firewall

package
v0.4.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrTooManyIPs         = errors.New("too many IPs in this ACL, will exceed rules per firewall limit")
	ErrTooManyNBFirewalls = errors.New("too many firewalls attached to a nodebalancer")
	ErrInvalidFWConfig    = errors.New("specify either an allowList or a denyList for a firewall")
)

Functions

func CreateFirewallOptsForSvc 

func CreateFirewallOptsForSvc(label string, tags []string, svc *v1.Service) (*linodego.FirewallCreateOptions, error)

Types

type LinodeClient 

type LinodeClient struct {
	Client client.Client
}

func (*LinodeClient) CreateFirewall 

func (l *LinodeClient) CreateFirewall(ctx context.Context, opts linodego.FirewallCreateOptions) (fw *linodego.Firewall, err error)

func (*LinodeClient) DeleteFirewall 

func (l *LinodeClient) DeleteFirewall(ctx context.Context, firewall *linodego.Firewall) error

func (*LinodeClient) UpdateNodeBalancerFirewall 

func (l *LinodeClient) UpdateNodeBalancerFirewall(
	ctx context.Context,
	loadBalancerName string,
	loadBalancerTags []string,
	service *v1.Service,
	nb *linodego.NodeBalancer,
) error

UpdateNodeBalancerFirewall reconciles the firewall attached to the nodebalancer

This function does the following

  1. If a firewallID annotation is present, it checks if the nodebalancer has a firewall attached, and if it matches the annotationID a. If the IDs match, nothing to do here. b. If they don't match, the nb is attached to the new firewall and removed from the old one.
  2. If a firewallACL annotation is present, a. it checks if the nodebalancer has a firewall attached, if a fw exists, it updates rules b. if a fw does not exist, it creates one
  3. If neither of these annotations are present, a. AND if no firewalls are attached to the nodebalancer, nothing to do. b. if the NB has ONE firewall attached, remove it from nb, and clean up if nothing else is attached to it c. If there are more than one fw attached to it, then its a problem, return an err
  4. If both these annotations are present, the firewallID takes precedence, and the ACL annotation is ignored.

IF a user creates a fw ID externally, and then switches to using a ACL, the CCM will take over the fw that's attached to the nodebalancer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.