func()

in internal/node/validate.go [131:185]

• 49 lines of code
• 11 McCabe index (conditional complexity)

func (a APIServerValidator) CheckVPCEndpointAccess(ctx context.Context, informer validation.Informer, node *api.NodeConfig) error {
	name := "kubernetes-vpc-api-server-access"
	var err error
	informer.Starting(ctx, name, "Validating access to Kube-API server through VPC IPs")
	defer func() {
		informer.Done(ctx, name, err)
	}()
	client, err := a.client()
	if err != nil {
		return err
	}

	kubeEndpoint, err := client.CoreV1().Endpoints("default").Get(ctx, "kubernetes", metav1.GetOptions{})
	if err != nil {
		err = validation.WithRemediation(err, badPermissionsRemediation)
		return err
	}

	if len(kubeEndpoint.Subsets) == 0 {
		err = errors.New("no subsets found in the Kubernetes endpoint, can't validate VPC API server access")
		return err
	}

	for _, subset := range kubeEndpoint.Subsets {
		var port int32
		for _, p := range subset.Ports {
			if p.Name == "https" {
				port = p.Port
				break
			}
		}
		if port == 0 {
			continue
		}

		for _, address := range subset.Addresses {
			if address.IP == "" {
				continue
			}
			u := url.URL{
				Scheme: "https",
				Host:   fmt.Sprintf("%s:%d", address.IP, port),
			}

			if err = network.CheckConnectionToHost(ctx, u); err != nil {
				err = validation.WithRemediation(err,
					fmt.Sprintf("Ensure the node has access to the Kube-API server endpoint %s in the VPC", address.IP),
				)
				return err
			}
		}
	}

	return nil
}