Versions in this module Expand all Collapse all v2 v2.5.5 Aug 7, 2023 Changes in this version + const ResourceTypeIngress + const ResourceTypeService + const TagKeySubnetInternalELB + const TagKeySubnetPublicELB + func FilterIPsWithinCIDRs(ips []netip.Addr, cidrs []netip.Prefix) []netip.Addr + func GetSubnetAssociatedIPv4CIDRs(subnet *ec2sdk.Subnet) ([]netip.Prefix, error) + func GetSubnetAssociatedIPv6CIDRs(subnet *ec2sdk.Subnet) ([]netip.Prefix, error) + func IsIPWithinCIDRs(ip netip.Addr, cidrs []netip.Prefix) bool + func NewBackendSGProvider(clusterName string, backendSG string, vpcID string, ec2Client services.EC2, ...) *defaultBackendSGProvider + func NewDefaultAZInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultAZInfoProvider + func NewDefaultNodeENIInfoResolver(nodeInfoProvider NodeInfoProvider, logger logr.Logger) *defaultNodeENIInfoResolver + func NewDefaultNodeInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultNodeInfoProvider + func NewDefaultPodENIInfoResolver(k8sClient client.Client, ec2Client services.EC2, ...) *defaultPodENIInfoResolver + func NewDefaultSecurityGroupManager(ec2Client services.EC2, logger logr.Logger) *defaultSecurityGroupManager + func NewDefaultSecurityGroupReconciler(sgManager SecurityGroupManager, logger logr.Logger) *defaultSecurityGroupReconciler + func NewDefaultSecurityGroupResolver(ec2Client services.EC2, vpcID string) *defaultSecurityGroupResolver + func NewDefaultSubnetsResolver(azInfoProvider AZInfoProvider, ec2Client services.EC2, vpcID string, ...) *defaultSubnetsResolver + func NewDefaultVPCInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultVPCInfoProvider + func NewIPPermissionLabelsForRawDescription(description string) map[string]string + func ParseCIDRs(cidrs []string) ([]netip.Prefix, error) + type AZInfoProvider interface + FetchAZInfos func(ctx context.Context, availabilityZoneIDs []string) (map[string]ec2sdk.AvailabilityZone, error) + type BackendSGProvider interface + Get func(ctx context.Context, resourceType ResourceType, ...) (string, error) + Release func(ctx context.Context, resourceType ResourceType, ...) error + type ENIInfo struct + NetworkInterfaceID string + SecurityGroups []string + type FetchSGInfoOption func(opts *FetchSGInfoOptions) + func WithReloadIgnoringCache() FetchSGInfoOption + type FetchSGInfoOptions struct + ReloadIgnoringCache bool + func (opts *FetchSGInfoOptions) ApplyOptions(options ...FetchSGInfoOption) + type FetchVPCInfoOption func(opts *FetchVPCInfoOptions) + func FetchVPCInfoWithoutCache() FetchVPCInfoOption + type FetchVPCInfoOptions struct + ReloadIgnoringCache bool + func (opts *FetchVPCInfoOptions) ApplyOptions(options ...FetchVPCInfoOption) + type IPPermissionInfo struct + Labels map[string]string + Permission ec2sdk.IpPermission + func NewCIDRIPPermission(ipProtocol string, fromPort *int64, toPort *int64, cidr string, ...) IPPermissionInfo + func NewCIDRv6IPPermission(ipProtocol string, fromPort *int64, toPort *int64, cidrV6 string, ...) IPPermissionInfo + func NewGroupIDIPPermission(ipProtocol string, fromPort *int64, toPort *int64, groupID string, ...) IPPermissionInfo + func NewPrefixListIDPermission(ipProtocol string, fromPort *int64, toPort *int64, prefixListID string, ...) IPPermissionInfo + func NewRawIPPermission(sdkPermission ec2sdk.IpPermission) IPPermissionInfo + func (perm *IPPermissionInfo) HashCode() string + type MockAZInfoProvider struct + func NewMockAZInfoProvider(ctrl *gomock.Controller) *MockAZInfoProvider + func (m *MockAZInfoProvider) EXPECT() *MockAZInfoProviderMockRecorder + func (m *MockAZInfoProvider) FetchAZInfos(arg0 context.Context, arg1 []string) (map[string]ec2.AvailabilityZone, error) + type MockAZInfoProviderMockRecorder struct + func (mr *MockAZInfoProviderMockRecorder) FetchAZInfos(arg0, arg1 interface{}) *gomock.Call + type MockBackendSGProvider struct + func NewMockBackendSGProvider(ctrl *gomock.Controller) *MockBackendSGProvider + func (m *MockBackendSGProvider) EXPECT() *MockBackendSGProviderMockRecorder + func (m *MockBackendSGProvider) Get(arg0 context.Context, arg1 ResourceType, arg2 []types.NamespacedName) (string, error) + func (m *MockBackendSGProvider) Release(arg0 context.Context, arg1 ResourceType, arg2 []types.NamespacedName) error + type MockBackendSGProviderMockRecorder struct + func (mr *MockBackendSGProviderMockRecorder) Get(arg0, arg1, arg2 interface{}) *gomock.Call + func (mr *MockBackendSGProviderMockRecorder) Release(arg0, arg1, arg2 interface{}) *gomock.Call + type MockNodeInfoProvider struct + func NewMockNodeInfoProvider(ctrl *gomock.Controller) *MockNodeInfoProvider + func (m *MockNodeInfoProvider) EXPECT() *MockNodeInfoProviderMockRecorder + func (m *MockNodeInfoProvider) FetchNodeInstances(arg0 context.Context, arg1 []*v1.Node) (map[types.NamespacedName]*ec2.Instance, error) + type MockNodeInfoProviderMockRecorder struct + func (mr *MockNodeInfoProviderMockRecorder) FetchNodeInstances(arg0, arg1 interface{}) *gomock.Call + type MockSecurityGroupManager struct + func NewMockSecurityGroupManager(ctrl *gomock.Controller) *MockSecurityGroupManager + func (m *MockSecurityGroupManager) AuthorizeSGIngress(arg0 context.Context, arg1 string, arg2 []IPPermissionInfo) error + func (m *MockSecurityGroupManager) EXPECT() *MockSecurityGroupManagerMockRecorder + func (m *MockSecurityGroupManager) FetchSGInfosByID(arg0 context.Context, arg1 []string, arg2 ...FetchSGInfoOption) (map[string]SecurityGroupInfo, error) + func (m *MockSecurityGroupManager) FetchSGInfosByRequest(arg0 context.Context, arg1 *ec2.DescribeSecurityGroupsInput) (map[string]SecurityGroupInfo, error) + func (m *MockSecurityGroupManager) RevokeSGIngress(arg0 context.Context, arg1 string, arg2 []IPPermissionInfo) error + type MockSecurityGroupManagerMockRecorder struct + func (mr *MockSecurityGroupManagerMockRecorder) AuthorizeSGIngress(arg0, arg1, arg2 interface{}) *gomock.Call + func (mr *MockSecurityGroupManagerMockRecorder) FetchSGInfosByID(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call + func (mr *MockSecurityGroupManagerMockRecorder) FetchSGInfosByRequest(arg0, arg1 interface{}) *gomock.Call + func (mr *MockSecurityGroupManagerMockRecorder) RevokeSGIngress(arg0, arg1, arg2 interface{}) *gomock.Call + type MockSecurityGroupResolver struct + func NewMockSecurityGroupResolver(ctrl *gomock.Controller) *MockSecurityGroupResolver + func (m *MockSecurityGroupResolver) EXPECT() *MockSecurityGroupResolverMockRecorder + func (m *MockSecurityGroupResolver) ResolveViaNameOrID(arg0 context.Context, arg1 []string) ([]string, error) + type MockSecurityGroupResolverMockRecorder struct + func (mr *MockSecurityGroupResolverMockRecorder) ResolveViaNameOrID(arg0, arg1 interface{}) *gomock.Call + type MockSubnetsResolver struct + func NewMockSubnetsResolver(ctrl *gomock.Controller) *MockSubnetsResolver + func (m *MockSubnetsResolver) EXPECT() *MockSubnetsResolverMockRecorder + func (m *MockSubnetsResolver) ResolveViaDiscovery(arg0 context.Context, arg1 ...SubnetsResolveOption) ([]*ec2.Subnet, error) + func (m *MockSubnetsResolver) ResolveViaNameOrIDSlice(arg0 context.Context, arg1 []string, arg2 ...SubnetsResolveOption) ([]*ec2.Subnet, error) + func (m *MockSubnetsResolver) ResolveViaSelector(arg0 context.Context, arg1 *v1beta1.SubnetSelector, ...) ([]*ec2.Subnet, error) + type MockSubnetsResolverMockRecorder struct + func (mr *MockSubnetsResolverMockRecorder) ResolveViaDiscovery(arg0 interface{}, arg1 ...interface{}) *gomock.Call + func (mr *MockSubnetsResolverMockRecorder) ResolveViaNameOrIDSlice(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call + func (mr *MockSubnetsResolverMockRecorder) ResolveViaSelector(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call + type MockVPCInfoProvider struct + func NewMockVPCInfoProvider(ctrl *gomock.Controller) *MockVPCInfoProvider + func (m *MockVPCInfoProvider) EXPECT() *MockVPCInfoProviderMockRecorder + func (m *MockVPCInfoProvider) FetchVPCInfo(arg0 context.Context, arg1 string, arg2 ...FetchVPCInfoOption) (VPCInfo, error) + type MockVPCInfoProviderMockRecorder struct + func (mr *MockVPCInfoProviderMockRecorder) FetchVPCInfo(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call + type NodeENIInfoResolver interface + Resolve func(ctx context.Context, nodes []*corev1.Node) (map[types.NamespacedName]ENIInfo, error) + type NodeInfoProvider interface + FetchNodeInstances func(ctx context.Context, nodes []*corev1.Node) (map[types.NamespacedName]*ec2sdk.Instance, error) + type PodENIInfoResolver interface + Resolve func(ctx context.Context, pods []k8s.PodInfo) (map[types.NamespacedName]ENIInfo, error) + type ResourceType string + type SecurityGroupInfo struct + Ingress []IPPermissionInfo + SecurityGroupID string + Tags map[string]string + func NewRawSecurityGroupInfo(sdkSG *ec2sdk.SecurityGroup) SecurityGroupInfo + type SecurityGroupManager interface + AuthorizeSGIngress func(ctx context.Context, sgID string, permissions []IPPermissionInfo) error + FetchSGInfosByID func(ctx context.Context, sgIDs []string, opts ...FetchSGInfoOption) (map[string]SecurityGroupInfo, error) + FetchSGInfosByRequest func(ctx context.Context, req *ec2sdk.DescribeSecurityGroupsInput) (map[string]SecurityGroupInfo, error) + RevokeSGIngress func(ctx context.Context, sgID string, permissions []IPPermissionInfo) error + type SecurityGroupReconcileOption func(opts *SecurityGroupReconcileOptions) + func WithAuthorizeOnly(authorizeOnly bool) SecurityGroupReconcileOption + func WithPermissionSelector(permissionSelector labels.Selector) SecurityGroupReconcileOption + type SecurityGroupReconcileOptions struct + AuthorizeOnly bool + PermissionSelector labels.Selector + func (opts *SecurityGroupReconcileOptions) ApplyOptions(options ...SecurityGroupReconcileOption) + type SecurityGroupReconciler interface + ReconcileIngress func(ctx context.Context, sgID string, desiredPermissions []IPPermissionInfo, ...) error + type SecurityGroupResolver interface + ResolveViaNameOrID func(ctx context.Context, sgNameOrIDs []string) ([]string, error) + type SubnetsResolveOption func(opts *SubnetsResolveOptions) + func WithSubnetsClusterTagCheck(SubnetsClusterTagCheck bool) SubnetsResolveOption + func WithSubnetsResolveAvailableIPAddressCount(AvailableIPAddressCount int64) SubnetsResolveOption + func WithSubnetsResolveLBScheme(lbScheme elbv2model.LoadBalancerScheme) SubnetsResolveOption + func WithSubnetsResolveLBType(lbType elbv2model.LoadBalancerType) SubnetsResolveOption + type SubnetsResolveOptions struct + AvailableIPAddressCount int64 + LBScheme elbv2model.LoadBalancerScheme + LBType elbv2model.LoadBalancerType + SubnetsClusterTagCheck bool + func (opts *SubnetsResolveOptions) ApplyOptions(options []SubnetsResolveOption) + type SubnetsResolver interface + ResolveViaDiscovery func(ctx context.Context, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error) + ResolveViaNameOrIDSlice func(ctx context.Context, subnetNameOrIDs []string, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error) + ResolveViaSelector func(ctx context.Context, selector *elbv2api.SubnetSelector, ...) ([]*ec2sdk.Subnet, error) + type VPCInfo ec2sdk.Vpc + func (vpc *VPCInfo) AssociatedIPv4CIDRs() []string + func (vpc *VPCInfo) AssociatedIPv6CIDRs() []string + type VPCInfoProvider interface + FetchVPCInfo func(ctx context.Context, vpcID string, opts ...FetchVPCInfoOption) (VPCInfo, error)