Documentation
¶
Index ¶
- Variables
- func BuildAPIEnvoyFilterSpecForHelmChart(rule *ACLRule, hosts, alwaysAllowedCIDRs []string, ...) (map[string]interface{}, error)
- func BuildIngressEnvoyFilterSpecForHelmChart(cluster *controller.Cluster, rule *ACLRule, alwaysAllowedCIDRs []string, ...) map[string]interface{}
- func BuildVPNEnvoyFilterSpecForHelmChart(cluster *controller.Cluster, rule *ACLRule, alwaysAllowedCIDRs []string, ...) (map[string]interface{}, error)
- func CreateAPIConfigPatchFromRule(rule *ACLRule, hosts, alwaysAllowedCIDRs []string) (map[string]interface{}, error)
- func CreateIngressConfigPatchFromRule(rule *ACLRule, seedIngressDomain, shootID string, alwaysAllowedCIDRs []string) map[string]interface{}
- func CreateInternalFilterPatchFromRule(rule *ACLRule, alwaysAllowedCIDRs []string, shootSpecificCIDRs []string) (map[string]interface{}, error)
- func CreateVPNConfigPatchFromRule(rule *ACLRule, shortShootID, technicalShootID string, ...) (map[string]interface{}, error)
- type ACLRule
Constants ¶
This section is empty.
Variables ¶
var (
ErrNoHostsGiven = errors.New("no hosts were given, at least one host is needed")
)
Error variables for envoyfilters pkg
Functions ¶
func BuildAPIEnvoyFilterSpecForHelmChart ¶ added in v1.0.0
func BuildAPIEnvoyFilterSpecForHelmChart( rule *ACLRule, hosts, alwaysAllowedCIDRs []string, istioLabels map[string]string, ) (map[string]interface{}, error)
BuildAPIEnvoyFilterSpecForHelmChart assembles EnvoyFilter patches for API server networking for every rule in the extension spec.
func BuildIngressEnvoyFilterSpecForHelmChart ¶ added in v1.1.0
func BuildIngressEnvoyFilterSpecForHelmChart( cluster *controller.Cluster, rule *ACLRule, alwaysAllowedCIDRs []string, istioLabels map[string]string, ) map[string]interface{}
BuildIngressEnvoyFilterSpecForHelmChart assembles EnvoyFilter patches for endpoints using the seed ingress domain.
func BuildVPNEnvoyFilterSpecForHelmChart ¶ added in v1.0.0
func BuildVPNEnvoyFilterSpecForHelmChart( cluster *controller.Cluster, rule *ACLRule, alwaysAllowedCIDRs []string, istioLabels map[string]string, ) (map[string]interface{}, error)
BuildVPNEnvoyFilterSpecForHelmChart assembles EnvoyFilter patches for VPN.
func CreateAPIConfigPatchFromRule ¶ added in v1.0.0
func CreateAPIConfigPatchFromRule( rule *ACLRule, hosts, alwaysAllowedCIDRs []string, ) (map[string]interface{}, error)
CreateAPIConfigPatchFromRule combines an ACLRule, the first entry of the hosts list and the alwaysAllowedCIDRs into a network filter patch that can be applied to the `GATEWAY` network filter chain matching the host.
func CreateIngressConfigPatchFromRule ¶ added in v1.1.0
func CreateIngressConfigPatchFromRule( rule *ACLRule, seedIngressDomain, shootID string, alwaysAllowedCIDRs []string, ) map[string]interface{}
CreateIngressConfigPatchFromRule creates a network filter patch that can be applied to the `GATEWAY` network filter chain matching the wildcard ingress domain.
func CreateInternalFilterPatchFromRule ¶ added in v1.0.0
func CreateInternalFilterPatchFromRule( rule *ACLRule, alwaysAllowedCIDRs []string, shootSpecificCIDRs []string, ) (map[string]interface{}, error)
CreateInternalFilterPatchFromRule combines an ACLRule, the alwaysAllowedCIDRs, and the shootSpecificCIDRs into a filter patch.
func CreateVPNConfigPatchFromRule ¶ added in v1.0.0
func CreateVPNConfigPatchFromRule(rule *ACLRule, shortShootID, technicalShootID string, alwaysAllowedCIDRs []string, ) (map[string]interface{}, error)
CreateVPNConfigPatchFromRule creates an HTTP filter patch that can be applied to the `GATEWAY` HTTP filter chain for the VPN.
Types ¶
type ACLRule ¶
type ACLRule struct {
// Cidrs contains a list of CIDR blocks to which the ACL rule applies
Cidrs []string `json:"cidrs"`
// Action defines if the rule is a DENY or an ALLOW rule
Action string `json:"action"`
// Type can either be "source_ip", "direct_remote_ip" or "remote_ip"
Type string `json:"type"`
}
ACLRule contains a single ACL rule, consisting of a list of CIDRs, an action and a rule type.
Source Files