Documentation
¶
Index ¶
- Constants
- type AssociationController
- type ENIInfo
- type InstanceAttachmentController
- func NewInstanceAttachmentController(sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, ...) InstanceAttachmentController
- func NewInstanceAttachmentControllerV1(sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, ...) InstanceAttachmentController
- func NewInstanceAttachmentControllerV2(sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, ...) InstanceAttachmentController
- type LbAttachmentController
- type LbAttachmentInfo
- type NameGenerator
- type NameTagGenerator
- type SecurityGroupController
- type TagGenerator
- type TargetENIsResolver
Constants ¶
View Source
const EC2DescribeNetworkInterfacesFilterLimit = 200
the maximum number of filters in a single describeNetworkInterfaces call.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AssociationController ¶
type AssociationController interface {
// Setup will provides SecurityGroups that should be used by LoadBalancer.
Setup(ctx context.Context, ingKey types.NamespacedName) (LbAttachmentInfo, error)
// Reconcile will configure LB to use specified SecurityGroup in attachmentInfo.
// Also, if managed LoadBalancer SG is used, the SecurityGroups on worker nodes will be adjusted to grant inbound traffic permission to tgGroup.
Reconcile(ctx context.Context, ingKey types.NamespacedName, attachmentInfo LbAttachmentInfo,
lbInstance *elbv2.LoadBalancer, tgGroup tg.TargetGroupGroup) error
// Delete ensures the SecurityGroup created for LB are deleted.
// Also, if managed LB SecurityGroup is used, the SecurityGroups on worker nodes will be adjusted to remove inbound traffic permission from it.
Delete(ctx context.Context, ingKey types.NamespacedName) error
}
AssociationController provides functionality to manage Association
func NewAssociationController ¶
func NewAssociationController(store store.Storer, cloud aws.CloudAPI, tagsController tags.Controller, nameTagGen NameTagGenerator) AssociationController
NewAssociationController constructs a new association controller
type ENIInfo ¶ added in v1.1.4
type ENIInfo struct {
// contains filtered or unexported fields
}
func NewENIInfoViaENI ¶ added in v1.1.4
func NewENIInfoViaENI(eni *ec2.NetworkInterface) ENIInfo
func NewENIInfoViaInstanceENI ¶ added in v1.1.4
func NewENIInfoViaInstanceENI(instanceENI *ec2.InstanceNetworkInterface) ENIInfo
func (*ENIInfo) SecurityGroups ¶ added in v1.1.4
type InstanceAttachmentController ¶
type InstanceAttachmentController interface {
// Reconcile will setup SecurityGroup on worker nodes to allow inbound traffic from LoadBalancer(with lbSGID) to targets in tgGroup.
Reconcile(ctx context.Context, ingKey types.NamespacedName, lbSGID string, tgGroup tg.TargetGroupGroup) error
// Delete will cleanup resources setup in Reconcile.
Delete(ctx context.Context, ingKey types.NamespacedName) error
}
InstanceAttachment manages SecurityGroups on worker nodes.
func NewInstanceAttachmentController ¶ added in v1.1.3
func NewInstanceAttachmentController(sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, nameTagGen NameTagGenerator, store store.Storer, cloud aws.CloudAPI) InstanceAttachmentController
func NewInstanceAttachmentControllerV1 ¶ added in v1.1.3
func NewInstanceAttachmentControllerV1( sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, nameTagGen NameTagGenerator, store store.Storer, cloud aws.CloudAPI) InstanceAttachmentController
func NewInstanceAttachmentControllerV2 ¶ added in v1.1.3
func NewInstanceAttachmentControllerV2( sgController SecurityGroupController, targetENIsResolver TargetENIsResolver, nameTagGen NameTagGenerator, store store.Storer, cloud aws.CloudAPI) InstanceAttachmentController
type LbAttachmentController ¶
type LbAttachmentController interface {
// Reconcile ensures `only specified SecurityGroups` exists in LoadBalancer.
Reconcile(ctx context.Context, lbInstance *elbv2.LoadBalancer, groupIDs []string) error
}
LbAttachmentController controls the LbAttachment
type LbAttachmentInfo ¶
type LbAttachmentInfo struct {
// The managed securityGroupID. It will be empty when securityGroups are external-managed via annotation `alb.ingress.kubernetes.io/security-groups`
ManagedSGID string
// The external provided securityGroupID.
ExternalSGIDs []string
}
Information about securityGroup on LoadBalancer
func (*LbAttachmentInfo) SGIDs ¶ added in v1.1.3
func (i *LbAttachmentInfo) SGIDs() []string
type NameGenerator ¶
type NameGenerator interface {
// NameLBSG generates name for managed securityGroup that will be attached to LoadBalancer.
NameLBSG(namespace string, ingressName string) string
// NameLBSG generates name for managed securityGroup that will be attached to EC2 instances.
NameInstanceSG(namespace string, ingressName string) string
}
NameGenerator provides name generation functionality for sg package.
type NameTagGenerator ¶
type NameTagGenerator interface {
NameGenerator
TagGenerator
}
NameTagGenerator is combination of NameGenerator and TagGenerator
type SecurityGroupController ¶
type SecurityGroupController interface {
// EnsureSGInstance ensures security group with name exists.
EnsureSGInstanceByName(ctx context.Context, name string, description string) (*ec2.SecurityGroup, error)
// Reconcile ensures the securityGroup configuration matches specification.
Reconcile(ctx context.Context, instance *ec2.SecurityGroup, inboundPermissions []*ec2.IpPermission, tags map[string]string) error
}
SecurityGroupController manages configuration on securityGroup.
type TagGenerator ¶
type TagGenerator interface {
// TagLBSG generates tags for managed securityGroup that will be attached to LoadBalancer.
TagLBSG(namespace string, ingressName string) map[string]string
// TagInstanceSG generates tags for managed securityGroup that will be attached to EC2 instances.
TagInstanceSG(namespace string, ingressName string) map[string]string
}
TagGenerator provides tag generation functionality for sg package.
type TargetENIsResolver ¶ added in v1.1.3
type TargetENIsResolver interface {
// Resolve returns ENIs that supports targets for target groups.
Resolve(ctx context.Context, tgGroup tg.TargetGroupGroup) (map[string]ENIInfo, error)
}
TargetENIsResolver resolves the ENIs that supports targets for target groups.
func NewTargetENIsResolver ¶ added in v1.1.3
func NewTargetENIsResolver(store store.Storer, cloud aws.CloudAPI) TargetENIsResolver
Source Files
Click to show internal directories.
Click to hide internal directories.