aws

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2017 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source
const DefaultMaxEBSVolumes = 39

Amazon recommends having no more that 40 volumes attached to an instance, and at least one of those is for the system root volume. See http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/volume_limits.html#linux-specific-volume-limits

View Source
const DefaultVolumeType = "gp2"

Default volume type for newly created Volumes TODO: Remove when user/admin can configure volume types and thus we don't need hardcoded defaults.

View Source
const MaxReadThenCreateRetries = 30

We sometimes read to see if something exists; then try to create it if we didn't find it This can fail once in a consistent system if done in parallel In an eventually consistent system, it could fail unboundedly MaxReadThenCreateRetries sets the maximum number of attempts we will make

View Source
const ProviderName = "aws"
View Source
const ProxyProtocolPolicyName = "k8s-proxyprotocol-enabled"
View Source
const ServiceAnnotationLoadBalancerBEProtocol = "service.beta.kubernetes.io/aws-load-balancer-backend-protocol"

Service annotation specifying the protocol spoken by the backend (pod) behind a secure listener. Only inspected when `aws-load-balancer-ssl-cert` is used. If `http` (default) or `https`, an HTTPS listener that terminates the connection and parses headers is created. If set to `ssl` or `tcp`, a "raw" SSL listener is used.

View Source
const ServiceAnnotationLoadBalancerCertificate = "service.beta.kubernetes.io/aws-load-balancer-ssl-cert"

Service annotation requesting a secure listener. Value is a valid certificate ARN. For more, see http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-listener-config.html CertARN is an IAM or CM certificate ARN, e.g. arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012

View Source
const ServiceAnnotationLoadBalancerInternal = "service.beta.kubernetes.io/aws-load-balancer-internal"

Annotation used on the service to indicate that we want an internal ELB. Currently we accept only the value "0.0.0.0/0" - other values are an error. This lets us define more advanced semantics in future.

View Source
const ServiceAnnotationLoadBalancerProxyProtocol = "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol"

Annotation used on the service to enable the proxy protocol on an ELB. Right now we only accept the value "*" which means enable the proxy protocol on all ELB backends. In the future we could adjust this to allow setting the proxy protocol only on certain backends.

View Source
const ServiceAnnotationLoadBalancerSSLPorts = "service.beta.kubernetes.io/aws-load-balancer-ssl-ports"

Service annotation specifying a comma-separated list of ports that will use SSL/HTTPS listeners. Defaults to '*' (all).

View Source
const TagNameKubernetesCluster = "KubernetesCluster"

The tag name we use to differentiate multiple logically independent clusters running in the same AZ

View Source
const TagNameKubernetesService = "kubernetes.io/service-name"

The tag name we use to differentiate multiple services. Used currently for ELBs only.

View Source
const TagNameSubnetInternalELB = "kubernetes.io/role/internal-elb"

The tag name used on a subnet to designate that it should be used for internal ELBs

View Source
const TagNameSubnetPublicELB = "kubernetes.io/role/elb"

The tag name used on a subnet to designate that it should be used for internet ELBs

Variables

This section is empty.

Functions

func ResizeInstanceGroup added in v0.4.0

func ResizeInstanceGroup(asg ASG, instanceGroupName string, size int) error

ResizeInstanceGroup sets the size of the specificed instancegroup Exported so it can be used by the e2e tests, which don't want to instantiate a full cloudprovider.

Types

type ASG

This is a simple pass-through of the Autoscaling client interface, which allows for testing

type AWSCloud

type AWSCloud struct {
	// contains filtered or unexported fields
}

AWSCloud is an implementation of Interface, LoadBalancer and Instances for Amazon Web Services.

func (*AWSCloud) AddSSHKeyToAllInstances

func (self *AWSCloud) AddSSHKeyToAllInstances(user string, keyData []byte) error

func (*AWSCloud) AttachDisk

func (c *AWSCloud) AttachDisk(diskName string, instanceName string, readOnly bool) (string, error)

Implements Volumes.AttachDisk

func (*AWSCloud) Clusters

func (aws *AWSCloud) Clusters() (cloudprovider.Clusters, bool)

func (*AWSCloud) CreateDisk added in v0.4.0

func (s *AWSCloud) CreateDisk(volumeOptions *VolumeOptions) (string, error)

