Documentation ¶
Index ¶
- Constants
- func ResizeInstanceGroup(asg ASG, instanceGroupName string, size int) error
- type ASG
- type AWSCloud
- func (self *AWSCloud) AddSSHKeyToAllInstances(user string, keyData []byte) error
- func (c *AWSCloud) AttachDisk(diskName string, instanceName string, readOnly bool) (string, error)
- func (aws *AWSCloud) Clusters() (cloudprovider.Clusters, bool)
- func (s *AWSCloud) CreateDisk(volumeOptions *VolumeOptions) (string, error)
- func (s *AWSCloud) CreateRoute(clusterName string, nameHint string, route *cloudprovider.Route) error
- func (c *AWSCloud) CurrentNodeName(hostname string) (string, error)
- func (c *AWSCloud) DeleteDisk(volumeName string) (bool, error)
- func (s *AWSCloud) DeleteRoute(clusterName string, route *cloudprovider.Route) error
- func (a *AWSCloud) DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error)
- func (aws *AWSCloud) DetachDisk(diskName string, instanceName string) (string, error)
- func (s *AWSCloud) EnsureLoadBalancer(apiService *api.Service, hosts []string) (*api.LoadBalancerStatus, error)
- func (s *AWSCloud) EnsureLoadBalancerDeleted(service *api.Service) error
- func (c *AWSCloud) ExternalID(name string) (string, error)
- func (s *AWSCloud) GetLoadBalancer(service *api.Service) (*api.LoadBalancerStatus, bool, error)
- func (c *AWSCloud) GetVolumeLabels(volumeName string) (map[string]string, error)
- func (c *AWSCloud) GetZone() (cloudprovider.Zone, error)
- func (c *AWSCloud) InstanceID(name string) (string, error)
- func (c *AWSCloud) InstanceType(name string) (string, error)
- func (aws *AWSCloud) Instances() (cloudprovider.Instances, bool)
- func (aws *AWSCloud) List(filter string) ([]string, error)
- func (s *AWSCloud) ListRoutes(clusterName string) ([]*cloudprovider.Route, error)
- func (s *AWSCloud) LoadBalancer() (cloudprovider.LoadBalancer, bool)
- func (c *AWSCloud) NodeAddresses(name string) ([]api.NodeAddress, error)
- func (aws *AWSCloud) ProviderName() string
- func (a *AWSCloud) ResizeInstanceGroup(instanceGroupName string, size int) error
- func (aws *AWSCloud) Routes() (cloudprovider.Routes, bool)
- func (aws *AWSCloud) ScrubDNS(nameservers, searches []string) (nsOut, srchOut []string)
- func (s *AWSCloud) UpdateLoadBalancer(service *api.Service, hosts []string) error
- func (aws *AWSCloud) Zones() (cloudprovider.Zones, bool)
- type AWSCloudConfig
- type AWSServices
- type Backoff
- type CrossRequestRetryDelay
- type EC2
- type EC2Metadata
- type ELB
- type IPPermissionSet
- func (s IPPermissionSet) Difference(s2 IPPermissionSet) IPPermissionSet
- func (s1 IPPermissionSet) Equal(s2 IPPermissionSet) bool
- func (s IPPermissionSet) Insert(items ...*ec2.IpPermission)
- func (s1 IPPermissionSet) IsSuperset(s2 IPPermissionSet) bool
- func (s IPPermissionSet) Len() int
- func (s IPPermissionSet) List() []*ec2.IpPermission
- func (s IPPermissionSet) Ungroup() IPPermissionSet
- type InstanceGroupInfo
- type InstanceGroups
- type VolumeOptions
- type Volumes
Constants ¶
const DefaultMaxEBSVolumes = 39
Amazon recommends having no more that 40 volumes attached to an instance, and at least one of those is for the system root volume. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/volume_limits.html#linux-specific-volume-limits
const DefaultVolumeType = "gp2"
Default volume type for newly created Volumes TODO: Remove when user/admin can configure volume types and thus we don't need hardcoded defaults.
const MaxReadThenCreateRetries = 30
We sometimes read to see if something exists; then try to create it if we didn't find it This can fail once in a consistent system if done in parallel In an eventually consistent system, it could fail unboundedly MaxReadThenCreateRetries sets the maximum number of attempts we will make
const ProviderName = "aws"
const ProxyProtocolPolicyName = "k8s-proxyprotocol-enabled"
const ServiceAnnotationLoadBalancerBEProtocol = "service.beta.kubernetes.io/aws-load-balancer-backend-protocol"
Service annotation specifying the protocol spoken by the backend (pod) behind a secure listener. Only inspected when `aws-load-balancer-ssl-cert` is used. If `http` (default) or `https`, an HTTPS listener that terminates the connection and parses headers is created. If set to `ssl` or `tcp`, a "raw" SSL listener is used.
const ServiceAnnotationLoadBalancerCertificate = "service.beta.kubernetes.io/aws-load-balancer-ssl-cert"
Service annotation requesting a secure listener. Value is a valid certificate ARN. For more, see http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html CertARN is an IAM or CM certificate ARN, e.g. arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
const ServiceAnnotationLoadBalancerInternal = "service.beta.kubernetes.io/aws-load-balancer-internal"
Annotation used on the service to indicate that we want an internal ELB. Currently we accept only the value "0.0.0.0/0" - other values are an error. This lets us define more advanced semantics in future.
const ServiceAnnotationLoadBalancerProxyProtocol = "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol"
Annotation used on the service to enable the proxy protocol on an ELB. Right now we only accept the value "*" which means enable the proxy protocol on all ELB backends. In the future we could adjust this to allow setting the proxy protocol only on certain backends.
const TagNameKubernetesCluster = "KubernetesCluster"
The tag name we use to differentiate multiple logically independent clusters running in the same AZ
const TagNameKubernetesService = "kubernetes.io/service-name"
The tag name we use to differentiate multiple services. Used currently for ELBs only.
const TagNameSubnetInternalELB = "kubernetes.io/role/internal-elb"
The tag name used on a subnet to designate that it should be used for internal ELBs
const TagNameSubnetPublicELB = "kubernetes.io/role/elb"
The tag name used on a subnet to designate that it should be used for internet ELBs
Variables ¶
This section is empty.
Functions ¶
Types ¶
type ASG ¶
type ASG interface { UpdateAutoScalingGroup(*autoscaling.UpdateAutoScalingGroupInput) (*autoscaling.UpdateAutoScalingGroupOutput, error) DescribeAutoScalingGroups(*autoscaling.DescribeAutoScalingGroupsInput) (*autoscaling.DescribeAutoScalingGroupsOutput, error) }
This is a simple pass-through of the Autoscaling client interface, which allows for testing
type AWSCloud ¶
type AWSCloud struct {
// contains filtered or unexported fields
}
AWSCloud is an implementation of Interface, LoadBalancer and Instances for Amazon Web Services.
func (*AWSCloud) AddSSHKeyToAllInstances ¶
func (*AWSCloud) AttachDisk ¶
Implements Volumes.AttachDisk
func (*AWSCloud) CreateDisk ¶
func (s *AWSCloud) CreateDisk(volumeOptions *VolumeOptions) (string, error)
Implements Volumes.CreateVolume
func (*AWSCloud) CreateRoute ¶
func (s *AWSCloud) CreateRoute(clusterName string, nameHint string, route *cloudprovider.Route) error
CreateRoute implements Routes.CreateRoute Create the described route
func (*AWSCloud) CurrentNodeName ¶
func (*AWSCloud) DeleteDisk ¶
Implements Volumes.DeleteDisk
func (*AWSCloud) DeleteRoute ¶
func (s *AWSCloud) DeleteRoute(clusterName string, route *cloudprovider.Route) error
DeleteRoute implements Routes.DeleteRoute Delete the specified route
func (*AWSCloud) DescribeInstanceGroup ¶
func (a *AWSCloud) DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error)
Implement InstanceGroups.DescribeInstanceGroup Queries the cloud provider for information about the specified instance group
func (*AWSCloud) DetachDisk ¶
Implements Volumes.DetachDisk
func (*AWSCloud) EnsureLoadBalancer ¶
func (s *AWSCloud) EnsureLoadBalancer(apiService *api.Service, hosts []string) (*api.LoadBalancerStatus, error)
EnsureLoadBalancer implements LoadBalancer.EnsureLoadBalancer
func (*AWSCloud) EnsureLoadBalancerDeleted ¶
EnsureLoadBalancerDeleted implements LoadBalancer.EnsureLoadBalancerDeleted.
func (*AWSCloud) ExternalID ¶
ExternalID returns the cloud provider ID of the specified instance (deprecated).
func (*AWSCloud) GetLoadBalancer ¶
GetLoadBalancer is an implementation of LoadBalancer.GetLoadBalancer
func (*AWSCloud) GetVolumeLabels ¶
Implements Volumes.GetVolumeLabels
func (*AWSCloud) GetZone ¶
func (c *AWSCloud) GetZone() (cloudprovider.Zone, error)
GetZone implements Zones.GetZone
func (*AWSCloud) InstanceID ¶
InstanceID returns the cloud provider ID of the specified instance.
func (*AWSCloud) InstanceType ¶
InstanceType returns the type of the specified instance.
func (*AWSCloud) Instances ¶
func (aws *AWSCloud) Instances() (cloudprovider.Instances, bool)
Instances returns an implementation of Instances for Amazon Web Services.
func (*AWSCloud) ListRoutes ¶
func (s *AWSCloud) ListRoutes(clusterName string) ([]*cloudprovider.Route, error)
ListRoutes implements Routes.ListRoutes List all routes that match the filter
func (*AWSCloud) LoadBalancer ¶
func (s *AWSCloud) LoadBalancer() (cloudprovider.LoadBalancer, bool)
LoadBalancer returns an implementation of LoadBalancer for Amazon Web Services.
func (*AWSCloud) NodeAddresses ¶
func (c *AWSCloud) NodeAddresses(name string) ([]api.NodeAddress, error)
NodeAddresses is an implementation of Instances.NodeAddresses.
func (*AWSCloud) ProviderName ¶
ProviderName returns the cloud provider ID.
func (*AWSCloud) ResizeInstanceGroup ¶
Implement InstanceGroups.ResizeInstanceGroup Set the size to the fixed size
func (*AWSCloud) Routes ¶
func (aws *AWSCloud) Routes() (cloudprovider.Routes, bool)
Routes returns an implementation of Routes for Amazon Web Services.
func (*AWSCloud) UpdateLoadBalancer ¶
UpdateLoadBalancer implements LoadBalancer.UpdateLoadBalancer
type AWSCloudConfig ¶
type AWSCloudConfig struct { Global struct { // TODO: Is there any use for this? We can get it from the instance metadata service // Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful Zone string KubernetesClusterTag string //The aws provider creates an inbound rule per load balancer on the node security //group. However, this can run into the AWS security group rule limit of 50 if //many LoadBalancers are created. // //This flag disables the automatic ingress creation. It requires that the user //has setup a rule that allows inbound traffic on kubelet ports from the //local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000. DisableSecurityGroupIngress bool } }
type AWSServices ¶
type AWSServices interface { Compute(region string) (EC2, error) LoadBalancing(region string) (ELB, error) Autoscaling(region string) (ASG, error) Metadata() (EC2Metadata, error) }
Abstraction over AWS, to allow mocking/other implementations
type Backoff ¶
type Backoff struct {
// contains filtered or unexported fields
}
Backoff manages a backoff that varies based on the recently observed failures
func (*Backoff) ComputeDelayForRequest ¶
Computes the delay required for a request, also updating internal state to count this request
func (*Backoff) ReportError ¶
func (b *Backoff) ReportError()
Called when we observe a throttling error
type CrossRequestRetryDelay ¶
type CrossRequestRetryDelay struct {
// contains filtered or unexported fields
}
CrossRequestRetryDelay inserts delays before AWS calls, when we are observing RequestLimitExceeded errors Note that we share a CrossRequestRetryDelay across multiple AWS requests; this is a process-wide back-off, whereas the aws-sdk-go implements a per-request exponential backoff/retry
func NewCrossRequestRetryDelay ¶
func NewCrossRequestRetryDelay() *CrossRequestRetryDelay
Create a new CrossRequestRetryDelay
func (*CrossRequestRetryDelay) AfterRetry ¶
func (c *CrossRequestRetryDelay) AfterRetry(r *request.Request)
Added to the AfterRetry chain; called after any error
func (*CrossRequestRetryDelay) BeforeSign ¶
func (c *CrossRequestRetryDelay) BeforeSign(r *request.Request)
Added to the Sign chain; called before each request
type EC2 ¶
type EC2 interface { // Query EC2 for instances matching the filter DescribeInstances(request *ec2.DescribeInstancesInput) ([]*ec2.Instance, error) // Attach a volume to an instance AttachVolume(*ec2.AttachVolumeInput) (*ec2.VolumeAttachment, error) // Detach a volume from an instance it is attached to DetachVolume(request *ec2.DetachVolumeInput) (resp *ec2.VolumeAttachment, err error) // Lists volumes DescribeVolumes(request *ec2.DescribeVolumesInput) ([]*ec2.Volume, error) // Create an EBS volume CreateVolume(request *ec2.CreateVolumeInput) (resp *ec2.Volume, err error) // Delete an EBS volume DeleteVolume(*ec2.DeleteVolumeInput) (*ec2.DeleteVolumeOutput, error) DescribeSecurityGroups(request *ec2.DescribeSecurityGroupsInput) ([]*ec2.SecurityGroup, error) CreateSecurityGroup(*ec2.CreateSecurityGroupInput) (*ec2.CreateSecurityGroupOutput, error) DeleteSecurityGroup(request *ec2.DeleteSecurityGroupInput) (*ec2.DeleteSecurityGroupOutput, error) AuthorizeSecurityGroupIngress(*ec2.AuthorizeSecurityGroupIngressInput) (*ec2.AuthorizeSecurityGroupIngressOutput, error) RevokeSecurityGroupIngress(*ec2.RevokeSecurityGroupIngressInput) (*ec2.RevokeSecurityGroupIngressOutput, error) DescribeSubnets(*ec2.DescribeSubnetsInput) ([]*ec2.Subnet, error) CreateTags(*ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error) DescribeRouteTables(request *ec2.DescribeRouteTablesInput) ([]*ec2.RouteTable, error) CreateRoute(request *ec2.CreateRouteInput) (*ec2.CreateRouteOutput, error) DeleteRoute(request *ec2.DeleteRouteInput) (*ec2.DeleteRouteOutput, error) ModifyInstanceAttribute(request *ec2.ModifyInstanceAttributeInput) (*ec2.ModifyInstanceAttributeOutput, error) }
TODO: Should we rename this to AWS (EBS & ELB are not technically part of EC2) Abstraction over EC2, to allow mocking/other implementations Note that the DescribeX functions return a list, so callers don't need to deal with paging
type EC2Metadata ¶
type EC2Metadata interface { // Query the EC2 metadata service (used to discover instance-id etc) GetMetadata(path string) (string, error) }
Abstraction over the AWS metadata service
type ELB ¶
type ELB interface { CreateLoadBalancer(*elb.CreateLoadBalancerInput) (*elb.CreateLoadBalancerOutput, error) DeleteLoadBalancer(*elb.DeleteLoadBalancerInput) (*elb.DeleteLoadBalancerOutput, error) DescribeLoadBalancers(*elb.DescribeLoadBalancersInput) (*elb.DescribeLoadBalancersOutput, error) RegisterInstancesWithLoadBalancer(*elb.RegisterInstancesWithLoadBalancerInput) (*elb.RegisterInstancesWithLoadBalancerOutput, error) DeregisterInstancesFromLoadBalancer(*elb.DeregisterInstancesFromLoadBalancerInput) (*elb.DeregisterInstancesFromLoadBalancerOutput, error) CreateLoadBalancerPolicy(*elb.CreateLoadBalancerPolicyInput) (*elb.CreateLoadBalancerPolicyOutput, error) SetLoadBalancerPoliciesForBackendServer(*elb.SetLoadBalancerPoliciesForBackendServerInput) (*elb.SetLoadBalancerPoliciesForBackendServerOutput, error) DetachLoadBalancerFromSubnets(*elb.DetachLoadBalancerFromSubnetsInput) (*elb.DetachLoadBalancerFromSubnetsOutput, error) AttachLoadBalancerToSubnets(*elb.AttachLoadBalancerToSubnetsInput) (*elb.AttachLoadBalancerToSubnetsOutput, error) CreateLoadBalancerListeners(*elb.CreateLoadBalancerListenersInput) (*elb.CreateLoadBalancerListenersOutput, error) DeleteLoadBalancerListeners(*elb.DeleteLoadBalancerListenersInput) (*elb.DeleteLoadBalancerListenersOutput, error) ApplySecurityGroupsToLoadBalancer(*elb.ApplySecurityGroupsToLoadBalancerInput) (*elb.ApplySecurityGroupsToLoadBalancerOutput, error) ConfigureHealthCheck(*elb.ConfigureHealthCheckInput) (*elb.ConfigureHealthCheckOutput, error) }
This is a simple pass-through of the ELB client interface, which allows for testing
type IPPermissionSet ¶
type IPPermissionSet map[string]*ec2.IpPermission
func NewIPPermissionSet ¶
func NewIPPermissionSet(items ...*ec2.IpPermission) IPPermissionSet
func (IPPermissionSet) Difference ¶
func (s IPPermissionSet) Difference(s2 IPPermissionSet) IPPermissionSet
Difference returns a set of objects that are not in s2 For example: s1 = {a1, a2, a3} s2 = {a1, a2, a4, a5} s1.Difference(s2) = {a3} s2.Difference(s1) = {a4, a5}
func (IPPermissionSet) Equal ¶
func (s1 IPPermissionSet) Equal(s2 IPPermissionSet) bool
Equal returns true if and only if s1 is equal (as a set) to s2. Two sets are equal if their membership is identical. (In practice, this means same elements, order doesn't matter)
func (IPPermissionSet) Insert ¶
func (s IPPermissionSet) Insert(items ...*ec2.IpPermission)
Insert adds items to the set.
func (IPPermissionSet) IsSuperset ¶
func (s1 IPPermissionSet) IsSuperset(s2 IPPermissionSet) bool
IsSuperset returns true if and only if s1 is a superset of s2.
func (IPPermissionSet) List ¶
func (s IPPermissionSet) List() []*ec2.IpPermission
List returns the contents as a slice. Order is not defined.
func (IPPermissionSet) Ungroup ¶
func (s IPPermissionSet) Ungroup() IPPermissionSet
Ungroup splits permissions out into individual permissions EC2 will combine permissions with the same port but different SourceRanges together, for example We ungroup them so we can process them
type InstanceGroupInfo ¶
type InstanceGroupInfo interface { // The number of instances currently running under control of this group CurrentSize() (int, error) }
InstanceGroupInfo is returned by InstanceGroups.Describe, and exposes information about the group.
func DescribeInstanceGroup ¶
func DescribeInstanceGroup(asg ASG, instanceGroupName string) (InstanceGroupInfo, error)
DescribeInstanceGroup gets info about the specified instancegroup Exported so it can be used by the e2e tests, which don't want to instantiate a full cloudprovider.
type InstanceGroups ¶
type InstanceGroups interface { // Set the size to the fixed size ResizeInstanceGroup(instanceGroupName string, size int) error // Queries the cloud provider for information about the specified instance group DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error) }
InstanceGroups is an interface for managing cloud-managed instance groups / autoscaling instance groups TODO: Allow other clouds to implement this
type VolumeOptions ¶
type Volumes ¶
type Volumes interface { // Attach the disk to the specified instance // instanceName can be empty to mean "the instance on which we are running" // Returns the device (e.g. /dev/xvdf) where we attached the volume AttachDisk(diskName string, instanceName string, readOnly bool) (string, error) // Detach the disk from the specified instance // instanceName can be empty to mean "the instance on which we are running" // Returns the device where the volume was attached DetachDisk(diskName string, instanceName string) (string, error) // Create a volume with the specified options CreateDisk(volumeOptions *VolumeOptions) (volumeName string, err error) // Delete the specified volume // Returns true iff the volume was deleted // If the was not found, returns (false, nil) DeleteDisk(volumeName string) (bool, error) // Get labels to apply to volume on creation GetVolumeLabels(volumeName string) (map[string]string, error) }
Volumes is an interface for managing cloud-provisioned volumes TODO: Allow other clouds to implement this