github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Add cloudprovider methods for ssl.

Browse Source
This commit is contained in:
Prashanth Balasubramanian 2016-01-25 16:16:29 -08:00
parent 458eb5284a
commit cba768322a
1 changed files with 193 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
pkg/cloudprovider/providers/gce/gce.go
View File

@ -488,14 +488,15 @@ func (gce *GCECloud) EnsureLoadBalancer(name, region string, requestedIP net.IP,
} }
if firewallNeedsUpdate { if firewallNeedsUpdate {
desc := makeFirewallDescription(ipAddress)
// Unlike forwarding rules and target pools, firewalls can be updated // Unlike forwarding rules and target pools, firewalls can be updated
// without needing to be deleted and recreated. // without needing to be deleted and recreated.
if firewallExists { if firewallExists {
if err := gce.updateFirewall(name, region, ipAddress, ports, hosts); err != nil { if err := gce.updateFirewall(name, region, desc, "0.0.0.0/0", ports, hosts); err != nil {
return nil, err return nil, err
} }
} else { } else {
if err := gce.createFirewall(name, region, ipAddress, ports, hosts); err != nil { if err := gce.createFirewall(name, region, desc, "0.0.0.0/0", ports, hosts); err != nil {
return nil, err return nil, err
} }
} }
@ -727,8 +728,8 @@ func (gce *GCECloud) createTargetPool(name, region string, hosts []*gceInstance,
return nil return nil
} }
func (gce *GCECloud) createFirewall(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) error { func (gce *GCECloud) createFirewall(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) error {
firewall, err := gce.firewallObject(name, region, ipAddress, ports, hosts) firewall, err := gce.firewallObject(name, region, desc, srcRange, ports, hosts)
if err != nil { if err != nil {
return err return err
} }
@ -745,8 +746,8 @@ func (gce *GCECloud) createFirewall(name, region, ipAddress string, ports []*api
return nil return nil
} }
func (gce *GCECloud) updateFirewall(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) error { func (gce *GCECloud) updateFirewall(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) error {
firewall, err := gce.firewallObject(name, region, ipAddress, ports, hosts) firewall, err := gce.firewallObject(name, region, desc, srcRange, ports, hosts)
if err != nil { if err != nil {
return err return err
} }
@ -763,7 +764,7 @@ func (gce *GCECloud) updateFirewall(name, region, ipAddress string, ports []*api
return nil return nil
} }
func (gce *GCECloud) firewallObject(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) (*compute.Firewall, error) { func (gce *GCECloud) firewallObject(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) (*compute.Firewall, error) {
allowedPorts := make([]string, len(ports)) allowedPorts := make([]string, len(ports))
for ix := range ports { for ix := range ports {
allowedPorts[ix] = strconv.Itoa(ports[ix].Port) allowedPorts[ix] = strconv.Itoa(ports[ix].Port)
@ -774,9 +775,9 @@ func (gce *GCECloud) firewallObject(name, region, ipAddress string, ports []*api
} }
firewall := &compute.Firewall{ firewall := &compute.Firewall{
Name: makeFirewallName(name), Name: makeFirewallName(name),
Description: makeFirewallDescription(ipAddress), Description: desc,
Network: gce.networkURL, Network: gce.networkURL,
SourceRanges: []string{"0.0.0.0/0"}, SourceRanges: []string{srcRange},
TargetTags: hostTags, TargetTags: hostTags,
Allowed: []*compute.FirewallAllowed{ Allowed: []*compute.FirewallAllowed{
{ {
@ -1036,6 +1037,94 @@ func (gce *GCECloud) deleteStaticIP(name, region string) error {
return nil return nil
} }
// Firewall management: These methods are just passthrough to the existing
// internal firewall creation methods used to manage TCPLoadBalancer.
// GetFirewall returns the Firewall by name.
func (gce *GCECloud) GetFirewall(name string) (*compute.Firewall, error) {
return gce.service.Firewalls.Get(gce.projectID, name).Do()
}
// CreateFirewall creates the given firewall rule.
func (gce *GCECloud) CreateFirewall(name, desc, srcRange string, ports []int64, hostNames []string) error {
region, err := GetGCERegion(gce.localZone)
if err != nil {
return err
}
// TODO: This completely breaks modularity in the cloudprovider but the methods
// shared with the TCPLoadBalancer take api.ServicePorts.
svcPorts := []*api.ServicePort{}
for _, p := range ports {
svcPorts = append(svcPorts, &api.ServicePort{Port: int(p)})
}
hosts, err := gce.getInstancesByNames(hostNames)
if err != nil {
return err
}
return gce.createFirewall(name, region, desc, srcRange, svcPorts, hosts)
}
// DeleteFirewall deletes the given firewall rule.
func (gce *GCECloud) DeleteFirewall(name string) error {
region, err := GetGCERegion(gce.localZone)
if err != nil {
return err
}
return gce.deleteFirewall(name, region)
}
// UpdateFirewall applies the given firewall rule as an update to an existing
// firewall rule with the same name.
func (gce *GCECloud) UpdateFirewall(name, desc, srcRange string, ports []int64, hostNames []string) error {
region, err := GetGCERegion(gce.localZone)
if err != nil {
return err
}
// TODO: This completely breaks modularity in the cloudprovider but the methods
// shared with the TCPLoadBalancer take api.ServicePorts.
svcPorts := []*api.ServicePort{}
for _, p := range ports {
svcPorts = append(svcPorts, &api.ServicePort{Port: int(p)})
}
hosts, err := gce.getInstancesByNames(hostNames)
if err != nil {
return err
}
return gce.updateFirewall(name, region, desc, srcRange, svcPorts, hosts)
}
// Global static IP management
// ReserveGlobalStaticIP creates a global static IP.
// Caller is allocated a random IP if they do not specify an ipAddress. If an
// ipAddress is specified, it must belong to the current project, eg: an
// ephemeral IP associated with a global forwarding rule.
func (gce *GCECloud) ReserveGlobalStaticIP(name, ipAddress string) (address *compute.Address, err error) {
op, err := gce.service.GlobalAddresses.Insert(gce.projectID, &compute.Address{Name: name, Address: ipAddress}).Do()
if err != nil {
return nil, err
}
if err := gce.waitForGlobalOp(op); err != nil {
return nil, err
}
// We have to get the address to know which IP was allocated for us.
return gce.service.GlobalAddresses.Get(gce.projectID, name).Do()
}
// DeleteGlobalStaticIP deletes a global static IP by name.
func (gce *GCECloud) DeleteGlobalStaticIP(name string) error {
op, err := gce.service.GlobalAddresses.Delete(gce.projectID, name).Do()
if err != nil {
return err
}
return gce.waitForGlobalOp(op)
}
// GetGlobalStaticIP returns the global static IP by name.
func (gce *GCECloud) GetGlobalStaticIP(name string) (address *compute.Address, err error) {
return gce.service.GlobalAddresses.Get(gce.projectID, name).Do()
}
// UrlMap management // UrlMap management
// GetUrlMap returns the UrlMap by name. // GetUrlMap returns the UrlMap by name.
@ -1137,6 +1226,101 @@ func (gce *GCECloud) ListTargetHttpProxies() (*compute.TargetHttpProxyList, erro
return gce.service.TargetHttpProxies.List(gce.projectID).Do() return gce.service.TargetHttpProxies.List(gce.projectID).Do()
} }
// TargetHttpsProxy management
// GetTargetHttpsProxy returns the UrlMap by name.
func (gce *GCECloud) GetTargetHttpsProxy(name string) (*compute.TargetHttpsProxy, error) {
return gce.service.TargetHttpsProxies.Get(gce.projectID, name).Do()
}
// CreateTargetHttpsProxy creates and returns a TargetHttpsProxy with the given UrlMap and SslCertificate.
func (gce *GCECloud) CreateTargetHttpsProxy(urlMap *compute.UrlMap, sslCert *compute.SslCertificate, name string) (*compute.TargetHttpsProxy, error) {
proxy := &compute.TargetHttpsProxy{
Name: name,
UrlMap: urlMap.SelfLink,
SslCertificates: []string{sslCert.SelfLink},
}
op, err := gce.service.TargetHttpsProxies.Insert(gce.projectID, proxy).Do()
if err != nil {
return nil, err
}
if err = gce.waitForGlobalOp(op); err != nil {
return nil, err
}
return gce.GetTargetHttpsProxy(name)
}
// SetUrlMapForTargetHttpsProxy sets the given UrlMap for the given TargetHttpsProxy.
func (gce *GCECloud) SetUrlMapForTargetHttpsProxy(proxy *compute.TargetHttpsProxy, urlMap *compute.UrlMap) error {
op, err := gce.service.TargetHttpsProxies.SetUrlMap(gce.projectID, proxy.Name, &compute.UrlMapReference{UrlMap: urlMap.SelfLink}).Do()
if err != nil {
return err
}
return gce.waitForGlobalOp(op)
}
// SetSslCertificateForTargetHttpsProxy sets the given SslCertificate for the given TargetHttpsProxy.
func (gce *GCECloud) SetSslCertificateForTargetHttpsProxy(proxy *compute.TargetHttpsProxy, sslCert *compute.SslCertificate) error {
op, err := gce.service.TargetHttpsProxies.SetSslCertificates(gce.projectID, proxy.Name, &compute.TargetHttpsProxiesSetSslCertificatesRequest{SslCertificates: []string{sslCert.SelfLink}}).Do()
if err != nil {
return err
}
return gce.waitForGlobalOp(op)
}
// DeleteTargetHttpsProxy deletes the TargetHttpsProxy by name.
func (gce *GCECloud) DeleteTargetHttpsProxy(name string) error {
op, err := gce.service.TargetHttpsProxies.Delete(gce.projectID, name).Do()
if err != nil {
if isHTTPErrorCode(err, http.StatusNotFound) {
return nil
}
return err
}
return gce.waitForGlobalOp(op)
}
// ListTargetHttpsProxies lists all TargetHttpsProxies in the project.
func (gce *GCECloud) ListTargetHttpsProxies() (*compute.TargetHttpsProxyList, error) {
return gce.service.TargetHttpsProxies.List(gce.projectID).Do()
}
// SSL Certificate management
// GetSslCertificate returns the SslCertificate by name.
func (gce *GCECloud) GetSslCertificate(name string) (*compute.SslCertificate, error) {
return gce.service.SslCertificates.Get(gce.projectID, name).Do()
}
// CreateSslCertificate creates and returns a SslCertificate.
func (gce *GCECloud) CreateSslCertificate(sslCerts *compute.SslCertificate) (*compute.SslCertificate, error) {
op, err := gce.service.SslCertificates.Insert(gce.projectID, sslCerts).Do()
if err != nil {
return nil, err
}
if err = gce.waitForGlobalOp(op); err != nil {
return nil, err
}
return gce.GetSslCertificate(sslCerts.Name)
}
// DeleteSslCertificate deletes the SslCertificate by name.
func (gce *GCECloud) DeleteSslCertificate(name string) error {
op, err := gce.service.SslCertificates.Delete(gce.projectID, name).Do()
if err != nil {
if isHTTPErrorCode(err, http.StatusNotFound) {
return nil
}
return err
}
return gce.waitForGlobalOp(op)
}
// ListSslCertificates lists all SslCertificates in the project.
func (gce *GCECloud) ListSslCertificates() (*compute.SslCertificateList, error) {
return gce.service.SslCertificates.List(gce.projectID).Do()
}
// GlobalForwardingRule management // GlobalForwardingRule management
// CreateGlobalForwardingRule creates and returns a GlobalForwardingRule that points to the given TargetHttpProxy. // CreateGlobalForwardingRule creates and returns a GlobalForwardingRule that points to the given TargetHttpProxy.