Documentation
¶
Index ¶
- Constants
- type RequiredSGRule
- type SafetyConstraintsViolations
- type SecurityCheckOpt
- type SecurityValidator
- type VPCSecurityGroupSyncher
- func (ss VPCSecurityGroupSyncher) Create(resource *ccev2alpha1.SecurityGroup) error
- func (ss VPCSecurityGroupSyncher) Delete(name string) error
- func (ss *VPCSecurityGroupSyncher) Init(ctx context.Context) error
- func (ss VPCSecurityGroupSyncher) ResyncSecurityGroup(context.Context) time.Duration
- func (ss VPCSecurityGroupSyncher) StartSecurityGroupSyncer(ctx context.Context, updater syncer.SecurityGroupUpdater) syncer.SecurityGroupEventHandler
- func (ss VPCSecurityGroupSyncher) Update(resource *ccev2alpha1.SecurityGroup) error
Constants ¶
View Source
const ( // pod ip cidr + vpc cidr IPRangeClusterCIDR = "clusterCIDR" // vpc cidr IPRangeVPCCIDR = "vpcCIDR" Empty = "" IPv4RangeAll = "0.0.0.0/0" All = "all" IPv4FloatingIPRange = "100.64.230.0/24" IPv6RangeAll = "::/0" ProtocolAll = "all" ProtocolIPv4 = "IPv4" ProtocolIPv6 = "IPv6" ProtocolTCP = "tcp" ProtocolUDP = "udp" ProtocolICMP = "icmp" RemarkDefault = "CCE默认规则: 节点间内网通信" RemarkFloatingIP = "CCE默认规则: 与隐藏子网节点内网通信" RemarkEgressAllAllowed = "CCE默认规则: 出向全通" RemarkNodePort = "CCE默认规则: K8s NodePort 默认范围" RemarkIPv6Default = "CCE默认规则: IPv6 节点间内网通信" RemarkIPv6EgressAllAllowed = "CCE默认规则: IPv6 出向全通" RemarkIPv6NodePort = "CCE默认规则: K8s NodePort 默认范围" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RequiredSGRule ¶
type RequiredSGRule struct {
EtherType string `json:"etherType,omitempty"`
Direction string `json:"direction,omitempty"`
Protocol string `json:"protocol,omitempty"`
SourceIP string `json:"sourceIp,omitempty"`
DestIP string `json:"destIp,omitempty"`
PortRangeMin int `json:"portRangeMin,omitempty"`
PortRangeMax int `json:"portRangeMax,omitempty"`
Remark string `json:"remark,omitempty"`
}
type SafetyConstraintsViolations ¶
Violation of safety constraints
func (*SafetyConstraintsViolations) Error ¶
func (s *SafetyConstraintsViolations) Error() string
Error implements error.
type SecurityCheckOpt ¶
type SecurityCheckOpt struct {
Indentifier string
Role ccev2alpha1.SecurityGroupUserRoles
RuleIds []string
}
type SecurityValidator ¶
type SecurityValidator struct {
VpcCIDR []string
ClusterCIDR []string
EnableNodeOptCheck bool
EnableIPv6Check bool
// contains filtered or unexported fields
}
var BceSecurityValidator *SecurityValidator
func (*SecurityValidator) ViolateSecurityRules ¶
func (bsv *SecurityValidator) ViolateSecurityRules(opts *SecurityCheckOpt) (err error, validate bool)
type VPCSecurityGroupSyncher ¶
type VPCSecurityGroupSyncher struct {
// contains filtered or unexported fields
}
func (VPCSecurityGroupSyncher) Create ¶
func (ss VPCSecurityGroupSyncher) Create(resource *ccev2alpha1.SecurityGroup) error
Create Process synchronization of new subnets For a new subnet, we should generally query the details of the subnet directly and synchronously
func (*VPCSecurityGroupSyncher) Init ¶
func (ss *VPCSecurityGroupSyncher) Init(ctx context.Context) error
func (VPCSecurityGroupSyncher) ResyncSecurityGroup ¶
func (VPCSecurityGroupSyncher) StartSecurityGroupSyncer ¶
func (ss VPCSecurityGroupSyncher) StartSecurityGroupSyncer(ctx context.Context, updater syncer.SecurityGroupUpdater) syncer.SecurityGroupEventHandler
func (VPCSecurityGroupSyncher) Update ¶
func (ss VPCSecurityGroupSyncher) Update(resource *ccev2alpha1.SecurityGroup) error
Source Files
Click to show internal directories.
Click to hide internal directories.