CreateDisk implements Volumes.CreateDisk

func (*AWSCloud) CreateRoute

func (s *AWSCloud) CreateRoute(clusterName string, nameHint string, route *cloudprovider.Route) error

CreateRoute implements Routes.CreateRoute Create the described route

func (*AWSCloud) CurrentNodeName

func (c *AWSCloud) CurrentNodeName(hostname string) (string, error)

func (*AWSCloud) DeleteDisk added in v0.4.0

func (c *AWSCloud) DeleteDisk(volumeName string) (bool, error)

Implements Volumes.DeleteDisk

func (*AWSCloud) DeleteRoute

func (s *AWSCloud) DeleteRoute(clusterName string, route *cloudprovider.Route) error

DeleteRoute implements Routes.DeleteRoute Delete the specified route

func (*AWSCloud) DescribeInstanceGroup

func (a *AWSCloud) DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error)

Implement InstanceGroups.DescribeInstanceGroup Queries the cloud provider for information about the specified instance group

func (*AWSCloud) DetachDisk

func (aws *AWSCloud) DetachDisk(diskName string, instanceName string) (string, error)

Implements Volumes.DetachDisk

func (*AWSCloud) DiskIsAttached added in v1.3.0

func (c *AWSCloud) DiskIsAttached(diskName, instanceID string) (bool, error)

Implement Volumes.DiskIsAttached

func (*AWSCloud) EnsureLoadBalancer added in v0.3.0

func (s *AWSCloud) EnsureLoadBalancer(apiService *api.Service, hosts []string) (*api.LoadBalancerStatus, error)

EnsureLoadBalancer implements LoadBalancer.EnsureLoadBalancer

func (*AWSCloud) EnsureLoadBalancerDeleted added in v0.3.0

func (s *AWSCloud) EnsureLoadBalancerDeleted(service *api.Service) error

EnsureLoadBalancerDeleted implements LoadBalancer.EnsureLoadBalancerDeleted.

func (*AWSCloud) ExternalID

func (c *AWSCloud) ExternalID(name string) (string, error)

ExternalID returns the cloud provider ID of the specified instance (deprecated).

func (*AWSCloud) GetDiskPath added in v1.3.0

func (c *AWSCloud) GetDiskPath(volumeName string) (string, error)

Implement Volumes.GetDiskPath

func (*AWSCloud) GetLoadBalancer added in v0.3.0

func (s *AWSCloud) GetLoadBalancer(service *api.Service) (*api.LoadBalancerStatus, bool, error)

GetLoadBalancer is an implementation of LoadBalancer.GetLoadBalancer

func (*AWSCloud) GetVolumeLabels added in v0.3.0

func (c *AWSCloud) GetVolumeLabels(volumeName string) (map[string]string, error)

Implements Volumes.GetVolumeLabels

func (*AWSCloud) GetZone

func (c *AWSCloud) GetZone() (cloudprovider.Zone, error)

GetZone implements Zones.GetZone

func (*AWSCloud) InstanceID

func (c *AWSCloud) InstanceID(name string) (string, error)

InstanceID returns the cloud provider ID of the specified instance.

func (*AWSCloud) InstanceType added in v0.4.0

func (c *AWSCloud) InstanceType(name string) (string, error)

InstanceType returns the type of the specified instance.

func (*AWSCloud) Instances

func (aws *AWSCloud) Instances() (cloudprovider.Instances, bool)

Instances returns an implementation of Instances for Amazon Web Services.

func (*AWSCloud) List

func (aws *AWSCloud) List(filter string) ([]string, error)

List is an implementation of Instances.List.

func (*AWSCloud) ListRoutes

func (s *AWSCloud) ListRoutes(clusterName string) ([]*cloudprovider.Route, error)

ListRoutes implements Routes.ListRoutes List all routes that match the filter

func (*AWSCloud) LoadBalancer added in v0.3.0

func (s *AWSCloud) LoadBalancer() (cloudprovider.LoadBalancer, bool)

LoadBalancer returns an implementation of LoadBalancer for Amazon Web Services.

func (*AWSCloud) NodeAddresses

func (c *AWSCloud) NodeAddresses(name string) ([]api.NodeAddress, error)

NodeAddresses is an implementation of Instances.NodeAddresses.

func (*AWSCloud) ProviderName

func (aws *AWSCloud) ProviderName() string

ProviderName returns the cloud provider ID.

func (*AWSCloud) ResizeInstanceGroup

func (a *AWSCloud) ResizeInstanceGroup(instanceGroupName string, size int) error

Implement InstanceGroups.ResizeInstanceGroup Set the size to the fixed size

func (*AWSCloud) Routes

func (aws *AWSCloud) Routes() (cloudprovider.Routes, bool)

Routes returns an implementation of Routes for Amazon Web Services.

func (*AWSCloud) ScrubDNS added in v0.3.0

func (aws *AWSCloud) ScrubDNS(nameservers, searches []string) (nsOut, srchOut []string)

ScrubDNS filters DNS settings for pods.

func (*AWSCloud) UpdateLoadBalancer added in v0.3.0

func (s *AWSCloud) UpdateLoadBalancer(service *api.Service, hosts []string) error

UpdateLoadBalancer implements LoadBalancer.UpdateLoadBalancer

func (*AWSCloud) Zones

func (aws *AWSCloud) Zones() (cloudprovider.Zones, bool)

Zones returns an implementation of Zones for Amazon Web Services.

type AWSCloudConfig

type AWSCloudConfig struct {
	Global struct {
		// TODO: Is there any use for this?  We can get it from the instance metadata service
		// Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful
		Zone string

		KubernetesClusterTag string

		//The aws provider creates an inbound rule per load balancer on the node security
		//group. However, this can run into the AWS security group rule limit of 50 if
		//many LoadBalancers are created.
		//
		//This flag disables the automatic ingress creation. It requires that the user
		//has setup a rule that allows inbound traffic on kubelet ports from the
		//local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000.
		DisableSecurityGroupIngress bool
	}
}

type AWSServices

type AWSServices interface {
	Compute(region string) (EC2, error)
	LoadBalancing(region string) (ELB, error)
	Autoscaling(region string) (ASG, error)
	Metadata() (EC2Metadata, error)
}

Abstraction over AWS, to allow mocking/other implementations

type Backoff added in v0.4.0

type Backoff struct {
	// contains filtered or unexported fields
}

Backoff manages a backoff that varies based on the recently observed failures

func (*Backoff) ComputeDelayForRequest added in v0.4.0

func (b *Backoff) ComputeDelayForRequest(now time.Time) time.Duration

Computes the delay required for a request, also updating internal state to count this request

func (*Backoff) ReportError added in v0.4.0

func (b *Backoff) ReportError()

Called when we observe a throttling error

type CrossRequestRetryDelay added in v0.4.0

type CrossRequestRetryDelay struct {
	// contains filtered or unexported fields
}

CrossRequestRetryDelay inserts delays before AWS calls, when we are observing RequestLimitExceeded errors Note that we share a CrossRequestRetryDelay across multiple AWS requests; this is a process-wide back-off, whereas the aws-sdk-go implements a per-request exponential backoff/retry

func NewCrossRequestRetryDelay added in v0.4.0

func NewCrossRequestRetryDelay() *CrossRequestRetryDelay

Create a new CrossRequestRetryDelay

func (*CrossRequestRetryDelay) AfterRetry added in v0.4.0

func (c *CrossRequestRetryDelay) AfterRetry(r *request.Request)

Added to the AfterRetry chain; called after any error

func (*CrossRequestRetryDelay) BeforeSign added in v0.4.0

func (c *CrossRequestRetryDelay) BeforeSign(r *request.Request)

Added to the Sign chain; called before each request

type EC2

type EC2 interface {
	// Query EC2 for instances matching the filter
	DescribeInstances(request *ec2.DescribeInstancesInput) ([]*ec2.Instance, error)

	// Attach a volume to an instance
	AttachVolume(*ec2.AttachVolumeInput) (*ec2.VolumeAttachment, error)
	// Detach a volume from an instance it is attached to
	DetachVolume(request *ec2.DetachVolumeInput) (resp *ec2.VolumeAttachment, err error)
	// Lists volumes
	DescribeVolumes(request *ec2.DescribeVolumesInput) ([]*ec2.Volume, error)
	// Create an EBS volume
	CreateVolume(request *ec2.CreateVolumeInput) (resp *ec2.Volume, err error)
	// Delete an EBS volume
	DeleteVolume(*ec2.DeleteVolumeInput) (*ec2.DeleteVolumeOutput, error)

