envoyfilters

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 3, 2023 License: Apache-2.0, MIT Imports: 3 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNoHostsGiven = errors.New("no hosts were given, at least one host is needed")
)

Functions

This section is empty.

Types

type ACLMapping

type ACLMapping struct {
	ShootName string  `json:"shootName"`
	Rule      ACLRule `json:"rule"`
}

type ACLRule

type ACLRule struct {
	// Cidrs contains a list of CIDR blocks to which the ACL rule applies
	Cidrs []string `json:"cidrs"`
	// Action defines if the rule is a DENY or an ALLOW rule
	Action string `json:"action"`
	// Type can either be "source_ip", "direct_remote_ip" or "remote_ip"
	Type string `json:"type"`
}

type EnvoyFilterService

type EnvoyFilterService struct{}

func (*EnvoyFilterService) BuildAPIEnvoyFilterSpecForHelmChart

func (e *EnvoyFilterService) BuildAPIEnvoyFilterSpecForHelmChart(
	rule *ACLRule, hosts, alwaysAllowedCIDRs []string,
) (map[string]interface{}, error)

BuildAPIEnvoyFilterSpecForHelmChart assembles EnvoyFilter patches for API server networking for every rule in the extension spec.

func (*EnvoyFilterService) BuildVPNEnvoyFilterSpecForHelmChart

func (e *EnvoyFilterService) BuildVPNEnvoyFilterSpecForHelmChart(
	mappings []ACLMapping, alwaysAllowedCIDRs []string,
) (map[string]interface{}, error)

BuildVPNEnvoyFilterSpecForHelmChart assembles a single EnvoyFilter for all shoots on the seed, due to the fact that we can't create one EnvoyFilter per shoot - this doesn't work because all the VPN traffic flows through the same filter.

We use the technical ID of the shoot for the VPN rule, which is de facto the same as the seed namespace of the shoot. (Gardener uses the seedNamespace value in the botanist vpnshoot task.)

func (*EnvoyFilterService) CreateAPIConfigPatchFromRule

func (e *EnvoyFilterService) CreateAPIConfigPatchFromRule(
	rule *ACLRule, hosts, alwaysAllowedCIDRs []string,
) (map[string]interface{}, error)

func (*EnvoyFilterService) CreateInternalFilterPatchFromRule

func (e *EnvoyFilterService) CreateInternalFilterPatchFromRule(rule *ACLRule, alwaysAllowedCIDRs []string) (map[string]interface{}, error)

func (*EnvoyFilterService) CreateVPNConfigPatchFromRule

func (e *EnvoyFilterService) CreateVPNConfigPatchFromRule(
	mappings []ACLMapping, alwaysAllowedCIDRs []string,
) (map[string]interface{}, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL