utils

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 25, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AntreaPolicyProtocolToK8sProtocol added in v1.7.0

func AntreaPolicyProtocolToK8sProtocol(antreaProtocol AntreaPolicyProtocol) (v1.Protocol, error)

func GenPortsOrProtocols added in v1.7.0

func GenPortsOrProtocols(protoc AntreaPolicyProtocol, port *int32, portName *string, endPort, srcPort, srcEndPort, icmpType, icmpCode, igmpType *int32, groupAddress *string) ([]crdv1alpha1.NetworkPolicyPort, []crdv1alpha1.NetworkPolicyProtocol)

Types

type ACNPAppliedToSpec

type ACNPAppliedToSpec struct {
	PodSelector         map[string]string
	NSSelector          map[string]string
	PodSelectorMatchExp []metav1.LabelSelectorRequirement
	NSSelectorMatchExp  []metav1.LabelSelectorRequirement
	Group               string
	Service             *crdv1alpha1.NamespacedName
}

type ANPAppliedToSpec

type ANPAppliedToSpec struct {
	ExternalEntitySelector         map[string]string
	ExternalEntitySelectorMatchExp []metav1.LabelSelectorRequirement
	PodSelector                    map[string]string
	PodSelectorMatchExp            []metav1.LabelSelectorRequirement
	Group                          string
}

type AntreaNetworkPolicySpecBuilder

type AntreaNetworkPolicySpecBuilder struct {
	Spec      crdv1alpha1.NetworkPolicySpec
	Name      string
	Namespace string
}

func (*AntreaNetworkPolicySpecBuilder) AddEgress

func (b *AntreaNetworkPolicySpecBuilder) AddEgress(protoc AntreaPolicyProtocol,
	port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32, l7Protocols []crdv1alpha1.L7Protocol,
	groupAddress, cidr *string, podSelector map[string]string, nsSelector map[string]string, eeSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, eeSelectorMatchExp []metav1.LabelSelectorRequirement,
	ruleAppliedToSpecs []ANPAppliedToSpec, action crdv1alpha1.RuleAction, ruleGroup, name string) *AntreaNetworkPolicySpecBuilder

func (*AntreaNetworkPolicySpecBuilder) AddEgressLogging

func (*AntreaNetworkPolicySpecBuilder) AddIngress

func (b *AntreaNetworkPolicySpecBuilder) AddIngress(protoc AntreaPolicyProtocol,
	port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32, l7Protocols []crdv1alpha1.L7Protocol,
	groupAddress, cidr *string, podSelector map[string]string, nsSelector map[string]string, eeSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, eeSelectorMatchExp []metav1.LabelSelectorRequirement,
	ruleAppliedToSpecs []ANPAppliedToSpec, action crdv1alpha1.RuleAction, ruleGroup, name string) *AntreaNetworkPolicySpecBuilder

func (*AntreaNetworkPolicySpecBuilder) AddToServicesRule added in v1.5.0

func (b *AntreaNetworkPolicySpecBuilder) AddToServicesRule(svcRefs []crdv1alpha1.PeerService,
	name string, ruleAppliedToSpecs []ANPAppliedToSpec, action crdv1alpha1.RuleAction) *AntreaNetworkPolicySpecBuilder

func (*AntreaNetworkPolicySpecBuilder) Get

func (*AntreaNetworkPolicySpecBuilder) GetAppliedToPeer

func (b *AntreaNetworkPolicySpecBuilder) GetAppliedToPeer(podSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement,
	entitySelector map[string]string,
	entitySelectorMatchExp []metav1.LabelSelectorRequirement,
	appliedToGrp string) crdv1alpha1.AppliedTo

func (*AntreaNetworkPolicySpecBuilder) SetAppliedToGroup

func (*AntreaNetworkPolicySpecBuilder) SetName

func (*AntreaNetworkPolicySpecBuilder) SetPriority

func (*AntreaNetworkPolicySpecBuilder) SetTier

type AntreaPolicyProtocol added in v1.7.0

type AntreaPolicyProtocol string
const (
	ProtocolTCP  AntreaPolicyProtocol = "TCP"
	ProtocolUDP  AntreaPolicyProtocol = "UDP"
	ProtocolSCTP AntreaPolicyProtocol = "SCTP"
	ProtocolICMP AntreaPolicyProtocol = "ICMP"
	ProtocolIGMP AntreaPolicyProtocol = "IGMP"
)

type ClusterGroupV1Alpha3SpecBuilder

type ClusterGroupV1Alpha3SpecBuilder struct {
	Spec crdv1alpha3.GroupSpec
	Name string
}

ClusterGroupV1Alpha3SpecBuilder builds a core/v1alpha3 ClusterGroup object.

func (*ClusterGroupV1Alpha3SpecBuilder) Get

func (*ClusterGroupV1Alpha3SpecBuilder) SetChildGroups

func (*ClusterGroupV1Alpha3SpecBuilder) SetIPBlocks

func (*ClusterGroupV1Alpha3SpecBuilder) SetName

func (*ClusterGroupV1Alpha3SpecBuilder) SetNamespaceSelector

func (b *ClusterGroupV1Alpha3SpecBuilder) SetNamespaceSelector(nsSelector map[string]string, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha3SpecBuilder

func (*ClusterGroupV1Alpha3SpecBuilder) SetPodSelector

func (b *ClusterGroupV1Alpha3SpecBuilder) SetPodSelector(podSelector map[string]string, podSelectorMatchExp []metav1.LabelSelectorRequirement) *ClusterGroupV1Alpha3SpecBuilder

func (*ClusterGroupV1Alpha3SpecBuilder) SetServiceReference

func (b *ClusterGroupV1Alpha3SpecBuilder) SetServiceReference(svcNS, svcName string) *ClusterGroupV1Alpha3SpecBuilder

type ClusterNetworkPolicySpecBuilder

type ClusterNetworkPolicySpecBuilder struct {
	Spec crdv1alpha1.ClusterNetworkPolicySpec
	Name string
}

func (*ClusterNetworkPolicySpecBuilder) AddEgress

func (b *ClusterNetworkPolicySpecBuilder) AddEgress(protoc AntreaPolicyProtocol,
	port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32,
	groupAddress, cidr *string, podSelector map[string]string, nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, selfNS bool,
	ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction, ruleClusterGroup, name string, serviceAccount *crdv1alpha1.NamespacedName) *ClusterNetworkPolicySpecBuilder

func (*ClusterNetworkPolicySpecBuilder) AddEgressLogging

func (*ClusterNetworkPolicySpecBuilder) AddFQDNRule added in v1.3.0

func (b *ClusterNetworkPolicySpecBuilder) AddFQDNRule(fqdn string,
	protoc AntreaPolicyProtocol, port *int32, portName *string, endPort *int32, name string,
	ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction) *ClusterNetworkPolicySpecBuilder

func (*ClusterNetworkPolicySpecBuilder) AddIngress

func (b *ClusterNetworkPolicySpecBuilder) AddIngress(protoc AntreaPolicyProtocol,
	port *int32, portName *string, endPort, icmpType, icmpCode, igmpType *int32,
	groupAddress, cidr *string, podSelector map[string]string, nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, selfNS bool,
	ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction, ruleClusterGroup, name string, serviceAccount *crdv1alpha1.NamespacedName) *ClusterNetworkPolicySpecBuilder

func (*ClusterNetworkPolicySpecBuilder) AddIngressForSrcPort added in v1.12.0

func (b *ClusterNetworkPolicySpecBuilder) AddIngressForSrcPort(protoc AntreaPolicyProtocol,
	port, endPort, srcPort, endSrcPort, icmpType, icmpCode, igmpType *int32,
	groupAddress, cidr *string, podSelector map[string]string, nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement, selfNS bool,
	ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction, ruleClusterGroup, name string, serviceAccount *crdv1alpha1.NamespacedName) *ClusterNetworkPolicySpecBuilder

TODO: added new function to avoid merge conflicts. Unify this function with 'addIngress' when

all conflicting PRs are merged.

func (*ClusterNetworkPolicySpecBuilder) AddNodeSelectorRule added in v1.6.0

func (b *ClusterNetworkPolicySpecBuilder) AddNodeSelectorRule(nodeSelector *metav1.LabelSelector, protoc AntreaPolicyProtocol, port *int32, name string,
	ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction, isEgress bool) *ClusterNetworkPolicySpecBuilder

func (*ClusterNetworkPolicySpecBuilder) AddStretchedIngressRule added in v1.10.0

func (b *ClusterNetworkPolicySpecBuilder) AddStretchedIngressRule(pSel, nsSel map[string]string,
	name string, ruleAppliedToSpecs []ACNPAppliedToSpec, action crdv1alpha1.RuleAction) *ClusterNetworkPolicySpecBuilder

func (*ClusterNetworkPolicySpecBuilder) AddToServicesRule added in v1.4.0

func (*ClusterNetworkPolicySpecBuilder) Get

func (*ClusterNetworkPolicySpecBuilder) GetAppliedToPeer

func (b *ClusterNetworkPolicySpecBuilder) GetAppliedToPeer(podSelector map[string]string,
	nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement,
	nsSelectorMatchExp []metav1.LabelSelectorRequirement,
	appliedToCG string,
	service *crdv1alpha1.NamespacedName) crdv1alpha1.AppliedTo

func (*ClusterNetworkPolicySpecBuilder) SetAppliedToGroup

func (*ClusterNetworkPolicySpecBuilder) SetName

func (*ClusterNetworkPolicySpecBuilder) SetPriority

func (*ClusterNetworkPolicySpecBuilder) SetTier

func (*ClusterNetworkPolicySpecBuilder) WithEgressDNS

AddEgressDNS mutates the nth policy rule to allow DNS, convenience method

type ExternalNodeSpecBuilder added in v1.8.0

type ExternalNodeSpecBuilder struct {
	// contains filtered or unexported fields
}

func (*ExternalNodeSpecBuilder) AddInterface added in v1.8.0

func (t *ExternalNodeSpecBuilder) AddInterface(name string, ips []string) *ExternalNodeSpecBuilder

func (*ExternalNodeSpecBuilder) AddLabels added in v1.8.0

func (*ExternalNodeSpecBuilder) Get added in v1.8.0

func (*ExternalNodeSpecBuilder) SetName added in v1.8.0

func (t *ExternalNodeSpecBuilder) SetName(namespace string, name string) *ExternalNodeSpecBuilder

type GroupSpecBuilder added in v1.8.0

type GroupSpecBuilder struct {
	Spec      crdv1alpha3.GroupSpec
	Name      string
	Namespace string
}

GroupSpecBuilder builds a Group object.

func (*GroupSpecBuilder) Get added in v1.8.0

func (*GroupSpecBuilder) SetChildGroups added in v1.8.0

func (b *GroupSpecBuilder) SetChildGroups(cgs []string) *GroupSpecBuilder

func (*GroupSpecBuilder) SetIPBlocks added in v1.8.0

func (b *GroupSpecBuilder) SetIPBlocks(ipBlocks []crdv1alpha1.IPBlock) *GroupSpecBuilder

func (*GroupSpecBuilder) SetName added in v1.8.0

func (b *GroupSpecBuilder) SetName(name string) *GroupSpecBuilder

func (*GroupSpecBuilder) SetNamespace added in v1.8.0

func (b *GroupSpecBuilder) SetNamespace(namespace string) *GroupSpecBuilder

func (*GroupSpecBuilder) SetNamespaceSelector added in v1.8.0

func (b *GroupSpecBuilder) SetNamespaceSelector(nsSelector map[string]string, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *GroupSpecBuilder

func (*GroupSpecBuilder) SetPodSelector added in v1.8.0

func (b *GroupSpecBuilder) SetPodSelector(podSelector map[string]string, podSelectorMatchExp []metav1.LabelSelectorRequirement) *GroupSpecBuilder

func (*GroupSpecBuilder) SetServiceReference added in v1.8.0

func (b *GroupSpecBuilder) SetServiceReference(svcNS, svcName string) *GroupSpecBuilder

type NetworkPolicySpecBuilder

type NetworkPolicySpecBuilder struct {
	Spec      networkingv1.NetworkPolicySpec
	Name      string
	Namespace string
}

func (*NetworkPolicySpecBuilder) AddEgress

func (n *NetworkPolicySpecBuilder) AddEgress(protoc v1.Protocol, port *int32, portName *string, cidr *string, exceptCIDRs []string,
	podSelector map[string]string, nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *NetworkPolicySpecBuilder

func (*NetworkPolicySpecBuilder) AddIngress

func (n *NetworkPolicySpecBuilder) AddIngress(protoc v1.Protocol, port *int32, portName *string, cidr *string, exceptCIDRs []string,
	podSelector map[string]string, nsSelector map[string]string,
	podSelectorMatchExp []metav1.LabelSelectorRequirement, nsSelectorMatchExp []metav1.LabelSelectorRequirement) *NetworkPolicySpecBuilder

TODO: Add tests to match expressions

func (*NetworkPolicySpecBuilder) Get

func (*NetworkPolicySpecBuilder) SetName

func (n *NetworkPolicySpecBuilder) SetName(namespace string, name string) *NetworkPolicySpecBuilder

func (*NetworkPolicySpecBuilder) SetPodSelector

func (n *NetworkPolicySpecBuilder) SetPodSelector(labels map[string]string) *NetworkPolicySpecBuilder

func (*NetworkPolicySpecBuilder) SetTypeBoth

func (*NetworkPolicySpecBuilder) SetTypeEgress

func (*NetworkPolicySpecBuilder) SetTypeIngress

func (*NetworkPolicySpecBuilder) WithEgressDNS

AddEgressDNS mutates the nth policy rule to allow DNS, convenience method

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL