bastion

package
v1.41.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SSHPort is the default SSH Port used for bastion ingress firewall rule
	SSHPort = 22
)

Variables

View Source
var (
	// DefaultAddOptions are the default AddOptions for AddToManager.
	DefaultAddOptions = AddOptions{}
)

Functions

func AddToManager

func AddToManager(_ context.Context, mgr manager.Manager) error

AddToManager adds a controller with the default Options.

func AddToManagerWithOptions

func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error

AddToManagerWithOptions adds a controller with the given Options to the given manager. The opts.Reconciler is being set with a newly instantiated actuator.

func DiskResourceName

func DiskResourceName(baseName string) string

DiskResourceName is Disk resource name

func EgressAllowOnly

func EgressAllowOnly(opt *Options) *compute.Firewall

EgressAllowOnly egress rule to allow ssh traffic to workers cidr range.

func EgressDenyAll

func EgressDenyAll(opt *Options) *compute.Firewall

EgressDenyAll egress rule to deny all

func FirewallEgressAllowOnlyResourceName

func FirewallEgressAllowOnlyResourceName(baseName string) string

FirewallEgressAllowOnlyResourceName is Firewall egress allow only worker node rule resource name

func FirewallEgressDenyAllResourceName

func FirewallEgressDenyAllResourceName(baseName string) string

FirewallEgressDenyAllResourceName is Firewall egress deny all rule resource name

func FirewallIngressAllowSSHResourceName

func FirewallIngressAllowSSHResourceName(baseName string) string

FirewallIngressAllowSSHResourceName is Firewall ingress allow SSH rule resource name

func IngressAllowSSH

func IngressAllowSSH(opt *Options, cidr []string) *compute.Firewall

IngressAllowSSH ingress rule to allow ssh access

func IngressReady

func IngressReady(ingress *corev1.LoadBalancerIngress) bool

IngressReady returns true if either an IP or a hostname or both are set.

func NewConfigValidator added in v1.26.0

func NewConfigValidator(mgr manager.Manager, logger logr.Logger, gcpClientFactory gcpclient.Factory) bastion.ConfigValidator

NewConfigValidator creates a new ConfigValidator.

Types

type AddOptions

type AddOptions struct {
	// Controller are the controller.Options.
	Controller controller.Options
	// IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not.
	IgnoreOperationAnnotation bool
	// ExtensionClass defines the extension class this extension is responsible for.
	ExtensionClass extensionsv1alpha1.ExtensionClass
}

AddOptions are Options to apply when adding the GCP bastion controller to the manager.

type Options

type Options struct {
	Shoot               *gardencorev1beta1.Shoot
	BastionInstanceName string
	DiskName            string
	Zone                string
	Subnetwork          string
	ProjectID           string
	Network             string
	WorkersCIDR         string
	ImagePath           string
	MachineName         string
}

Options contains provider-related information required for setting up a bastion instance. This struct combines precomputed values like the bastion instance name with the IDs of pre-existing cloud provider resources, like the Firewall name, subnet name etc.

func DetermineOptions

func DetermineOptions(bastion *extensionsv1alpha1.Bastion, cluster *controller.Cluster, projectID, vNetworkName, subnetWork string) (*Options, error)

DetermineOptions determines the required information that are required to reconcile a Bastion on GCP. This function does not create any IaaS resources.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL