aws

package
v0.0.0-...-607a5b3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2020 License: Apache-2.0 Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source 
const MaxReadThenCreateRetries = 30

MaxReadThenCreateRetries sets the maximum number of attempts we will make when we read to see if something exists and then try to create it if we didn't find it. This can fail once in a consistent system if done in parallel In an eventually consistent system, it could fail unboundedly

View Source 
const ProviderName = "aws"

ProviderName is the name of this cloud provider.

View Source 
const TagNameKubernetesCluster = "KubernetesCluster"

TagNameKubernetesCluster is the tag name we use to differentiate multiple logically independent clusters running in the same AZ

View Source 
const TagNameVoyagerCluster = "VoyagerCluster"

TagNameVoyagerCluster is Voyager's version of `TagNameKubernetesCluster`. This is kept separate to avoid errors like: https://github.com/appscode/voyager/pull/397

Variables

View Source 
var WellKnownRegions = [...]string{

	"ap-northeast-1",
	"ap-northeast-2",
	"ap-south-1",
	"ap-southeast-1",
	"ap-southeast-2",
	"ca-central-1",
	"eu-central-1",
	"eu-west-1",
	"eu-west-2",
	"sa-east-1",
	"us-east-1",
	"us-east-2",
	"us-west-1",
	"us-west-2",

	"cn-north-1",
	"us-gov-west-1",
}

WellKnownRegions is the complete list of regions known to the AWS cloudprovider and credentialprovider.

Functions

func RecognizeRegion 

func RecognizeRegion(region string)

RecognizeRegion is called for each AWS region we know about. It currently registers a credential provider for that region. There are two paths to discovering a region:

  • we hard-code some well-known regions
  • if a region is discovered from instance metadata, we add that

func RecognizeWellKnownRegions 

func RecognizeWellKnownRegions()

RecognizeWellKnownRegions calls RecognizeRegion on each WellKnownRegion

Types

type Backoff 

type Backoff struct {
	// contains filtered or unexported fields
}

Backoff manages a backoff that varies based on the recently observed failures

func (*Backoff) ComputeDelayForRequest 

func (b *Backoff) ComputeDelayForRequest(now time.Time) time.Duration

Computes the delay required for a request, also updating internal state to count this request

func (*Backoff) ReportError 

func (b *Backoff) ReportError()

Called when we observe a throttling error

type Cloud 

type Cloud struct {
	// contains filtered or unexported fields
}

Cloud is an implementation of Interface, LoadBalancer and Instances for Amazon Web Services.

func (*Cloud) AddSSHKeyToAllInstances 

func (c *Cloud) AddSSHKeyToAllInstances(user string, keyData []byte) error

AddSSHKeyToAllInstances is currently not implemented.

func (*Cloud) CurrentNodeName 

func (c *Cloud) CurrentNodeName(hostname string) (types.NodeName, error)

CurrentNodeName returns the name of the current node

func (*Cloud) EnsureFirewall 

func (c *Cloud) EnsureFirewall(ctx context.Context, apiService *apiv1.Service, hostnames []string) error

EnsureFirewall implements Firewall.EnsureFirewall

func (*Cloud) EnsureFirewallDeleted 

func (c *Cloud) EnsureFirewallDeleted(ctx context.Context, service *apiv1.Service) error

EnsureFirewallDeleted implements Firewall.EnsureFirewallDeleted.

func (*Cloud) Firewall 

func (c *Cloud) Firewall() (cloudprovider.Firewall, bool)

Firewall returns an implementation of Firewall for Amazon Web Services.

func (*Cloud) GetSecurityGroupName 

func (c *Cloud) GetSecurityGroupName(service *apiv1.Service) string

func (*Cloud) ProviderName 

func (c *Cloud) ProviderName() string

ProviderName returns the cloud provider ID.

type CloudConfig 

type CloudConfig struct {
	Global struct {
		// TODO: Is there any use for this?  We can get it from the instance metadata service
		// Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful
		Zone string

		KubernetesClusterTag string

		//The aws provider creates an inbound rule per load balancer on the node security
		//group. However, this can run into the AWS security group rule limit of 50 if
		//many LoadBalancers are created.
		//
		//This flag disables the automatic ingress creation. It requires that the user
		//has setup a rule that allows inbound traffic on kubelet ports from the
		//local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000.
		DisableSecurityGroupIngress bool

		//During the instantiation of an new AWS cloud provider, the detected region
		//is validated against a known set of regions.
		//
		//In a non-standard, AWS like environment (e.g. Eucalyptus), this check may
		//be undesirable.  Setting this to true will disable the check and provide
		//a warning that the check was skipped.  Please note that this is an
		//experimental feature and work-in-progress for the moment.  If you find
		//yourself in an non-AWS cloud and open an issue, please indicate that in the
		//issue body.
		DisableStrictZoneCheck bool
	}
}

CloudConfig wraps the settings for the AWS cloud provider.

type CrossRequestRetryDelay 

type CrossRequestRetryDelay struct {
	// contains filtered or unexported fields
}

CrossRequestRetryDelay inserts delays before AWS calls, when we are observing RequestLimitExceeded errors Note that we share a CrossRequestRetryDelay across multiple AWS requests; this is a process-wide back-off, whereas the aws-sdk-go implements a per-request exponential backoff/retry

func NewCrossRequestRetryDelay 

func NewCrossRequestRetryDelay() *CrossRequestRetryDelay

Create a new CrossRequestRetryDelay

func (*CrossRequestRetryDelay) AfterRetry 

func (c *CrossRequestRetryDelay) AfterRetry(r *request.Request)

Added to the AfterRetry chain; called after any error

func (*CrossRequestRetryDelay) BeforeSign 

func (c *CrossRequestRetryDelay) BeforeSign(r *request.Request)

Added to the Sign chain; called before each request

type EC2 

type EC2 interface {
	// Query EC2 for instances matching the filter
	DescribeInstances(request *ec2.DescribeInstancesInput) ([]*ec2.Instance, error)

	DescribeSecurityGroups(request *ec2.DescribeSecurityGroupsInput) ([]*ec2.SecurityGroup, error)

	CreateSecurityGroup(*ec2.CreateSecurityGroupInput) (*ec2.CreateSecurityGroupOutput, error)
	DeleteSecurityGroup(request *ec2.DeleteSecurityGroupInput) (*ec2.DeleteSecurityGroupOutput, error)

	AuthorizeSecurityGroupIngress(*ec2.AuthorizeSecurityGroupIngressInput) (*ec2.AuthorizeSecurityGroupIngressOutput, error)
	RevokeSecurityGroupIngress(*ec2.RevokeSecurityGroupIngressInput) (*ec2.RevokeSecurityGroupIngressOutput, error)

	DescribeSubnets(*ec2.DescribeSubnetsInput) ([]*ec2.Subnet, error)

	CreateTags(*ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error)

	DescribeRouteTables(request *ec2.DescribeRouteTablesInput) ([]*ec2.RouteTable, error)
	CreateRoute(request *ec2.CreateRouteInput) (*ec2.CreateRouteOutput, error)
	DeleteRoute(request *ec2.DeleteRouteInput) (*ec2.DeleteRouteOutput, error)

	ModifyInstanceAttribute(request *ec2.ModifyInstanceAttributeInput) (*ec2.ModifyInstanceAttributeOutput, error)
}

EC2 is an abstraction over AWS', to allow mocking/other implementations Note that the DescribeX functions return a list, so callers don't need to deal with paging TODO: Should we rename this to AWS (EBS & ELB are not technically part of EC2)

type EC2Metadata 

type EC2Metadata interface {
	// Query the EC2 metadata service (used to discover instance-id etc)
	GetMetadata(path string) (string, error)
}

EC2Metadata is an abstraction over the AWS metadata service.

type ELB 

type ELB interface {
	CreateLoadBalancer(*elb.CreateLoadBalancerInput) (*elb.CreateLoadBalancerOutput, error)
	DeleteLoadBalancer(*elb.DeleteLoadBalancerInput) (*elb.DeleteLoadBalancerOutput, error)
	DescribeLoadBalancers(*elb.DescribeLoadBalancersInput) (*elb.DescribeLoadBalancersOutput, error)
	RegisterInstancesWithLoadBalancer(*elb.RegisterInstancesWithLoadBalancerInput) (*elb.RegisterInstancesWithLoadBalancerOutput, error)
	DeregisterInstancesFromLoadBalancer(*elb.DeregisterInstancesFromLoadBalancerInput) (*elb.DeregisterInstancesFromLoadBalancerOutput, error)
	CreateLoadBalancerPolicy(*elb.CreateLoadBalancerPolicyInput) (*elb.CreateLoadBalancerPolicyOutput, error)
	SetLoadBalancerPoliciesForBackendServer(*elb.SetLoadBalancerPoliciesForBackendServerInput) (*elb.SetLoadBalancerPoliciesForBackendServerOutput, error)

	DetachLoadBalancerFromSubnets(*elb.DetachLoadBalancerFromSubnetsInput) (*elb.DetachLoadBalancerFromSubnetsOutput, error)
	AttachLoadBalancerToSubnets(*elb.AttachLoadBalancerToSubnetsInput) (*elb.AttachLoadBalancerToSubnetsOutput, error)

	CreateLoadBalancerListeners(*elb.CreateLoadBalancerListenersInput) (*elb.CreateLoadBalancerListenersOutput, error)
	DeleteLoadBalancerListeners(*elb.DeleteLoadBalancerListenersInput) (*elb.DeleteLoadBalancerListenersOutput, error)

	ApplySecurityGroupsToLoadBalancer(*elb.ApplySecurityGroupsToLoadBalancerInput) (*elb.ApplySecurityGroupsToLoadBalancerOutput, error)

	ConfigureHealthCheck(*elb.ConfigureHealthCheckInput) (*elb.ConfigureHealthCheckOutput, error)

	DescribeLoadBalancerAttributes(*elb.DescribeLoadBalancerAttributesInput) (*elb.DescribeLoadBalancerAttributesOutput, error)
	ModifyLoadBalancerAttributes(*elb.ModifyLoadBalancerAttributesInput) (*elb.ModifyLoadBalancerAttributesOutput, error)
}

ELB is a simple pass-through of AWS' ELB client interface, which allows for testing

type IPPermissionSet 

type IPPermissionSet map[string]*ec2.IpPermission

func NewIPPermissionSet 

func NewIPPermissionSet(items ...*ec2.IpPermission) IPPermissionSet

func (IPPermissionSet) Difference 

func (s IPPermissionSet) Difference(s2 IPPermissionSet) IPPermissionSet

Difference returns a set of objects that are not in s2 For example: s1 = {a1, a2, a3} s2 = {a1, a2, a4, a5} s1.Difference(s2) = {a3} s2.Difference(s1) = {a4, a5}

func (IPPermissionSet) Equal 

func (s1 IPPermissionSet) Equal(s2 IPPermissionSet) bool

Equal returns true if and only if s1 is equal (as a set) to s2. Two sets are equal if their membership is identical. (In practice, this means same elements, order doesn't matter)

func (IPPermissionSet) Insert 

func (s IPPermissionSet) Insert(items ...*ec2.IpPermission)

Insert adds items to the set.

func (IPPermissionSet) IsSuperset 

func (s1 IPPermissionSet) IsSuperset(s2 IPPermissionSet) bool

IsSuperset returns true if and only if s1 is a superset of s2.

func (IPPermissionSet) Len 

func (s IPPermissionSet) Len() int

Len returns the size of the set.

func (IPPermissionSet) List 

func (s IPPermissionSet) List() []*ec2.IpPermission

List returns the contents as a slice. Order is not defined.

func (IPPermissionSet) Ungroup 

func (s IPPermissionSet) Ungroup() IPPermissionSet

Ungroup splits permissions out into individual permissions EC2 will combine permissions with the same port but different SourceRanges together, for example We ungroup them so we can process them

type InstanceGroupInfo 

type InstanceGroupInfo interface {
	// The number of instances currently running under control of this group
	CurrentSize() (int, error)
}

InstanceGroupInfo is returned by InstanceGroups.Describe, and exposes information about the group.

type Services 

type Services interface {
	Compute(region string) (EC2, error)
	LoadBalancing(region string) (ELB, error)
	Metadata() (EC2Metadata, error)
}

Services is an abstraction over AWS, to allow mocking/other implementations

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.