sg

package

v1.1.9 Latest Latest Go to latest Published: Aug 22, 2020 License: Apache-2.0 Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/aws-alb-ingress-controller

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AssociationController
- func NewAssociationController(store store.Storer, cloud aws.CloudAPI, tagsController tags.Controller, ...) AssociationController
type ENIInfo
- func NewENIInfoViaENI(eni *ec2.NetworkInterface) ENIInfo
- func NewENIInfoViaInstanceENI(instanceENI *ec2.InstanceNetworkInterface) ENIInfo
- func (e *ENIInfo) SecurityGroups() []string
type InstanceAttachmentController
type LbAttachmentController
type LbAttachmentInfo
- func (i *LbAttachmentInfo) SGIDs() []string
type NameGenerator
type NameTagGenerator
type SecurityGroupController
type TagGenerator
type TargetENIsResolver
- func NewTargetENIsResolver(store store.Storer, cloud aws.CloudAPI) TargetENIsResolver

Constants ¶

View Source

const EC2DescribeNetworkInterfacesFilterLimit = 200

the maximum number of filters in a single describeNetworkInterfaces call.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AssociationController ¶

type AssociationController interface {
	// Setup will provides SecurityGroups that should be used by LoadBalancer.
	Setup(ctx context.Context, ingKey types.NamespacedName) (LbAttachmentInfo, error)

	// Reconcile will configure LB to use specified SecurityGroup in attachmentInfo.
	// Also, if managed LoadBalancer SG is used, the SecurityGroups on worker nodes will be adjusted to grant inbound traffic permission to tgGroup.
	Reconcile(ctx context.Context, ingKey types.NamespacedName, attachmentInfo LbAttachmentInfo,
		lbInstance *elbv2.LoadBalancer, tgGroup tg.TargetGroupGroup) error

	// Delete ensures the SecurityGroup created for LB are deleted.
	// Also, if managed LB SecurityGroup is used, the SecurityGroups on worker nodes will be adjusted to remove inbound traffic permission from it.
	Delete(ctx context.Context, ingKey types.NamespacedName) error
}

AssociationController provides functionality to manage Association

func NewAssociationController ¶

func NewAssociationController(store store.Storer, cloud aws.CloudAPI, tagsController tags.Controller, nameTagGen NameTagGenerator) AssociationController

NewAssociationController constructs a new association controller

type ENIInfo ¶ added in v1.1.4

type ENIInfo struct {
	// contains filtered or unexported fields
}

func NewENIInfoViaENI ¶ added in v1.1.4

func NewENIInfoViaENI(eni *ec2.NetworkInterface) ENIInfo

func NewENIInfoViaInstanceENI ¶ added in v1.1.4

func NewENIInfoViaInstanceENI(instanceENI *ec2.InstanceNetworkInterface) ENIInfo

func (*ENIInfo) SecurityGroups ¶ added in v1.1.4

func (e *ENIInfo) SecurityGroups() []string

type InstanceAttachmentController ¶

type InstanceAttachmentController interface {
	// Reconcile will setup SecurityGroup on worker nodes to allow inbound traffic from LoadBalancer(with lbSGID) to targets in tgGroup.
	Reconcile(ctx context.Context, ingKey types.NamespacedName, lbSGID string, tgGroup tg.TargetGroupGroup) error

	// Delete will cleanup resources setup in Reconcile.
	Delete(ctx context.Context, ingKey types.NamespacedName) error
}

InstanceAttachment manages SecurityGroups on worker nodes.

func NewInstanceAttachmentController ¶ added in v1.1.3

func NewInstanceAttachmentController(sgController SecurityGroupController,
	targetENIsResolver TargetENIsResolver,
	nameTagGen NameTagGenerator,
	store store.Storer,
	cloud aws.CloudAPI) InstanceAttachmentController

func NewInstanceAttachmentControllerV1 ¶ added in v1.1.3

func NewInstanceAttachmentControllerV1(
	sgController SecurityGroupController,
	targetENIsResolver TargetENIsResolver,
	nameTagGen NameTagGenerator,
	store store.Storer,
	cloud aws.CloudAPI) InstanceAttachmentController

func NewInstanceAttachmentControllerV2 ¶ added in v1.1.3

func NewInstanceAttachmentControllerV2(
	sgController SecurityGroupController,
	targetENIsResolver TargetENIsResolver,
	nameTagGen NameTagGenerator,
	store store.Storer,
	cloud aws.CloudAPI) InstanceAttachmentController

type LbAttachmentController ¶

type LbAttachmentController interface {
	// Reconcile ensures `only specified SecurityGroups` exists in LoadBalancer.
	Reconcile(ctx context.Context, lbInstance *elbv2.LoadBalancer, groupIDs []string) error
}

LbAttachmentController controls the LbAttachment

type LbAttachmentInfo ¶

type LbAttachmentInfo struct {
	// The managed securityGroupID. It will be empty when securityGroups are external-managed via annotation `alb.ingress.kubernetes.io/security-groups`
	ManagedSGID string

	// The external provided securityGroupID.
	ExternalSGIDs []string
}

Information about securityGroup on LoadBalancer

func (*LbAttachmentInfo) SGIDs ¶ added in v1.1.3

func (i *LbAttachmentInfo) SGIDs() []string

type NameGenerator ¶

type NameGenerator interface {
	// NameLBSG generates name for managed securityGroup that will be attached to LoadBalancer.
	NameLBSG(namespace string, ingressName string) string

	// NameLBSG generates name for managed securityGroup that will be attached to EC2 instances.
	NameInstanceSG(namespace string, ingressName string) string
}

NameGenerator provides name generation functionality for sg package.

type NameTagGenerator ¶

type NameTagGenerator interface {
	NameGenerator
	TagGenerator
}

NameTagGenerator is combination of NameGenerator and TagGenerator

type SecurityGroupController ¶

type SecurityGroupController interface {
	// EnsureSGInstance ensures security group with name exists.
	EnsureSGInstanceByName(ctx context.Context, name string, description string) (*ec2.SecurityGroup, error)

	// Reconcile ensures the securityGroup configuration matches specification.
	Reconcile(ctx context.Context, instance *ec2.SecurityGroup, inboundPermissions []*ec2.IpPermission, tags map[string]string) error
}

SecurityGroupController manages configuration on securityGroup.

type TagGenerator ¶

type TagGenerator interface {
	// TagLBSG generates tags for managed securityGroup that will be attached to LoadBalancer.
	TagLBSG(namespace string, ingressName string) map[string]string

	// TagInstanceSG generates tags for managed securityGroup that will be attached to EC2 instances.
	TagInstanceSG(namespace string, ingressName string) map[string]string
}

TagGenerator provides tag generation functionality for sg package.

type TargetENIsResolver ¶ added in v1.1.3

type TargetENIsResolver interface {
	// Resolve returns ENIs that supports targets for target groups.
	Resolve(ctx context.Context, tgGroup tg.TargetGroupGroup) (map[string]ENIInfo, error)
}

TargetENIsResolver resolves the ENIs that supports targets for target groups.

func NewTargetENIsResolver ¶ added in v1.1.3

func NewTargetENIsResolver(store store.Storer, cloud aws.CloudAPI) TargetENIsResolver

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL