networking

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2023 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Overview

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Package networking is a generated GoMock package.

Index

Constants

View Source
const (
	ResourceTypeIngress = "ingress"
	ResourceTypeService = "service"
)
View Source
const (
	TagKeySubnetInternalELB = "kubernetes.io/role/internal-elb"
	TagKeySubnetPublicELB   = "kubernetes.io/role/elb"
)

Variables

This section is empty.

Functions

func FilterIPsWithinCIDRs

func FilterIPsWithinCIDRs(ips []netip.Addr, cidrs []netip.Prefix) []netip.Addr

FilterIPsWithinCIDRs returns IP addresses that were within specified CIDRs.

func GetSubnetAssociatedIPv4CIDRs

func GetSubnetAssociatedIPv4CIDRs(subnet *ec2sdk.Subnet) ([]netip.Prefix, error)

GetSubnetAssociatedIPv4CIDRs returns the IPv4 CIDRs associated with EC2 subnet

func GetSubnetAssociatedIPv6CIDRs

func GetSubnetAssociatedIPv6CIDRs(subnet *ec2sdk.Subnet) ([]netip.Prefix, error)

GetSubnetAssociatedIPv6CIDRs returns the IPv6 CIDRs associated with EC2 subnet

func IsIPWithinCIDRs

func IsIPWithinCIDRs(ip netip.Addr, cidrs []netip.Prefix) bool

IsIPWithinCIDRs checks whether specific IP is in IPv4 CIDR or IPv6 CIDRs.

func NewBackendSGProvider

func NewBackendSGProvider(clusterName string, backendSG string, vpcID string,
	ec2Client services.EC2, k8sClient client.Client, defaultTags map[string]string, logger logr.Logger) *defaultBackendSGProvider

NewBackendSGProvider constructs a new defaultBackendSGProvider

func NewDefaultAZInfoProvider

func NewDefaultAZInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultAZInfoProvider

NewDefaultAZInfoProvider constructs new defaultAZInfoProvider.

func NewDefaultNodeENIInfoResolver

func NewDefaultNodeENIInfoResolver(nodeInfoProvider NodeInfoProvider, logger logr.Logger) *defaultNodeENIInfoResolver

NewDefaultNodeENIInfoResolver constructs new defaultNodeENIInfoResolver.

func NewDefaultNodeInfoProvider

func NewDefaultNodeInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultNodeInfoProvider

NewDefaultNodeInfoProvider constructs new defaultNodeInfoProvider.

func NewDefaultPodENIInfoResolver

func NewDefaultPodENIInfoResolver(k8sClient client.Client, ec2Client services.EC2, nodeInfoProvider NodeInfoProvider, vpcID string, logger logr.Logger) *defaultPodENIInfoResolver

NewDefaultPodENIInfoResolver constructs new defaultPodENIInfoResolver.

func NewDefaultSecurityGroupManager

func NewDefaultSecurityGroupManager(ec2Client services.EC2, logger logr.Logger) *defaultSecurityGroupManager

NewDefaultSecurityGroupManager constructs new defaultSecurityGroupManager.

func NewDefaultSecurityGroupReconciler

func NewDefaultSecurityGroupReconciler(sgManager SecurityGroupManager, logger logr.Logger) *defaultSecurityGroupReconciler

NewDefaultSecurityGroupReconciler constructs new defaultSecurityGroupReconciler.

func NewDefaultSecurityGroupResolver

func NewDefaultSecurityGroupResolver(ec2Client services.EC2, vpcID string) *defaultSecurityGroupResolver

NewDefaultSecurityGroupResolver constructs new defaultSecurityGroupResolver.

func NewDefaultSubnetsResolver

func NewDefaultSubnetsResolver(azInfoProvider AZInfoProvider, ec2Client services.EC2, vpcID string, clusterName string, logger logr.Logger) *defaultSubnetsResolver

NewDefaultSubnetsResolver constructs new defaultSubnetsResolver.

func NewDefaultVPCInfoProvider

func NewDefaultVPCInfoProvider(ec2Client services.EC2, logger logr.Logger) *defaultVPCInfoProvider

NewDefaultVPCInfoProvider constructs new defaultVPCInfoProvider.

func NewIPPermissionLabelsForRawDescription

func NewIPPermissionLabelsForRawDescription(description string) map[string]string

NewIPPermissionLabelsForRawDescription constructs permission labels from description only.

func ParseCIDRs

func ParseCIDRs(cidrs []string) ([]netip.Prefix, error)

ParseCIDRs will parse CIDRs in string format into parsed IPPrefix

Types

type AZInfoProvider

type AZInfoProvider interface {
	FetchAZInfos(ctx context.Context, availabilityZoneIDs []string) (map[string]ec2sdk.AvailabilityZone, error)
}

AZInfoProvider is responsible for provide AZ info.

type BackendSGProvider

type BackendSGProvider interface {
	// Get returns the backend security group to use
	Get(ctx context.Context, resourceType ResourceType, activeResources []types.NamespacedName) (string, error)
	// Release cleans up the auto-generated backend SG if necessary
	Release(ctx context.Context, resourceType ResourceType, inactiveResources []types.NamespacedName) error
}

BackendSGProvider is responsible for providing backend security groups

type ENIInfo

type ENIInfo struct {
	// ENI's ID
	NetworkInterfaceID string

	// SecurityGroups on ENI
	SecurityGroups []string
}

ENIInfo wraps necessary information about a ENI.

type FetchSGInfoOption

type FetchSGInfoOption func(opts *FetchSGInfoOptions)

func WithReloadIgnoringCache

func WithReloadIgnoringCache() FetchSGInfoOption

WithReloadIgnoringCache is a option that sets the ReloadIgnoringCache to true.

type FetchSGInfoOptions

type FetchSGInfoOptions struct {
	// whether to ignore cache and reload SecurityGroup Info from AWS directly.
	ReloadIgnoringCache bool
}

func (*FetchSGInfoOptions) ApplyOptions

func (opts *FetchSGInfoOptions) ApplyOptions(options ...FetchSGInfoOption)

Apply FetchSGInfoOption options

type FetchVPCInfoOption

type FetchVPCInfoOption func(opts *FetchVPCInfoOptions)

func FetchVPCInfoWithoutCache

func FetchVPCInfoWithoutCache() FetchVPCInfoOption

FetchVPCInfoWithoutCache is an option that sets the ReloadIgnoringCache to true.

type FetchVPCInfoOptions

type FetchVPCInfoOptions struct {
	// whether to ignore cache and reload VPC Info from AWS directly.
	ReloadIgnoringCache bool
}

func (*FetchVPCInfoOptions) ApplyOptions

func (opts *FetchVPCInfoOptions) ApplyOptions(options ...FetchVPCInfoOption)

ApplyOptions applies FetchVPCInfoOption options

type IPPermissionInfo

type IPPermissionInfo struct {
	// the aws sdk permission
	Permission ec2sdk.IpPermission

	// a set of computed labels for IPPermission.
	// we can use labels to select the rules we want to manage.
	Labels map[string]string
}

func NewCIDRIPPermission

func NewCIDRIPPermission(ipProtocol string, fromPort *int64, toPort *int64, cidr string, labels map[string]string) IPPermissionInfo

NewCIDRIPPermission constructs new IPPermissionInfo with CIDR configuration.

func NewCIDRv6IPPermission

func NewCIDRv6IPPermission(ipProtocol string, fromPort *int64, toPort *int64, cidrV6 string, labels map[string]string) IPPermissionInfo

NewCIDRv6IPPermission constructs new IPPermissionInfo with CIDRv6 configuration.

func NewGroupIDIPPermission

func NewGroupIDIPPermission(ipProtocol string, fromPort *int64, toPort *int64, groupID string, labels map[string]string) IPPermissionInfo

NewCIDRv6IPPermission constructs new IPPermissionInfo with groupID configuration.

func NewPrefixListIDPermission

func NewPrefixListIDPermission(ipProtocol string, fromPort *int64, toPort *int64, prefixListID string, labels map[string]string) IPPermissionInfo

NewPrefixListIDPermission constructs new IPPermissionInfo with prefixListID configuration

func NewRawIPPermission

func NewRawIPPermission(sdkPermission ec2sdk.IpPermission) IPPermissionInfo

NewRawIPPermission constructs new IPPermissionInfo with raw ec2SDK's IpPermission object. Note: this IpPermission should be expanded(i.e. only contains one source configuration)

func (*IPPermissionInfo) HashCode

func (perm *IPPermissionInfo) HashCode() string

HashCode returns the hashcode for the IPPermissionInfo. The hashCode should only include the actual permission but not labels/descriptions.

type MockAZInfoProvider

type MockAZInfoProvider struct {
	// contains filtered or unexported fields
}

MockAZInfoProvider is a mock of AZInfoProvider interface.

func NewMockAZInfoProvider

func NewMockAZInfoProvider(ctrl *gomock.Controller) *MockAZInfoProvider

NewMockAZInfoProvider creates a new mock instance.

func (*MockAZInfoProvider) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockAZInfoProvider) FetchAZInfos

func (m *MockAZInfoProvider) FetchAZInfos(arg0 context.Context, arg1 []string) (map[string]ec2.AvailabilityZone, error)

FetchAZInfos mocks base method.

type MockAZInfoProviderMockRecorder

type MockAZInfoProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockAZInfoProviderMockRecorder is the mock recorder for MockAZInfoProvider.

func (*MockAZInfoProviderMockRecorder) FetchAZInfos

func (mr *MockAZInfoProviderMockRecorder) FetchAZInfos(arg0, arg1 interface{}) *gomock.Call

FetchAZInfos indicates an expected call of FetchAZInfos.

type MockBackendSGProvider

type MockBackendSGProvider struct {
	// contains filtered or unexported fields
}

MockBackendSGProvider is a mock of BackendSGProvider interface.

func NewMockBackendSGProvider

func NewMockBackendSGProvider(ctrl *gomock.Controller) *MockBackendSGProvider

NewMockBackendSGProvider creates a new mock instance.

func (*MockBackendSGProvider) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockBackendSGProvider) Get

Get mocks base method.

func (*MockBackendSGProvider) Release

Release mocks base method.

type MockBackendSGProviderMockRecorder

type MockBackendSGProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockBackendSGProviderMockRecorder is the mock recorder for MockBackendSGProvider.

func (*MockBackendSGProviderMockRecorder) Get

func (mr *MockBackendSGProviderMockRecorder) Get(arg0, arg1, arg2 interface{}) *gomock.Call

Get indicates an expected call of Get.

func (*MockBackendSGProviderMockRecorder) Release

func (mr *MockBackendSGProviderMockRecorder) Release(arg0, arg1, arg2 interface{}) *gomock.Call

Release indicates an expected call of Release.

type MockNodeInfoProvider

type MockNodeInfoProvider struct {
	// contains filtered or unexported fields
}

MockNodeInfoProvider is a mock of NodeInfoProvider interface.

func NewMockNodeInfoProvider

func NewMockNodeInfoProvider(ctrl *gomock.Controller) *MockNodeInfoProvider

NewMockNodeInfoProvider creates a new mock instance.

func (*MockNodeInfoProvider) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockNodeInfoProvider) FetchNodeInstances

func (m *MockNodeInfoProvider) FetchNodeInstances(arg0 context.Context, arg1 []*v1.Node) (map[types.NamespacedName]*ec2.Instance, error)

FetchNodeInstances mocks base method.

type MockNodeInfoProviderMockRecorder

type MockNodeInfoProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockNodeInfoProviderMockRecorder is the mock recorder for MockNodeInfoProvider.

func (*MockNodeInfoProviderMockRecorder) FetchNodeInstances

func (mr *MockNodeInfoProviderMockRecorder) FetchNodeInstances(arg0, arg1 interface{}) *gomock.Call

FetchNodeInstances indicates an expected call of FetchNodeInstances.

type MockSecurityGroupManager

type MockSecurityGroupManager struct {
	// contains filtered or unexported fields
}

MockSecurityGroupManager is a mock of SecurityGroupManager interface.

func NewMockSecurityGroupManager

func NewMockSecurityGroupManager(ctrl *gomock.Controller) *MockSecurityGroupManager

NewMockSecurityGroupManager creates a new mock instance.

func (*MockSecurityGroupManager) AuthorizeSGIngress

func (m *MockSecurityGroupManager) AuthorizeSGIngress(arg0 context.Context, arg1 string, arg2 []IPPermissionInfo) error

AuthorizeSGIngress mocks base method.

func (*MockSecurityGroupManager) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockSecurityGroupManager) FetchSGInfosByID

func (m *MockSecurityGroupManager) FetchSGInfosByID(arg0 context.Context, arg1 []string, arg2 ...FetchSGInfoOption) (map[string]SecurityGroupInfo, error)

FetchSGInfosByID mocks base method.

func (*MockSecurityGroupManager) FetchSGInfosByRequest

FetchSGInfosByRequest mocks base method.

func (*MockSecurityGroupManager) RevokeSGIngress

func (m *MockSecurityGroupManager) RevokeSGIngress(arg0 context.Context, arg1 string, arg2 []IPPermissionInfo) error

RevokeSGIngress mocks base method.

type MockSecurityGroupManagerMockRecorder

type MockSecurityGroupManagerMockRecorder struct {
	// contains filtered or unexported fields
}

MockSecurityGroupManagerMockRecorder is the mock recorder for MockSecurityGroupManager.

func (*MockSecurityGroupManagerMockRecorder) AuthorizeSGIngress

func (mr *MockSecurityGroupManagerMockRecorder) AuthorizeSGIngress(arg0, arg1, arg2 interface{}) *gomock.Call

AuthorizeSGIngress indicates an expected call of AuthorizeSGIngress.

func (*MockSecurityGroupManagerMockRecorder) FetchSGInfosByID

func (mr *MockSecurityGroupManagerMockRecorder) FetchSGInfosByID(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call

FetchSGInfosByID indicates an expected call of FetchSGInfosByID.

func (*MockSecurityGroupManagerMockRecorder) FetchSGInfosByRequest

func (mr *MockSecurityGroupManagerMockRecorder) FetchSGInfosByRequest(arg0, arg1 interface{}) *gomock.Call

FetchSGInfosByRequest indicates an expected call of FetchSGInfosByRequest.

func (*MockSecurityGroupManagerMockRecorder) RevokeSGIngress

func (mr *MockSecurityGroupManagerMockRecorder) RevokeSGIngress(arg0, arg1, arg2 interface{}) *gomock.Call

RevokeSGIngress indicates an expected call of RevokeSGIngress.

type MockSecurityGroupResolver

type MockSecurityGroupResolver struct {
	// contains filtered or unexported fields
}

MockSecurityGroupResolver is a mock of SecurityGroupResolver interface.

func NewMockSecurityGroupResolver

func NewMockSecurityGroupResolver(ctrl *gomock.Controller) *MockSecurityGroupResolver

NewMockSecurityGroupResolver creates a new mock instance.

func (*MockSecurityGroupResolver) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockSecurityGroupResolver) ResolveViaNameOrID

func (m *MockSecurityGroupResolver) ResolveViaNameOrID(arg0 context.Context, arg1 []string) ([]string, error)

ResolveViaNameOrID mocks base method.

type MockSecurityGroupResolverMockRecorder

type MockSecurityGroupResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockSecurityGroupResolverMockRecorder is the mock recorder for MockSecurityGroupResolver.

func (*MockSecurityGroupResolverMockRecorder) ResolveViaNameOrID

func (mr *MockSecurityGroupResolverMockRecorder) ResolveViaNameOrID(arg0, arg1 interface{}) *gomock.Call

ResolveViaNameOrID indicates an expected call of ResolveViaNameOrID.

type MockSubnetsResolver

type MockSubnetsResolver struct {
	// contains filtered or unexported fields
}

MockSubnetsResolver is a mock of SubnetsResolver interface.

func NewMockSubnetsResolver

func NewMockSubnetsResolver(ctrl *gomock.Controller) *MockSubnetsResolver

NewMockSubnetsResolver creates a new mock instance.

func (*MockSubnetsResolver) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockSubnetsResolver) ResolveViaDiscovery

func (m *MockSubnetsResolver) ResolveViaDiscovery(arg0 context.Context, arg1 ...SubnetsResolveOption) ([]*ec2.Subnet, error)

ResolveViaDiscovery mocks base method.

func (*MockSubnetsResolver) ResolveViaNameOrIDSlice

func (m *MockSubnetsResolver) ResolveViaNameOrIDSlice(arg0 context.Context, arg1 []string, arg2 ...SubnetsResolveOption) ([]*ec2.Subnet, error)

ResolveViaNameOrIDSlice mocks base method.

func (*MockSubnetsResolver) ResolveViaSelector

func (m *MockSubnetsResolver) ResolveViaSelector(arg0 context.Context, arg1 *v1beta1.SubnetSelector, arg2 ...SubnetsResolveOption) ([]*ec2.Subnet, error)

ResolveViaSelector mocks base method.

type MockSubnetsResolverMockRecorder

type MockSubnetsResolverMockRecorder struct {
	// contains filtered or unexported fields
}

MockSubnetsResolverMockRecorder is the mock recorder for MockSubnetsResolver.

func (*MockSubnetsResolverMockRecorder) ResolveViaDiscovery

func (mr *MockSubnetsResolverMockRecorder) ResolveViaDiscovery(arg0 interface{}, arg1 ...interface{}) *gomock.Call

ResolveViaDiscovery indicates an expected call of ResolveViaDiscovery.

func (*MockSubnetsResolverMockRecorder) ResolveViaNameOrIDSlice

func (mr *MockSubnetsResolverMockRecorder) ResolveViaNameOrIDSlice(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call

ResolveViaNameOrIDSlice indicates an expected call of ResolveViaNameOrIDSlice.

func (*MockSubnetsResolverMockRecorder) ResolveViaSelector

func (mr *MockSubnetsResolverMockRecorder) ResolveViaSelector(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call

ResolveViaSelector indicates an expected call of ResolveViaSelector.

type MockVPCInfoProvider

type MockVPCInfoProvider struct {
	// contains filtered or unexported fields
}

MockVPCInfoProvider is a mock of VPCInfoProvider interface.

func NewMockVPCInfoProvider

func NewMockVPCInfoProvider(ctrl *gomock.Controller) *MockVPCInfoProvider

NewMockVPCInfoProvider creates a new mock instance.

func (*MockVPCInfoProvider) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockVPCInfoProvider) FetchVPCInfo

func (m *MockVPCInfoProvider) FetchVPCInfo(arg0 context.Context, arg1 string, arg2 ...FetchVPCInfoOption) (VPCInfo, error)

FetchVPCInfo mocks base method.

type MockVPCInfoProviderMockRecorder

type MockVPCInfoProviderMockRecorder struct {
	// contains filtered or unexported fields
}

MockVPCInfoProviderMockRecorder is the mock recorder for MockVPCInfoProvider.

func (*MockVPCInfoProviderMockRecorder) FetchVPCInfo

func (mr *MockVPCInfoProviderMockRecorder) FetchVPCInfo(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call

FetchVPCInfo indicates an expected call of FetchVPCInfo.

type NodeENIInfoResolver

type NodeENIInfoResolver interface {
	Resolve(ctx context.Context, nodes []*corev1.Node) (map[types.NamespacedName]ENIInfo, error)
}

NodeENIInfoResolver is responsible for resolve the AWS VPC ENI that supports node network.

type NodeInfoProvider

type NodeInfoProvider interface {
	// FetchNodeInstances provides EC2 instance information per k8s node.
	FetchNodeInstances(ctx context.Context, nodes []*corev1.Node) (map[types.NamespacedName]*ec2sdk.Instance, error)
}

NodeInfoProvider is responsible for providing nodeInfo for nodes. TODO: provide a cached implementation for nodeInfoProvider, it can accepts cachePolicy per function. e.g. when resolve pod's ENI, the cachePolicy can be node contains pod's IP and node's cache is fresher than pod's creationTime.

type PodENIInfoResolver

type PodENIInfoResolver interface {
	// Resolve resolves eniInfo for pods.
	Resolve(ctx context.Context, pods []k8s.PodInfo) (map[types.NamespacedName]ENIInfo, error)
}

PodENIInfoResolver is responsible for resolve the AWS VPC ENI that supports pod network.

type ResourceType

type ResourceType string

type SecurityGroupInfo

type SecurityGroupInfo struct {
	// SecurityGroup's ID.
	SecurityGroupID string

	// Ingress permission for securityGroup.
	Ingress []IPPermissionInfo

	// Tags for securityGroup.
	Tags map[string]string
}

SecurityGroupInfo wraps necessary information about a SecurityGroup.

func NewRawSecurityGroupInfo

func NewRawSecurityGroupInfo(sdkSG *ec2sdk.SecurityGroup) SecurityGroupInfo

NewRawSecurityGroupInfo constructs new SecurityGroupInfo with raw ec2SDK's SecurityGroup object.

type SecurityGroupManager

type SecurityGroupManager interface {
	// FetchSGInfosByID will fetch SecurityGroupInfo with SecurityGroup IDs.
	FetchSGInfosByID(ctx context.Context, sgIDs []string, opts ...FetchSGInfoOption) (map[string]SecurityGroupInfo, error)

	// FetchSGInfosByRequest will fetch SecurityGroupInfo with raw DescribeSecurityGroupsInput request.
	FetchSGInfosByRequest(ctx context.Context, req *ec2sdk.DescribeSecurityGroupsInput) (map[string]SecurityGroupInfo, error)

	// AuthorizeSGIngress will authorize Ingress permissions to SecurityGroup.
	AuthorizeSGIngress(ctx context.Context, sgID string, permissions []IPPermissionInfo) error

	// RevokeSGIngress will revoke Ingress permissions from SecurityGroup.
	RevokeSGIngress(ctx context.Context, sgID string, permissions []IPPermissionInfo) error
}

SecurityGroupManager is an abstraction around EC2's SecurityGroup API.

type SecurityGroupReconcileOption

type SecurityGroupReconcileOption func(opts *SecurityGroupReconcileOptions)

func WithAuthorizeOnly

func WithAuthorizeOnly(authorizeOnly bool) SecurityGroupReconcileOption

WithAuthorizeOnly is a option that sets the AuthorizeOnly.

func WithPermissionSelector

func WithPermissionSelector(permissionSelector labels.Selector) SecurityGroupReconcileOption

WithPermissionSelector is a option that sets the PermissionSelector.

type SecurityGroupReconcileOptions

type SecurityGroupReconcileOptions struct {
	// PermissionSelector defines the selector to identify permissions that should be managed.
	// Permissions that are not managed shouldn't be altered or deleted.
	// By default, it selects every permission.
	PermissionSelector labels.Selector

	// Whether only Authorize permissions.
	// By default, it grants and revoke permission.
	AuthorizeOnly bool
}

configuration options for SecurityGroup Reconcile options.

func (*SecurityGroupReconcileOptions) ApplyOptions

func (opts *SecurityGroupReconcileOptions) ApplyOptions(options ...SecurityGroupReconcileOption)

Apply SecurityGroupReconcileOption options

type SecurityGroupReconciler

type SecurityGroupReconciler interface {
	// ReconcileIngress will reconcile Ingress permission on SecurityGroup to be desiredPermission.
	ReconcileIngress(ctx context.Context, sgID string, desiredPermissions []IPPermissionInfo, opts ...SecurityGroupReconcileOption) error
}

SecurityGroupReconciler manages securityGroup rules on securityGroup.

type SecurityGroupResolver

type SecurityGroupResolver interface {
	// ResolveViaNameOrID resolves security groups from the security group names or the IDs
	ResolveViaNameOrID(ctx context.Context, sgNameOrIDs []string) ([]string, error)
}

SecurityGroupResolver is responsible for resolving the frontend security groups from the names or IDs

type SubnetsResolveOption

type SubnetsResolveOption func(opts *SubnetsResolveOptions)

func WithSubnetsClusterTagCheck

func WithSubnetsClusterTagCheck(SubnetsClusterTagCheck bool) SubnetsResolveOption

WithSubnetsClusterTagCheck generates an option that configures SubnetsClusterTagCheck.

func WithSubnetsResolveAvailableIPAddressCount

func WithSubnetsResolveAvailableIPAddressCount(AvailableIPAddressCount int64) SubnetsResolveOption

WithSubnetsResolveAvailableIPAddressCount generates an option that configures AvailableIPAddressCount.

func WithSubnetsResolveLBScheme

func WithSubnetsResolveLBScheme(lbScheme elbv2model.LoadBalancerScheme) SubnetsResolveOption

WithSubnetsResolveLBScheme generates an option that configures LBScheme.

func WithSubnetsResolveLBType

func WithSubnetsResolveLBType(lbType elbv2model.LoadBalancerType) SubnetsResolveOption

WithSubnetsResolveLBType generates an option that configures LBType.

type SubnetsResolveOptions

type SubnetsResolveOptions struct {
	// The Load Balancer Type.
	// By default, it's ALB.
	LBType elbv2model.LoadBalancerType
	// The Load Balancer Scheme.
	// By default, it's internet-facing.
	LBScheme elbv2model.LoadBalancerScheme
	// count of available ip addresses
	AvailableIPAddressCount int64
	// whether to check the cluster tag
	SubnetsClusterTagCheck bool
}

options for resolve subnets.

func (*SubnetsResolveOptions) ApplyOptions

func (opts *SubnetsResolveOptions) ApplyOptions(options []SubnetsResolveOption)

ApplyOptions applies slice of SubnetsResolveOption.

type SubnetsResolver

type SubnetsResolver interface {
	// ResolveViaDiscovery resolve subnets by auto discover matching subnets.
	// Discovery candidate includes all subnets within the clusterVPC. Additionally,
	//   * for internet-facing Load Balancer, "kubernetes.io/role/elb" tag must be present.
	//   * for internal Load Balancer, "kubernetes.io/role/internal-elb" tag must be present.
	//   * if SubnetsClusterTagCheck is enabled, subnets within the clusterVPC must contain no cluster tag at all
	//     or contain the "kubernetes.io/cluster/<cluster_name>" tag for the current cluster
	// If multiple subnets are found for specific AZ, one subnet is chosen based on the lexical order of subnetID.
	ResolveViaDiscovery(ctx context.Context, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error)

	// ResolveViaSelector resolves subnets using a SubnetSelector.
	ResolveViaSelector(ctx context.Context, selector *elbv2api.SubnetSelector, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error)

	// ResolveViaNameOrIDSlice resolve subnets using subnet name or ID.
	ResolveViaNameOrIDSlice(ctx context.Context, subnetNameOrIDs []string, opts ...SubnetsResolveOption) ([]*ec2sdk.Subnet, error)
}

SubnetsResolver is responsible for resolve EC2 Subnets for Load Balancers.

type VPCInfo

type VPCInfo ec2sdk.Vpc

func (*VPCInfo) AssociatedIPv4CIDRs

func (vpc *VPCInfo) AssociatedIPv4CIDRs() []string

AssociatedIPv4CIDRs computes associated IPv4CIDRs for VPC.

func (*VPCInfo) AssociatedIPv6CIDRs

func (vpc *VPCInfo) AssociatedIPv6CIDRs() []string

AssociatedIPv6CIDRs computes associated IPv6CIDRs for VPC.

type VPCInfoProvider

type VPCInfoProvider interface {
	FetchVPCInfo(ctx context.Context, vpcID string, opts ...FetchVPCInfoOption) (VPCInfo, error)
}

VPCInfoProvider is responsible for providing VPC info.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL