.istio-system
  • istio-policy.istio-system
  • istio-sidecar-injector.istio-system
  • istio-telemetry.istio-system
  • apiserver-proxy.kyma-system
  • apiserver-proxy-ssl.kyma-system

Test

Run all tests:

$ go test -v ./...

Run all tests with coverage:

$ go test -coverprofile=coverage_report.out -v ./...

Run unit tests only:

$ go test -short -v ./...

Run unit tests with coverage:

go test -short -coverprofile=coverage_report.out -v ./...

Run integration tests only:

$ go test -run Integration -v ./...

# Packages

No description provided by the author
No description provided by the author