oci

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 1, 2022 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

Package oci implements an external Kubernetes cloud-provider for Oracle Cloud Infrastructure.

Index

Constants

View Source
const (
	// ServiceAnnotationLoadBalancerInternal is a service annotation for
	// specifying that a load balancer should be internal.
	ServiceAnnotationLoadBalancerInternal = "service.beta.kubernetes.io/oci-load-balancer-internal"

	// ServiceAnnotationLoadBalancerShape is a Service annotation for
	// specifying the Shape of a load balancer. The shape is a template that
	// determines the load balancer's total pre-provisioned maximum capacity
	// (bandwidth) for ingress plus egress traffic. Available shapes include
	// "100Mbps", "400Mbps", "8000Mbps", and "flexible". When using
	// "flexible" ,it is required to also supply
	// ServiceAnnotationLoadBalancerShapeFlexMin and
	// ServiceAnnotationLoadBalancerShapeFlexMax.
	ServiceAnnotationLoadBalancerShape = "service.beta.kubernetes.io/oci-load-balancer-shape"

	// ServiceAnnotationLoadBalancerShapeFlexMin is a Service annotation for
	// specifying the minimum bandwidth in Mbps if the LB shape is flex.
	ServiceAnnotationLoadBalancerShapeFlexMin = "service.beta.kubernetes.io/oci-load-balancer-shape-flex-min"

	// ServiceAnnotationLoadBalancerShapeFlexMax is a Service annotation for
	// specifying the maximum bandwidth in Mbps if the shape is flex.
	ServiceAnnotationLoadBalancerShapeFlexMax = "service.beta.kubernetes.io/oci-load-balancer-shape-flex-max"

	// ServiceAnnotationLoadBalancerSubnet1 is a Service annotation for
	// specifying the first subnet of a load balancer.
	ServiceAnnotationLoadBalancerSubnet1 = "service.beta.kubernetes.io/oci-load-balancer-subnet1"

	// ServiceAnnotationLoadBalancerSubnet2 is a Service annotation for
	// specifying the second subnet of a load balancer.
	ServiceAnnotationLoadBalancerSubnet2 = "service.beta.kubernetes.io/oci-load-balancer-subnet2"

	// ServiceAnnotationLoadBalancerSSLPorts is a Service annotation for
	// specifying the ports to enable SSL termination on the corresponding load
	// balancer listener.
	ServiceAnnotationLoadBalancerSSLPorts = "service.beta.kubernetes.io/oci-load-balancer-ssl-ports"

	// ServiceAnnotationLoadBalancerTLSSecret is a Service annotation for
	// specifying the TLS secret to install on the load balancer listeners which
	// have SSL enabled.
	// See: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
	ServiceAnnotationLoadBalancerTLSSecret = "service.beta.kubernetes.io/oci-load-balancer-tls-secret"

	// ServiceAnnotationLoadBalancerTLSBackendSetSecret is a Service annotation for
	// specifying the generic secret to install on the load balancer listeners which
	// have SSL enabled.
	// See: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
	ServiceAnnotationLoadBalancerTLSBackendSetSecret = "service.beta.kubernetes.io/oci-load-balancer-tls-backendset-secret"

	// ServiceAnnotationLoadBalancerConnectionIdleTimeout is the annotation used
	// on the service to specify the idle connection timeout.
	ServiceAnnotationLoadBalancerConnectionIdleTimeout = "service.beta.kubernetes.io/oci-load-balancer-connection-idle-timeout"

	// ServiceAnnotationLoadBalancerConnectionProxyProtocolVersion is the annotation used
	// on the service to specify the proxy protocol version.
	ServiceAnnotationLoadBalancerConnectionProxyProtocolVersion = "service.beta.kubernetes.io/oci-load-balancer-connection-proxy-protocol-version"

	// ServiceAnnotaionLoadBalancerSecurityListManagementMode is a Service annotation for
	// specifying the security list managment mode ("All", "Frontend", "None") that configures how security lists are managed by the CCM
	ServiceAnnotaionLoadBalancerSecurityListManagementMode = "service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode"

	// ServiceAnnotationLoadBalancerHealthCheckRetries is the annotation used
	// on the service to specify the number of retries to attempt before a backend server is considered "unhealthy".
	ServiceAnnotationLoadBalancerHealthCheckRetries = "service.beta.kubernetes.io/oci-load-balancer-health-check-retries"

	// ServiceAnnotationLoadBalancerHealthCheckInterval is a Service annotation for
	// specifying the interval between health checks, in milliseconds.
	ServiceAnnotationLoadBalancerHealthCheckInterval = "service.beta.kubernetes.io/oci-load-balancer-health-check-interval"

	// ServiceAnnotationLoadBalancerHealthCheckTimeout is a Service annotation for
	// specifying the maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply
	// returns within this timeout period.
	ServiceAnnotationLoadBalancerHealthCheckTimeout = "service.beta.kubernetes.io/oci-load-balancer-health-check-timeout"

	// ServiceAnnotationLoadBalancerBEProtocol is a Service annotation for specifying the
	// load balancer listener backend protocol ("TCP", "HTTP").
	// See: https://docs.cloud.oracle.com/iaas/Content/Balance/Concepts/balanceoverview.htm#concepts
	ServiceAnnotationLoadBalancerBEProtocol = "service.beta.kubernetes.io/oci-load-balancer-backend-protocol"

	// ServiceAnnotationLoadBalancerNetworkSecurityGroup is a service annotation for
	// specifying Network security group Ids for the Loadbalancer
	ServiceAnnotationLoadBalancerNetworkSecurityGroups = "oci.oraclecloud.com/oci-network-security-groups"

	// ServiceAnnotationLoadBalancerPolicy is a service annotation for specifying
	// loadbalancer traffic policy("ROUND_ROBIN", "LEAST_CONNECTION", "IP_HASH")
	ServiceAnnotationLoadBalancerPolicy = "oci.oraclecloud.com/loadbalancer-policy"

	// ServiceAnnotationLoadBalancerInitialDefinedTagsOverride is a service annotation for specifying
	// defined tags on the LB
	ServiceAnnotationLoadBalancerInitialDefinedTagsOverride = "oci.oraclecloud.com/initial-defined-tags-override"

	// ServiceAnnotationLoadBalancerInitialFreeformTagsOverride is a service annotation for specifying
	// freeform tags on the LB
	ServiceAnnotationLoadBalancerInitialFreeformTagsOverride = "oci.oraclecloud.com/initial-freeform-tags-override"
)
View Source
const (
	DefaultLoadBalancerPolicy          = "ROUND_ROBIN"
	RoundRobinLoadBalancerPolicy       = "ROUND_ROBIN"
	LeastConnectionsLoadBalancerPolicy = "LEAST_CONNECTIONS"
	IPHashLoadBalancerPolicy           = "IP_HASH"
)

Defines the traffic policy for load balancers created by the CCM.

View Source
const (
	// ProtocolTCP is the IANA decimal protocol number for the Transmission
	// Control Protocol (TCP).
	ProtocolTCP = 6
	// ProtocolUDP is the IANA decimal protocol number for the User
	// Datagram Protocol (UDP).
	ProtocolUDP = 17
)
View Source
const (
	// ManagementModeAll denotes the management of security list rules for load
	// balancer ingress/egress, health checkers, and worker ingress/egress.
	ManagementModeAll = "All"
	// ManagementModeFrontend denotes the management of security list rules for load
	// balancer ingress only.
	ManagementModeFrontend = "Frontend"
	// ManagementModeNone denotes the management of no security list rules.
	ManagementModeNone = "None"
)
View Source
const (
	// SSLCAFileName is a key name for ca data in the secrets config.
	SSLCAFileName = "ca.crt"
	// SSLCertificateFileName is a key name for certificate data in the secrets config.
	SSLCertificateFileName = "tls.crt"
	// SSLPrivateKeyFileName is a key name for cartificate private key in the secrets config.
	SSLPrivateKeyFileName = "tls.key"
	// SSLPassphrase is a key name for certificate passphrase in the secrets config.
	SSLPassphrase = "passphrase"
)
View Source
const (
	// Create the resource as it doesn't exist yet.
	Create = "create"
	// Update the resource.
	Update = "update"
	// Delete the resource.
	Delete = "delete"
)
View Source
const (
	FaultDomainLabel        = "oci.oraclecloud.com/fault-domain"
	CompartmentIDAnnotation = "oci.oraclecloud.com/compartment-id"
)

metadata labeling for placement info

View Source
const DefaultLoadBalancerBEProtocol = "TCP"

DefaultLoadBalancerBEProtocol defines the default protocol for load balancer listeners created by the CCM.

Variables

This section is empty.

Functions

func DeepEqualLists

func DeepEqualLists(listA, listB []string) bool

DeepEqualLists diffs two slices and returns bool if the slices are equal/not-equal. the duplicates and order of items in both lists is ignored.

func GetLoadBalancerName

func GetLoadBalancerName(service *api.Service) string

GetLoadBalancerName gets the name of the load balancer based on the service

func MapProviderIDToInstanceID

func MapProviderIDToInstanceID(providerID string) (string, error)

MapProviderIDToInstanceID parses the provider id and returns the instance ocid.

func NewCloudProvider

func NewCloudProvider(config *providercfg.Config) (cloudprovider.Interface, error)

NewCloudProvider creates a new oci.CloudProvider.

func NodeInternalIP

func NodeInternalIP(node *api.Node) string

NodeInternalIP returns the nodes internal ip A node managed by the CCM will always have an internal ip since it's not possible to deploy an instance without a private ip.

func ProviderName

func ProviderName() string

ProviderName uniquely identifies the Oracle Bare Metal Cloud Services (OCI) cloud-provider.

func RemoveDuplicatesFromList

func RemoveDuplicatesFromList(list []string) []string

RemoveDuplicatesFromList takes Slice and returns new Slice with no duplicate elements (e.g. if given list is {"a", "b", "a"}, function returns new slice with {"a", "b"}

Types

type Action

type Action interface {
	Type() ActionType
	Name() string
}

Action that should take place on the resource.

type ActionType

type ActionType string

ActionType specifies what action should be taken on the resource.

type BackendSetAction

type BackendSetAction struct {
	Action

	BackendSet loadbalancer.BackendSetDetails

	Ports    portSpec
	OldPorts *portSpec
	// contains filtered or unexported fields
}

BackendSetAction denotes the action that should be taken on the given BackendSet.

func (*BackendSetAction) Name

func (b *BackendSetAction) Name() string

Name of the action's object.

func (*BackendSetAction) String

func (b *BackendSetAction) String() string

func (*BackendSetAction) Type

func (b *BackendSetAction) Type() ActionType

Type of the Action.

type CloudProvider

type CloudProvider struct {
	// NodeLister provides a cache to lookup nodes for deleting a load balancer.
	// Due to limitations in the OCI API around going from an IP to a subnet
	// we use the node lister to go from IP -> node / provider id -> ... -> subnet
	NodeLister listersv1.NodeLister
	// contains filtered or unexported fields
}

CloudProvider is an implementation of the cloud-provider interface for OCI.

func (*CloudProvider) AddSSHKeyToAllInstances

func (cp *CloudProvider) AddSSHKeyToAllInstances(ctx context.Context, user string, keyData []byte) error

AddSSHKeyToAllInstances adds an SSH public key as a legal identity for all instances expected format for the key is standard ssh-keygen format: <protocol> <blob>

func (*CloudProvider) Clusters

func (cp *CloudProvider) Clusters() (cloudprovider.Clusters, bool)

Clusters returns a clusters interface. Also returns true if the interface is supported, false otherwise.

func (*CloudProvider) CurrentNodeName

func (cp *CloudProvider) CurrentNodeName(ctx context.Context, hostname string) (types.NodeName, error)

CurrentNodeName returns the name of the node we are currently running on On most clouds (e.g. GCE) this is the hostname, so we provide the hostname

func (*CloudProvider) EnsureLoadBalancer

func (cp *CloudProvider) EnsureLoadBalancer(ctx context.Context, clusterName string, service *v1.Service, nodes []*v1.Node) (*v1.LoadBalancerStatus, error)

EnsureLoadBalancer creates a new load balancer or updates the existing one. Returns the status of the balancer (i.e it's public IP address if one exists).

func (*CloudProvider) EnsureLoadBalancerDeleted

func (cp *CloudProvider) EnsureLoadBalancerDeleted(ctx context.Context, clusterName string, service *v1.Service) error

EnsureLoadBalancerDeleted deletes the specified load balancer if it exists, returning nil if the load balancer specified either didn't exist or was successfully deleted.

func (*CloudProvider) GetLoadBalancer

func (cp *CloudProvider) GetLoadBalancer(ctx context.Context, clusterName string, service *v1.Service) (*v1.LoadBalancerStatus, bool, error)

GetLoadBalancer returns whether the specified load balancer exists, and if so, what its status is.

func (*CloudProvider) GetLoadBalancerName

func (cp *CloudProvider) GetLoadBalancerName(ctx context.Context, clusterName string, service *v1.Service) string

GetLoadBalancerName returns the name of the loadbalancer

func (*CloudProvider) GetZone

func (cp *CloudProvider) GetZone(ctx context.Context) (cloudprovider.Zone, error)

GetZone returns the Zone containing the current failure zone and locality region that the program is running in.

func (*CloudProvider) GetZoneByNodeName

func (cp *CloudProvider) GetZoneByNodeName(ctx context.Context, nodeName types.NodeName) (cloudprovider.Zone, error)

GetZoneByNodeName returns the Zone containing the current zone and locality region of the node specified by node name This method is particularly used in the context of external cloud providers where node initialization must be down outside the kubelets.

func (*CloudProvider) GetZoneByProviderID

func (cp *CloudProvider) GetZoneByProviderID(ctx context.Context, providerID string) (cloudprovider.Zone, error)

GetZoneByProviderID returns the Zone containing the current zone and locality region of the node specified by providerID This method is particularly used in the context of external cloud providers where node initialization must be down outside the kubelets.

func (*CloudProvider) HasClusterID

func (cp *CloudProvider) HasClusterID() bool

HasClusterID returns true if the cluster has a clusterID.

func (*CloudProvider) Initialize

func (cp *CloudProvider) Initialize(clientBuilder cloudprovider.ControllerClientBuilder, stop <-chan struct{})

Initialize passes a Kubernetes clientBuilder interface to the cloud provider.

func (*CloudProvider) InstanceExistsByProviderID

func (cp *CloudProvider) InstanceExistsByProviderID(ctx context.Context, providerID string) (bool, error)

InstanceExistsByProviderID returns true if the instance for the given provider id still is running. If false is returned with no error, the instance will be immediately deleted by the cloud controller manager.

func (*CloudProvider) InstanceID

func (cp *CloudProvider) InstanceID(ctx context.Context, nodeName types.NodeName) (string, error)

InstanceID returns the cloud provider ID of the node with the specified NodeName.

func (*CloudProvider) InstanceShutdownByProviderID

func (cp *CloudProvider) InstanceShutdownByProviderID(ctx context.Context, providerID string) (bool, error)

InstanceShutdownByProviderID returns true if the instance is shutdown in cloudprovider.

func (*CloudProvider) InstanceType

func (cp *CloudProvider) InstanceType(ctx context.Context, name types.NodeName) (string, error)

InstanceType returns the type of the specified instance.

func (*CloudProvider) InstanceTypeByProviderID

func (cp *CloudProvider) InstanceTypeByProviderID(ctx context.Context, providerID string) (string, error)

InstanceTypeByProviderID returns the type of the specified instance.

func (*CloudProvider) Instances

func (cp *CloudProvider) Instances() (cloudprovider.Instances, bool)

Instances returns an instances interface. Also returns true if the interface is supported, false otherwise.

func (*CloudProvider) InstancesV2

func (cp *CloudProvider) InstancesV2() (cloudprovider.InstancesV2, bool)

func (*CloudProvider) LoadBalancer

func (cp *CloudProvider) LoadBalancer() (cloudprovider.LoadBalancer, bool)

LoadBalancer returns a balancer interface. Also returns true if the interface is supported, false otherwise.

func (*CloudProvider) NodeAddresses

func (cp *CloudProvider) NodeAddresses(ctx context.Context, name types.NodeName) ([]api.NodeAddress, error)

NodeAddresses returns the addresses of the specified instance. TODO(roberthbailey): This currently is only used in such a way that it returns the address of the calling instance. We should do a rename to make this clearer.

func (*CloudProvider) NodeAddressesByProviderID

func (cp *CloudProvider) NodeAddressesByProviderID(ctx context.Context, providerID string) ([]api.NodeAddress, error)

NodeAddressesByProviderID returns the addresses of the specified instance. The instance is specified using the providerID of the node. The ProviderID is a unique identifier of the node. This will not be called from the node whose nodeaddresses are being queried. i.e. local metadata services cannot be used in this method to obtain nodeaddresses.

func (*CloudProvider) ProviderName

func (cp *CloudProvider) ProviderName() string

ProviderName returns the cloud-provider ID.

func (*CloudProvider) Routes

func (cp *CloudProvider) Routes() (cloudprovider.Routes, bool)

Routes returns a routes interface along with whether the interface is supported.

func (*CloudProvider) ScrubDNS

func (cp *CloudProvider) ScrubDNS(nameservers, searches []string) (nsOut, srchOut []string)

ScrubDNS provides an opportunity for cloud-provider-specific code to process DNS settings for pods.

func (*CloudProvider) UpdateLoadBalancer

func (cp *CloudProvider) UpdateLoadBalancer(ctx context.Context, clusterName string, service *v1.Service, nodes []*v1.Node) error

UpdateLoadBalancer : TODO find out where this is called

func (*CloudProvider) Zones

func (cp *CloudProvider) Zones() (cloudprovider.Zones, bool)

Zones returns a zones interface. Also returns true if the interface is supported, false otherwise.

type LBSpec

type LBSpec struct {
	Name           string
	Shape          string
	FlexMin        *int
	FlexMax        *int
	Subnets        []string
	Internal       bool
	Listeners      map[string]loadbalancer.ListenerDetails
	BackendSets    map[string]loadbalancer.BackendSetDetails
	LoadBalancerIP string

	Ports       map[string]portSpec
	SourceCIDRs []string
	SSLConfig   *SSLConfig

	NetworkSecurityGroupIds []string
	FreeformTags            map[string]string
	DefinedTags             map[string]map[string]interface{}
	// contains filtered or unexported fields
}

LBSpec holds the data required to build a OCI load balancer from a kubernetes service.

func NewLBSpec

func NewLBSpec(logger *zap.SugaredLogger, svc *v1.Service, nodes []*v1.Node, subnets []string, sslConfig *SSLConfig, secListFactory securityListManagerFactory, initialLBTags *config.InitialTags) (*LBSpec, error)

NewLBSpec creates a LB Spec from a Kubernetes service and a slice of nodes.

func (*LBSpec) Certificates

func (s *LBSpec) Certificates() (map[string]loadbalancer.CertificateDetails, error)

Certificates builds a map of required SSL certificates.

type ListenerAction

type ListenerAction struct {
	Action

	Listener loadbalancer.ListenerDetails

	Ports    portSpec
	OldPorts *portSpec
	// contains filtered or unexported fields
}

ListenerAction denotes the action that should be taken on the given Listener.

func (*ListenerAction) Name

func (l *ListenerAction) Name() string

Name of the action's object.

func (*ListenerAction) String

func (l *ListenerAction) String() string

func (*ListenerAction) Type

func (l *ListenerAction) Type() ActionType

Type of the Action.

type NodeInfoController

type NodeInfoController struct {
	// contains filtered or unexported fields
}

NodeInfoController helps compute workers in the cluster

func NewNodeInfoController

func NewNodeInfoController(
	nodeInformer coreinformers.NodeInformer,
	kubeClient clientset.Interface,
	cloud *CloudProvider,
	logger *zap.SugaredLogger,
	instanceCache cache.Store,
	ociClient client.Interface) *NodeInfoController

NewNodeInfoController creates a NodeInfoController object

func (*NodeInfoController) Run

func (nic *NodeInfoController) Run(stopCh <-chan struct{})

Run will start the NodeInfoController and manage shutdown

type SSLConfig

type SSLConfig struct {
	Ports sets.Int

	ListenerSSLSecretName      string
	ListenerSSLSecretNamespace string

	BackendSetSSLSecretName      string
	BackendSetSSLSecretNamespace string
	// contains filtered or unexported fields
}

SSLConfig is a description of a SSL certificate.

func NewSSLConfig

func NewSSLConfig(secretListenerString string, secretBackendSetString string, service *v1.Service, ports []int, ssr sslSecretReader) *SSLConfig

NewSSLConfig constructs a new SSLConfig.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL