forked from voyagermesh/voyager
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloud.go
99 lines (85 loc) · 3.8 KB
/
cloud.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cloudprovider
import (
"errors"
"fmt"
"strings"
apiv1 "k8s.io/client-go/pkg/api/v1"
netsets "k8s.io/kubernetes/pkg/util/net/sets"
)
// Interface is an abstract, pluggable interface for cloud providers.
type Interface interface {
// Firewall returns a firewall interface. Also returns true if the interface is supported, false otherwise.
Firewall() (Firewall, bool)
// ProviderName returns the cloud provider ID.
ProviderName() string
}
// TODO(#6812): Use a shorter name that's less likely to be longer than cloud
// providers' name length limits.
func GetLoadBalancerName(service *apiv1.Service) string {
//GCE requires that the name of a load balancer starts with a lower case letter.
ret := "a" + string(service.UID)
ret = strings.Replace(ret, "-", "", -1)
//AWS requires that the name of a load balancer is shorter than 32 bytes.
if len(ret) > 32 {
ret = ret[:32]
}
return ret
}
const (
defaultLoadBalancerSourceRanges = "0.0.0.0/0"
annotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges"
)
// GetLoadBalancerSourceRanges first try to parse and verify LoadBalancerSourceRanges field from a service.
// If the field is not specified, turn to parse and verify the AnnotationLoadBalancerSourceRangesKey annotation from a service,
// extracting the source ranges to allow, and if not present returns a default (allow-all) value.
func GetLoadBalancerSourceRanges(service *apiv1.Service) (netsets.IPNet, error) {
var ipnets netsets.IPNet
var err error
// if SourceRange field is specified, ignore sourceRange annotation
if len(service.Spec.LoadBalancerSourceRanges) > 0 {
specs := service.Spec.LoadBalancerSourceRanges
ipnets, err = netsets.ParseIPNets(specs...)
if err != nil {
return nil, fmt.Errorf("service.Spec.LoadBalancerSourceRanges: %v is not valid. Expecting a list of IP ranges. For example, 10.0.0.0/24. Error msg: %v", specs, err)
}
} else {
val := service.Annotations[annotationLoadBalancerSourceRangesKey]
val = strings.TrimSpace(val)
if val == "" {
val = defaultLoadBalancerSourceRanges
}
specs := strings.Split(val, ",")
ipnets, err = netsets.ParseIPNets(specs...)
if err != nil {
return nil, fmt.Errorf("%s: %s is not valid. Expecting a comma-separated list of source IP ranges. For example, 10.0.0.0/24,192.168.2.0/24", annotationLoadBalancerSourceRangesKey, val)
}
}
return ipnets, nil
}
// Firewall is an abstract, pluggable interface for firewalls.
type Firewall interface {
// EnsureFirewall creates and/or update firewall rules.
// Implementations must treat the *apiv1.Service parameter as read-only and not modify it.
EnsureFirewall(service *apiv1.Service, hostname string) error
// EnsureFirewallDeleted deletes the specified firewall if it
// exists, returning nil if the firewall specified either didn't exist or
// was successfully deleted.
// This construction is useful because many cloud providers' firewall
// have multiple underlying components, meaning a Get could say that the firewall
// doesn't exist even if some part of it is still laying around.
// Implementations must treat the *apiv1.Service parameter as read-only and not modify it.
EnsureFirewallDeleted(service *apiv1.Service) error
}
var InstanceNotFound = errors.New("instance not found")