Documentation ¶
Index ¶
- Constants
- Variables
- func AddToManager(_ context.Context, mgr manager.Manager) error
- func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error
- func DiskResourceName(baseName string) string
- func EgressAllowOnly(opt *Options) *compute.Firewall
- func EgressDenyAll(opt *Options) *compute.Firewall
- func FirewallEgressAllowOnlyResourceName(baseName string) string
- func FirewallEgressDenyAllResourceName(baseName string) string
- func FirewallIngressAllowSSHResourceName(baseName string) string
- func IngressAllowSSH(opt *Options, cidr []string) *compute.Firewall
- func IngressReady(ingress *corev1.LoadBalancerIngress) bool
- func NewConfigValidator(mgr manager.Manager, logger logr.Logger, gcpClientFactory gcpclient.Factory) bastion.ConfigValidator
- type AddOptions
- type Options
Constants ¶
const (
// SSHPort is the default SSH Port used for bastion ingress firewall rule
SSHPort = 22
)
Variables ¶
var ( // DefaultAddOptions are the default AddOptions for AddToManager. DefaultAddOptions = AddOptions{} )
Functions ¶
func AddToManager ¶
AddToManager adds a controller with the default Options.
func AddToManagerWithOptions ¶
func AddToManagerWithOptions(mgr manager.Manager, opts AddOptions) error
AddToManagerWithOptions adds a controller with the given Options to the given manager. The opts.Reconciler is being set with a newly instantiated actuator.
func DiskResourceName ¶
DiskResourceName is Disk resource name
func EgressAllowOnly ¶
func EgressAllowOnly(opt *Options) *compute.Firewall
EgressAllowOnly egress rule to allow ssh traffic to workers cidr range.
func EgressDenyAll ¶
func EgressDenyAll(opt *Options) *compute.Firewall
EgressDenyAll egress rule to deny all
func FirewallEgressAllowOnlyResourceName ¶
FirewallEgressAllowOnlyResourceName is Firewall egress allow only worker node rule resource name
func FirewallEgressDenyAllResourceName ¶
FirewallEgressDenyAllResourceName is Firewall egress deny all rule resource name
func FirewallIngressAllowSSHResourceName ¶
FirewallIngressAllowSSHResourceName is Firewall ingress allow SSH rule resource name
func IngressAllowSSH ¶
IngressAllowSSH ingress rule to allow ssh access
func IngressReady ¶
func IngressReady(ingress *corev1.LoadBalancerIngress) bool
IngressReady returns true if either an IP or a hostname or both are set.
func NewConfigValidator ¶ added in v1.26.0
func NewConfigValidator(mgr manager.Manager, logger logr.Logger, gcpClientFactory gcpclient.Factory) bastion.ConfigValidator
NewConfigValidator creates a new ConfigValidator.
Types ¶
type AddOptions ¶
type AddOptions struct { // Controller are the controller.Options. Controller controller.Options // IgnoreOperationAnnotation specifies whether to ignore the operation annotation or not. IgnoreOperationAnnotation bool }
AddOptions are Options to apply when adding the GCP bastion controller to the manager.
type Options ¶
type Options struct { Shoot *gardencorev1beta1.Shoot BastionInstanceName string DiskName string Zone string Subnetwork string ProjectID string Network string WorkersCIDR string }
Options contains provider-related information required for setting up a bastion instance. This struct combines precomputed values like the bastion instance name with the IDs of pre-existing cloud provider resources, like the Firewall name, subnet name etc.
func DetermineOptions ¶
func DetermineOptions(bastion *extensionsv1alpha1.Bastion, cluster *controller.Cluster, projectID, vNetworkName, subnetWork string) (*Options, error)
DetermineOptions determines the required information that are required to reconcile a Bastion on GCP. This function does not create any IaaS resources.