Documentation ¶
Overview ¶
Package types contains common types in the antrea-controller.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddressGroup ¶
type AddressGroup struct { SpanMeta // UID is generated from the hash value of GroupSelector.NormalizedName. // In case the AddressGroup is created for a ClusterGroup, the UID is // that of the corresponding ClusterGroup. UID types.UID // Name of this group, currently it's same as UID. Name string // Selector describes how the group selects pods to get their addresses. Selector GroupSelector // GroupMembers is a set of GroupMembers selected by this group. // It will be converted to a slice of GroupMember for transferring according // to client's selection. GroupMembers controlplane.GroupMemberSet }
AddressGroup describes a set of addresses used as source or destination of Network Policy rules.
type AppliedToGroup ¶
type AppliedToGroup struct { SpanMeta // UID is generated from the hash value of GroupSelector.NormalizedName. // In case the AppliedToGroup is created for a ClusterGroup, the UID is // that of the corresponding ClusterGroup. UID types.UID // Name of this group, currently it's same as UID. Name string // Selector describes how the group selects pods. Selector GroupSelector // GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node, // either GroupMembers or ExternalEntity on the external node. // It will be converted to a slice of GroupMember for transferring according // to client's selection. GroupMemberByNode map[string]controlplane.GroupMemberSet }
AppliedToGroup describes a set of GroupMembers to apply Network Policies to.
type EgressGroup ¶
type EgressGroup struct { SpanMeta // UID of this EgressGroup, it's same as the UID of the Egress. UID types.UID // Name of this EgressGroup, it's same as the name of the Egress. Name string // GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node. // It will be converted to a slice of GroupMember for transferring according to client's selection. GroupMemberByNode map[string]controlplane.GroupMemberSet }
EgressGroup describes a set of GroupMembers to apply Egress to. TODO: Unify it with NetworkPolicy AppliedToGroup.
type Group ¶
type Group struct { // UID is a unique identifier of this internal Group. It is same as that of the ClusterGroup // resource UID. UID types.UID // Name of the ClusterGroup for which this internal Group is created. Name string // Selector describes how the internal group selects Pods to get their addresses. // Selector is nil if Group is defined with ipBlock, or if it has ServiceReference // and has not been processed by the controller yet / Service cannot be found. Selector *GroupSelector IPBlocks []controlplane.IPBlock // ServiceReference is reference to a v1.Service, which this Group keeps in sync // and updates Selector based on the Service's selector. ServiceReference *controlplane.ServiceReference // ChildGroups is the list of Group names that belongs to this Group. ChildGroups []string }
Group describes a set of GroupMembers which can be referenced in Antrea-native NetworkPolicies. These Groups can then be converted to AppliedToGroup or AddressGroup. Each internal Group corresponds to a single ClusterGroup, i.e. unlike AppliedTo/AddressGroups created for standalone selectors, these internal Groups are not shared by ClusterGroups created with same selectors.
type GroupSelector ¶
type GroupSelector struct { // The normalized name is calculated from Namespace, PodSelector, ExternalEntitySelector and NamespaceSelector. // If multiple policies have same standalone selectors, they should share this group by comparing NormalizedName. // It's also used to generate Name and UUID of AddressGroup or AppliedToGroup. // Internal Groups corresponding to the ClusterGroups use the NormalizedName to detect if there is a change in // the selectors. NormalizedName string // If Namespace is set, NamespaceSelector can not be set. It means only GroupMembers in this Namespace will be matched. Namespace string // This is a label selector which selects GroupMembers. If Namespace is also set, it selects the GroupMembers in the Namespace. // If NamespaceSelector is set instead, it selects the GroupMembers in the Namespaces selected by NamespaceSelector. // If Namespace and NamespaceSelector both are unset, it selects the GroupMembers in all the Namespaces. PodSelector labels.Selector // This is a label selector which selects Namespaces. It this field is set, Namespace can not be set. NamespaceSelector labels.Selector // This is a label selector which selects ExternalEntities. Within a group, ExternalEntitySelector cannot be // set concurrently with PodSelector. If Namespace is also set, it selects the ExternalEntities in the Namespace. // If NamespaceSelector is set instead, it selects ExternalEntities in the Namespaces selected by NamespaceSelector. // If Namespace and NamespaceSelector both are unset, it selects the ExternalEntities in all the Namespaces. // TODO: Add validation in API to not allow externalEntitySelector and podSelector in the same group. ExternalEntitySelector labels.Selector }
GroupSelector describes how to select GroupMembers.
func NewGroupSelector ¶
func NewGroupSelector(namespace string, podSelector, nsSelector, extEntitySelector *metav1.LabelSelector) *GroupSelector
type NetworkPolicy ¶
type NetworkPolicy struct { SpanMeta // UID of the internal NetworkPolicy. UID types.UID // Name of the internal Network Policy, must be unique across all Network Policy types. Name string // Generation of the internal Network Policy. It's inherited from the original Network Policy. Generation int64 // Reference to the original Network Policy. SourceRef *controlplane.NetworkPolicyReference // Priority represents the relative priority of this NetworkPolicy as compared to // other NetworkPolicies. Priority will be unset (nil) for K8s NetworkPolicy. Priority *float64 // Rules is a list of rules to be applied to the selected GroupMembers. Rules []controlplane.NetworkPolicyRule // AppliedToGroups is a list of names of AppliedToGroups to which this policy applies. AppliedToGroups []string // TierPriority represents the priority of the Tier associated with this Network // Policy. TierPriority *int32 // AppliedToPerRule tracks if appliedTo is set per rule basis rather than in policy spec. // Must be false for K8s NetworkPolicy. AppliedToPerRule bool // PerNamespaceSelectors maintains a list of unique Namespace selectors of appliedTo groups // of the NetworkPolicy, for which a per-namespace rule is created. // It is used as an index so that Namespace updates can trigger corresponding rules // to re-calculate affected Namespaces. // It is set only for AntreaClusterNetworkPolicies with per-namespace rules. PerNamespaceSelectors []labels.Selector }
NetworkPolicy describes what network traffic is allowed for a set of GroupMembers.