	DescribeSecurityGroups(request *ec2.DescribeSecurityGroupsInput) ([]*ec2.SecurityGroup, error)

	CreateSecurityGroup(*ec2.CreateSecurityGroupInput) (*ec2.CreateSecurityGroupOutput, error)
	DeleteSecurityGroup(request *ec2.DeleteSecurityGroupInput) (*ec2.DeleteSecurityGroupOutput, error)

	AuthorizeSecurityGroupIngress(*ec2.AuthorizeSecurityGroupIngressInput) (*ec2.AuthorizeSecurityGroupIngressOutput, error)
	RevokeSecurityGroupIngress(*ec2.RevokeSecurityGroupIngressInput) (*ec2.RevokeSecurityGroupIngressOutput, error)

	DescribeSubnets(*ec2.DescribeSubnetsInput) ([]*ec2.Subnet, error)

	CreateTags(*ec2.CreateTagsInput) (*ec2.CreateTagsOutput, error)

	DescribeRouteTables(request *ec2.DescribeRouteTablesInput) ([]*ec2.RouteTable, error)
	CreateRoute(request *ec2.CreateRouteInput) (*ec2.CreateRouteOutput, error)
	DeleteRoute(request *ec2.DeleteRouteInput) (*ec2.DeleteRouteOutput, error)

	ModifyInstanceAttribute(request *ec2.ModifyInstanceAttributeInput) (*ec2.ModifyInstanceAttributeOutput, error)
}

TODO: Should we rename this to AWS (EBS & ELB are not technically part of EC2) Abstraction over EC2, to allow mocking/other implementations Note that the DescribeX functions return a list, so callers don't need to deal with paging

type EC2Metadata

type EC2Metadata interface {
	// Query the EC2 metadata service (used to discover instance-id etc)
	GetMetadata(path string) (string, error)
}

Abstraction over the AWS metadata service

type ELB

type ELB interface {
	CreateLoadBalancer(*elb.CreateLoadBalancerInput) (*elb.CreateLoadBalancerOutput, error)
	DeleteLoadBalancer(*elb.DeleteLoadBalancerInput) (*elb.DeleteLoadBalancerOutput, error)
	DescribeLoadBalancers(*elb.DescribeLoadBalancersInput) (*elb.DescribeLoadBalancersOutput, error)
	RegisterInstancesWithLoadBalancer(*elb.RegisterInstancesWithLoadBalancerInput) (*elb.RegisterInstancesWithLoadBalancerOutput, error)
	DeregisterInstancesFromLoadBalancer(*elb.DeregisterInstancesFromLoadBalancerInput) (*elb.DeregisterInstancesFromLoadBalancerOutput, error)
	CreateLoadBalancerPolicy(*elb.CreateLoadBalancerPolicyInput) (*elb.CreateLoadBalancerPolicyOutput, error)
	SetLoadBalancerPoliciesForBackendServer(*elb.SetLoadBalancerPoliciesForBackendServerInput) (*elb.SetLoadBalancerPoliciesForBackendServerOutput, error)

	DetachLoadBalancerFromSubnets(*elb.DetachLoadBalancerFromSubnetsInput) (*elb.DetachLoadBalancerFromSubnetsOutput, error)
	AttachLoadBalancerToSubnets(*elb.AttachLoadBalancerToSubnetsInput) (*elb.AttachLoadBalancerToSubnetsOutput, error)

	CreateLoadBalancerListeners(*elb.CreateLoadBalancerListenersInput) (*elb.CreateLoadBalancerListenersOutput, error)
	DeleteLoadBalancerListeners(*elb.DeleteLoadBalancerListenersInput) (*elb.DeleteLoadBalancerListenersOutput, error)

	ApplySecurityGroupsToLoadBalancer(*elb.ApplySecurityGroupsToLoadBalancerInput) (*elb.ApplySecurityGroupsToLoadBalancerOutput, error)

	ConfigureHealthCheck(*elb.ConfigureHealthCheckInput) (*elb.ConfigureHealthCheckOutput, error)
}

This is a simple pass-through of the ELB client interface, which allows for testing

type IPPermissionSet added in v0.4.0

type IPPermissionSet map[string]*ec2.IpPermission

func NewIPPermissionSet added in v0.4.0

func NewIPPermissionSet(items ...*ec2.IpPermission) IPPermissionSet

func (IPPermissionSet) Difference added in v0.4.0

Difference returns a set of objects that are not in s2 For example: s1 = {a1, a2, a3} s2 = {a1, a2, a4, a5} s1.Difference(s2) = {a3} s2.Difference(s1) = {a4, a5}

func (IPPermissionSet) Equal added in v0.4.0

func (s1 IPPermissionSet) Equal(s2 IPPermissionSet) bool

Equal returns true if and only if s1 is equal (as a set) to s2. Two sets are equal if their membership is identical. (In practice, this means same elements, order doesn't matter)

func (IPPermissionSet) Insert added in v0.4.0

func (s IPPermissionSet) Insert(items ...*ec2.IpPermission)

Insert adds items to the set.

func (IPPermissionSet) IsSuperset added in v0.4.0

func (s1 IPPermissionSet) IsSuperset(s2 IPPermissionSet) bool

IsSuperset returns true if and only if s1 is a superset of s2.

func (IPPermissionSet) Len added in v0.4.0

func (s IPPermissionSet) Len() int

Len returns the size of the set.

func (IPPermissionSet) List added in v0.4.0

func (s IPPermissionSet) List() []*ec2.IpPermission

List returns the contents as a slice. Order is not defined.

func (IPPermissionSet) Ungroup added in v0.4.0

func (s IPPermissionSet) Ungroup() IPPermissionSet

Ungroup splits permissions out into individual permissions EC2 will combine permissions with the same port but different SourceRanges together, for example We ungroup them so we can process them

type InstanceGroupInfo

type InstanceGroupInfo interface {
	// The number of instances currently running under control of this group
	CurrentSize() (int, error)
}

InstanceGroupInfo is returned by InstanceGroups.Describe, and exposes information about the group.

func DescribeInstanceGroup added in v0.4.0

func DescribeInstanceGroup(asg ASG, instanceGroupName string) (InstanceGroupInfo, error)

DescribeInstanceGroup gets info about the specified instancegroup Exported so it can be used by the e2e tests, which don't want to instantiate a full cloudprovider.

type InstanceGroups

type InstanceGroups interface {
	// Set the size to the fixed size
	ResizeInstanceGroup(instanceGroupName string, size int) error
	// Queries the cloud provider for information about the specified instance group
	DescribeInstanceGroup(instanceGroupName string) (InstanceGroupInfo, error)
}

InstanceGroups is an interface for managing cloud-managed instance groups / autoscaling instance groups TODO: Allow other clouds to implement this

type VolumeOptions

type VolumeOptions struct {
	CapacityGB int
	Tags       map[string]string
	PVCName    string
}

type Volumes

type Volumes interface {
	// Attach the disk to the specified instance
	// instanceName can be empty to mean "the instance on which we are running"
	// Returns the device (e.g. /dev/xvdf) where we attached the volume
	AttachDisk(diskName string, instanceName string, readOnly bool) (string, error)
	// Detach the disk from the specified instance
	// instanceName can be empty to mean "the instance on which we are running"
	// Returns the device where the volume was attached
	DetachDisk(diskName string, instanceName string) (string, error)

	// Create a volume with the specified options
	CreateDisk(volumeOptions *VolumeOptions) (volumeName string, err error)
	// Delete the specified volume
	// Returns true iff the volume was deleted
	// If the was not found, returns (false, nil)
	DeleteDisk(volumeName string) (bool, error)

	// Get labels to apply to volume on creation
	GetVolumeLabels(volumeName string) (map[string]string, error)

	// Get volume's disk path from volume name
	// return the device path where the volume is attached
	GetDiskPath(volumeName string) (string, error)

	// Check if the volume is already attached to the instance
	DiskIsAttached(diskName, instanceID string) (bool, error)
}

Volumes is an interface for managing cloud-provisioned volumes TODO: Allow other clouds to implement this

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL