From 2addf39a1cbaa55e5a875b3a2a2156488f3ada07 Mon Sep 17 00:00:00 2001 From: Alay Patel Date: Fri, 12 Nov 2021 17:08:51 -0500 Subject: [PATCH] fixups: add comments and documentations Signed-off-by: Alay Patel --- transport/stunnel/server.go | 8 ++++++-- transport/transport.go | 17 ++++++++++++++--- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/transport/stunnel/server.go b/transport/stunnel/server.go index 5ec5cdb..ad7a1c3 100644 --- a/transport/stunnel/server.go +++ b/transport/stunnel/server.go @@ -19,13 +19,17 @@ import ( ) const ( + // TCP_NODELAY=1 bypasses Nagle's Delay algorithm + // this means that the tcp stack does not way of receiving an acc + // before sending the next packet https://en.wikipedia.org/wiki/Nagle%27s_algorithm + // At scale setting/unsetting this option might drive different network characteristics stunnelServerConfTemplate = `foreground = yes pid = socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 -sslVersion = TLSv1.2 -[rsync] +sslVersion = TLSv1.3 +[transfer] accept = {{ $.acceptPort }} connect = {{ $.connectPort }} key = /etc/stunnel/certs/tls.key diff --git a/transport/transport.go b/transport/transport.go index d1a65ed..599d9d7 100644 --- a/transport/transport.go +++ b/transport/transport.go @@ -17,6 +17,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) +// Transport exposes the methods required for transfers to add +// a tunneling mechanism for the traffic sent over the network. type Transport interface { // NamespacedName returns the namespaced name to identify this transport Transport NamespacedName() types.NamespacedName @@ -44,15 +46,24 @@ type Transport interface { MarkForCleanup(ctx context.Context, c client.Client, key, value string) error } +// Options allows users of the transport to configure certain field type Options struct { + // Labels will be applied to objects reconciled by the transport Labels map[string]string + // Owners will be applied to all objects reconciled by the transport Owners []metav1.OwnerReference - Image string + // Image allows for specifying the image used for running the transport containers + Image string - ProxyURL string + // ProxyURL is used if the cluster is behind a proxy + ProxyURL string + // ProxyUsername username for connecting to the proxy ProxyUsername string + // ProxyPassword password for connecting to the proxy ProxyPassword string - NoVerifyCA bool + // NoVerifyCA allows you to override verification of TLS certs + NoVerifyCA bool + // CAVerifyLevel the level at which CA certs will be verify if NoVerifyCA is false CAVerifyLevel string }