Documentation
¶
Index ¶
- Constants
- Variables
- func EnsureL4FirewallRule(cloud *gce.Cloud, nsName string, params *FirewallParams, sharedRule bool) error
- func EnsureL4FirewallRuleDeleted(cloud *gce.Cloud, fwName string) error
- func EnsureL4LBFirewallForHc(svc *v1.Service, shared bool, params *FirewallParams, cloud *gce.Cloud, ...) error
- func EnsureL4LBFirewallForNodes(svc *v1.Service, params *FirewallParams, cloud *gce.Cloud, ...) error
- func NewFakeFirewallsProvider(onXPN bool, fwReadOnly bool) *fakeFirewallsProvider
- func NewFirewallAdapter(g *gce.Cloud) *firewallAdapter
- func NewFirewallCR(name string, ports, srcRanges, dstRanges []string, enforced bool) (*v1beta1.GCPFirewall, error)
- type Firewall
- type FirewallCR
- type FirewallController
- type FirewallParams
- type FirewallRules
- type FirewallXPNError
- type SingleFirewallPool
Constants ¶
const ( // DefaultFirewallName is the name to use for firewall rules created // by an L7 controller when --firewall-rule is not used. DefaultFirewallName = "" )
Variables ¶
var (
ErrNoILBIngress = errors.New("no ILB Ingress found")
)
Functions ¶
func EnsureL4FirewallRule ¶ added in v1.15.0
func EnsureL4FirewallRuleDeleted ¶ added in v1.15.0
func EnsureL4LBFirewallForHc ¶ added in v1.15.0
func EnsureL4LBFirewallForHc(svc *v1.Service, shared bool, params *FirewallParams, cloud *gce.Cloud, recorder record.EventRecorder) error
EnsureL4LBFirewallForHc creates or updates firewall rule for shared or non-shared health check to nodes
func EnsureL4LBFirewallForNodes ¶ added in v1.15.0
func EnsureL4LBFirewallForNodes(svc *v1.Service, params *FirewallParams, cloud *gce.Cloud, recorder record.EventRecorder) error
EnsureL4LBFirewallForNodes creates or updates firewall rule for LB traffic to nodes
func NewFakeFirewallsProvider ¶
NewFakeFirewallsProvider creates a fake for firewall rules.
func NewFirewallAdapter ¶ added in v1.19.0
NewFirewallAdapter takes a Cloud and construct a firewallAdapter
func NewFirewallCR ¶ added in v1.23.0
func NewFirewallCR(name string, ports, srcRanges, dstRanges []string, enforced bool) (*v1beta1.GCPFirewall, error)
NewFirewallCR constructs the firewall CR from name, ports and ranges
Types ¶
type Firewall ¶
type Firewall interface {
CreateFirewall(f *compute.Firewall) error
GetFirewall(name string) (*compute.Firewall, error)
DeleteFirewall(name string) error
UpdateFirewall(f *compute.Firewall) error
GetNodeTags(nodeNames []string) ([]string, error)
NetworkProjectID() string
NetworkURL() string
// OnXPN returns true if the GCE NetworkProjectID != ProjectID.
OnXPN() bool
}
Firewall interfaces with the GCE firewall api. This interface is a little different from the rest because it dovetails into the same firewall methods used by the TCPLoadBalancer.
type FirewallCR ¶ added in v1.23.0
type FirewallCR struct {
// contains filtered or unexported fields
}
FirewallRules manages firewall rules.
func (*FirewallCR) GC ¶ added in v1.23.0
func (fr *FirewallCR) GC() error
GCFirewallCR deletes the firewall CR For the upgraded clusters with EnableFirewallCR = true, the firewall CR and the firewall co-exist. We need to delete both of them every time.
type FirewallController ¶ added in v1.3.0
type FirewallController struct {
// contains filtered or unexported fields
}
FirewallController synchronizes the firewall rule for all ingresses.
func NewFirewallController ¶ added in v1.3.0
func NewFirewallController( ctx *context.ControllerContext, portRanges []string, enableCR, disableFWEnforcement bool) *FirewallController
NewFirewallController returns a new firewall controller.
func (*FirewallController) Run ¶ added in v1.3.0
func (fwc *FirewallController) Run()
func (*FirewallController) ToSvcPorts ¶ added in v1.3.0
func (fwc *FirewallController) ToSvcPorts(ings []*v1.Ingress) []utils.ServicePort
ToSvcPorts is a helper method over translator.TranslateIngress to process a list of ingresses. TODO(rramkumar): This is a copy of code in controller.go. Extract this into something shared.
type FirewallParams ¶ added in v1.15.0
type FirewallParams struct {
Name string
IP string
SourceRanges []string
DestinationRanges []string
PortRanges []string
NodeNames []string
Protocol string
L4Type utils.L4LBType
}
FirewallParams holds all data needed to create firewall for L4 LB
type FirewallRules ¶
type FirewallRules struct {
// contains filtered or unexported fields
}
FirewallRules manages firewall rules.
func (*FirewallRules) GC ¶ added in v1.3.0
func (fr *FirewallRules) GC() error
GC deletes the firewall rule.
func (*FirewallRules) GetFirewall ¶
func (fr *FirewallRules) GetFirewall(name string) (*compute.Firewall, error)
GetFirewall just returns the firewall object corresponding to the given name. TODO: Currently only used in testing. Modify so we don't leak compute objects out of this interface by returning just the (src, ports, error).
type FirewallXPNError ¶ added in v1.0.1
func (*FirewallXPNError) Error ¶ added in v1.0.1
func (f *FirewallXPNError) Error() string
type SingleFirewallPool ¶
type SingleFirewallPool interface {
// Sync syncs firewall rules with the cloud
Sync(nodeNames, additionalPorts, additionalRanges []string, allowNodePort bool) error
GC() error
}
SingleFirewallPool syncs the firewall rule for L7 traffic.
func NewFirewallCRPool ¶ added in v1.23.0
func NewFirewallCRPool(client firewallclient.Interface, cloud Firewall, namer *namer_util.Namer, l7SrcRanges []string, nodePortRanges []string, dryRun bool) SingleFirewallPool
NewFirewallPool creates a new firewall rule manager. cloud: the cloud object implementing Firewall. namer: cluster namer.
func NewFirewallPool ¶
func NewFirewallPool(cloud Firewall, namer *namer_util.Namer, l7SrcRanges []string, nodePortRanges []string) SingleFirewallPool
NewFirewallPool creates a new firewall rule manager. cloud: the cloud object implementing Firewall. namer: cluster namer.
Source Files