AddAnnotation adds an annotation by a given key to an object if not present by updating it with the given client.

AnnotationAddedPredicate returns a predicate when the given annotation key was added.

AnnotationRemovedPredicate returns a predicate when the given annotation key was removed.

IsAnnotationFalse returns true if the given object has an annotation with a given key and the value of this annotation is a false boolean.

IsAnnotationPresent returns true if the given object has an annotation with a given key, the value of this annotation does not matter.

IsAnnotationTrue returns true if the given object has an annotation with a given key and the value of this annotation is a true boolean.

NewCondition creates a new condition.

RemoveAnnotation removes an annotation by a given key from an object if present by updating it with the given client.

SortFirewallsByImportance sorts the given firewall slice by importance, e.g.

ConditionFalse means a resource is not in the condition.

ConditionTrue means a resource is in the condition.

ConditionUnknown means Gardener can't decide if a resource is in the condition or not.

FinalizerName is the finalizer name used by this controller.

FirewallControllerConnected indicates that the firewall-controller running on the firewall is reconciling the shoot.

FirewallControllerManagedByAnnotation is used as tag for creating a firewall to indicate who is managing the firewall.

FirewallControllerManager is a name of the firewall-controller-manager managing the firewall.

FirewallControllerSeedConnected indicates that the firewall-controller running on the firewall is reconciling the firewall resource.

FirewallControllerSetAnnotation is a tag added to the firewall entity indicating to which set a firewall belongs to.

FirewallCreated indicates if the firewall was created at the metal-api.

FirewallDeplomentAvailable indicates whether the deployment has reached the desired amount of replicas or not.

FirewallDeplomentAvailable indicates whether the deployment has reached the desired amount of replicas or not.

FirewallDeplomentRBACProvisioned indicates whether the rbac permissions for the firewall-controller to communicate with the api server were provisioned.

FirewallDistanceConfigured indicates that the firewall-controller has configured the given firewall distance.

FirewallMaxReplicas defines the maximum amount of firewall replicas to be defined.

FirewallMonitorDeployed indicates that the firewall monitor is deployed into the shoot cluster.

FirewallNoControllerConnectionAnnotation can be used as an annotation to the firewall resource in order to indicate that the firewall-controller does not connect to the firewall monitor.

FirewallPhaseCrashing means the firewall is currently in a provisioning crashloop.

FirewallPhaseCreating means the firewall is currently being created.

FirewallPhaseRunning means the firewall is currently running.

FirewallReady indicates that the firewall is running and and according to the metal-api in a healthy, working state.

FirewallShootNamespace is the name of the namespace to which the firewall monitor gets deployed and in which the firewall-controller operates.

FirewallWeightAnnotation is considered when deciding which firewall is thrown away on scale down.

MaintenanceAnnotation can be used to trigger a maintenance reconciliation for which a controller might have special behavior.

ReconcileAnnotation can be used to trigger a reconciliation of a resource managed by a controller.

RevisionAnnotation stores the revision number of a resource.

RollSetAnnotation can be used to trigger a rolling update of a firewall deployment.

StrategyRecreate removes the old firewall set and then creates a new one.

StrategyRollingUpdate first creates a new firewall set, wait's until it is ready and then removes the old one.

AddToScheme adds the types in this group-version to the given scheme.

GroupVersion is group version used to register these objects.

SchemeBuilder is used to add go types to the GroupVersionKind scheme.

AllowedNetworks is a list of networks which are allowed to connect when NetworkAccessType is forbidden.

Condition holds the information about the state of a resource.

ControllerConnection contains information about the firewall-controller connection.

Counter holds values of a nftables counter object.

DeviceStat contains statistics of a device.

EgressRuleSNAT holds a Source-NAT rule.

Firewall represents a metal-stack firewall in a bare-metal kubernetes cluster.

FirewallDeployment contains the spec template of a firewall resource similar to a Kubernetes Deployment and implements update strategies like rolling update for the managed firewalls.

FirewallDeploymentList contains a list of firewalls deployments +kubebuilder:object:root=true.

FirewallDeploymentSpec specifies the firewall deployment.

FirewallDeploymentStatus contains current status information on the firewall deployment.

FirewallList contains a list of firewalls +kubebuilder:object:root=true.

+kubebuilder:object:root=true +kubebuilder:resource:shortName=fwmon +kubebuilder:printcolumn:name="Machine ID",type="string",JSONPath=".machineStatus.machineID" +kubebuilder:printcolumn:name="Image",type="string",JSONPath=".image" +kubebuilder:printcolumn:name="Size",type="string",JSONPath=".size" +kubebuilder:printcolumn:name="Last Event",type="string",JSONPath=".machineStatus.lastEvent.event" +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".machineStatus.allocationTimestamp" FirewallMonitor is typically deployed into the shoot cluster in comparison to the other resources of this controller which are deployed into the seed cluster's shoot namespace.

+kubebuilder:object:root=true.

FirewallNetwork holds refined information about a network that the firewall is connected to.

FirewallSet contains the spec template of a firewall resource similar to a Kubernetes ReplicaSet and takes care that the desired amount of firewall replicas is running.

FirewallSetList contains a list of firewalls sets +kubebuilder:object:root=true.

FirewallSetSpec specifies the firewall set.

FirewallSpec defines parameters for the firewall creation along with configuration for the firewall-controller.

FirewallStats contains firewall statistics.

FirewallStatus contains current status information on the firewall.

FirewallTemplateSpec describes the data a firewall should have when created from a template.

MachineLastEvent contains the last provisioning event of the machine.

MachineStatus holds the status of the firewall machine containing information from the metal-stack api.

RateLimit contains the rate limit rule for a network.

RuleStat contains the statistics for a single nftables rule.

ShootAccess contains secret references to construct a shoot client in the firewall-controller to update its firewall monitor.

ConditionStatus is the status of a condition.

ConditionType is a string alias.

DeviceStatsByDevice contains DeviceStatistics grouped by device name.

FirewallDistance defines the as-path length of firewalls, influencing how strong they attract network traffic for routing traffic in and out of the cluster.

FirewallPhase describes the firewall phase at the current time.

FirewallUpdateStrategy describes the strategy how firewalls are updated in case the update requires a physical recreation of the firewalls.

RuleStats contains firewall rule statistics of all rules of an action.

RuleStatsByAction contains firewall rule statistics groups by action: e.g.