Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ClusterNetworkPolicy
- type ClusterNetworkPolicyList
- type ClusterNetworkPolicySpec
- type Destination
- type ICMPEchoRequestHeader
- type IPBlock
- type IPHeader
- type IPv6Header
- type NamespaceMatchType
- type NetworkPolicy
- type NetworkPolicyList
- type NetworkPolicyPeer
- type NetworkPolicyPhase
- type NetworkPolicyPort
- type NetworkPolicySpec
- type NetworkPolicyStatus
- type NodeResult
- type Observation
- type Packet
- type PeerNamespaces
- type Rule
- type RuleAction
- type ServiceReference
- type Source
- type TCPHeader
- type Tier
- type TierList
- type TierSpec
- type Traceflow
- type TraceflowAction
- type TraceflowComponent
- type TraceflowList
- type TraceflowPhase
- type TraceflowSpec
- type TraceflowStatus
- type TransportHeader
- type UDPHeader
Constants ¶
const ( ICMPProtocol int32 = 1 TCPProtocol int32 = 6 UDPProtocol int32 = 17 SCTPProtocol int32 = 132 )
List the supported protocols and their codes in traceflow. According to code in Antrea agent and controller, default protocol is ICMP if protocol is not inputted by users.
const ( DstTypePod = "Pod" DstTypeService = "Service" DstTypeIPv4 = "IPv4" )
List the supported destination types in traceflow.
const ( EtherTypeIPv4 uint16 = 0x0800 EtherTypeIPv6 uint16 = 0x86DD )
List the ethernet types.
const DefaultTraceflowTimeout uint16 = 20
Default timeout in seconds.
const GroupName = "crd.antrea.io"
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var ProtocolsToString = map[int32]string{ TCPProtocol: "TCP", UDPProtocol: "UDP", ICMPProtocol: "ICMP", SCTPProtocol: "SCTP", }
var SchemeGroupVersion = schema.GroupVersion{ Group: GroupName, Version: "v1alpha1", }
var SupportedDestinationTypes = []string{ DstTypePod, DstTypeService, DstTypeIPv4, }
var SupportedProtocols = map[string]int32{ "TCP": TCPProtocol, "UDP": UDPProtocol, "ICMP": ICMPProtocol, }
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Types ¶
type ClusterNetworkPolicy ¶
type ClusterNetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of ClusterNetworkPolicy. Spec ClusterNetworkPolicySpec `json:"spec"` // Most recently observed status of the NetworkPolicy. Status NetworkPolicyStatus `json:"status"` }
func (*ClusterNetworkPolicy) DeepCopy ¶
func (in *ClusterNetworkPolicy) DeepCopy() *ClusterNetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicy.
func (*ClusterNetworkPolicy) DeepCopyInto ¶
func (in *ClusterNetworkPolicy) DeepCopyInto(out *ClusterNetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicy) DeepCopyObject ¶
func (in *ClusterNetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicyList ¶
type ClusterNetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterNetworkPolicy `json:"items"` }
func (*ClusterNetworkPolicyList) DeepCopy ¶
func (in *ClusterNetworkPolicyList) DeepCopy() *ClusterNetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyList.
func (*ClusterNetworkPolicyList) DeepCopyInto ¶
func (in *ClusterNetworkPolicyList) DeepCopyInto(out *ClusterNetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicyList) DeepCopyObject ¶
func (in *ClusterNetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicySpec ¶
type ClusterNetworkPolicySpec struct { // Tier specifies the tier to which this ClusterNetworkPolicy belongs to. // The ClusterNetworkPolicy order will be determined based on the // combination of the Tier's Priority and the ClusterNetworkPolicy's own // Priority. If not specified, this policy will be created in the Application // Tier right above the K8s NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the ClusterNetworkPolicy relative to // other AntreaClusterNetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. Cannot be set in // conjunction with AppliedTo in each rule. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.
func (*ClusterNetworkPolicySpec) DeepCopy ¶
func (in *ClusterNetworkPolicySpec) DeepCopy() *ClusterNetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySpec.
func (*ClusterNetworkPolicySpec) DeepCopyInto ¶
func (in *ClusterNetworkPolicySpec) DeepCopyInto(out *ClusterNetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Destination ¶
type Destination struct { // Namespace is the destination namespace. Namespace string `json:"namespace,omitempty"` // Pod is the destination pod, exclusive with destination service. Pod string `json:"pod,omitempty"` // Service is the destination service, exclusive with destination pod. Service string `json:"service,omitempty"` // IP is the destination IPv4 or IPv6 address. IP string `json:"ip,omitempty"` }
Destination describes the destination spec of the traceflow.
func (*Destination) DeepCopy ¶
func (in *Destination) DeepCopy() *Destination
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination.
func (*Destination) DeepCopyInto ¶
func (in *Destination) DeepCopyInto(out *Destination)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ICMPEchoRequestHeader ¶
type ICMPEchoRequestHeader struct { // ID is the ICMPEchoRequestHeader ID. ID int32 `json:"id,omitempty"` // Sequence is the ICMPEchoRequestHeader sequence. Sequence int32 `json:"sequence,omitempty"` }
ICMPEchoRequestHeader describes spec of an ICMP echo request header.
func (*ICMPEchoRequestHeader) DeepCopy ¶
func (in *ICMPEchoRequestHeader) DeepCopy() *ICMPEchoRequestHeader
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ICMPEchoRequestHeader.
func (*ICMPEchoRequestHeader) DeepCopyInto ¶
func (in *ICMPEchoRequestHeader) DeepCopyInto(out *ICMPEchoRequestHeader)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPBlock ¶
type IPBlock struct { // CIDR is a string representing the IP Block // Valid examples are "192.168.1.1/24". CIDR string `json:"cidr"` }
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.
func (*IPBlock) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (*IPBlock) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPHeader ¶
type IPHeader struct { // SrcIP is the source IP. SrcIP string `json:"srcIP,omitempty" yaml:"srcIP,omitempty"` // Protocol is the IP protocol. Protocol int32 `json:"protocol,omitempty" yaml:"protocol,omitempty"` // TTL is the IP TTL. TTL int32 `json:"ttl,omitempty" yaml:"ttl,omitempty"` // Flags is the flags for IP. Flags int32 `json:"flags,omitempty" yaml:"flags,omitempty"` }
IPHeader describes spec of an IPv4 header.
func (*IPHeader) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPHeader.
func (*IPHeader) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPv6Header ¶
type IPv6Header struct { // SrcIP is the source IPv6. SrcIP string `json:"srcIP,omitempty" yaml:"srcIP,omitempty"` // NextHeader is the IPv6 protocol. NextHeader *int32 `json:"nextHeader,omitempty" yaml:"nextHeader,omitempty"` // HopLimit is the IPv6 Hop Limit. HopLimit int32 `json:"hopLimit,omitempty" yaml:"hopLimit,omitempty"` }
IPv6Header describes spec of an IPv6 header.
func (*IPv6Header) DeepCopy ¶
func (in *IPv6Header) DeepCopy() *IPv6Header
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6Header.
func (*IPv6Header) DeepCopyInto ¶
func (in *IPv6Header) DeepCopyInto(out *IPv6Header)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NamespaceMatchType ¶
type NamespaceMatchType string
NamespaceMatchType describes Namespace matching strategy.
const (
NamespaceMatchSelf NamespaceMatchType = "Self"
)
type NetworkPolicy ¶
type NetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of NetworkPolicy. Spec NetworkPolicySpec `json:"spec"` // Most recently observed status of the NetworkPolicy. Status NetworkPolicyStatus `json:"status"` }
func (*NetworkPolicy) DeepCopy ¶
func (in *NetworkPolicy) DeepCopy() *NetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy.
func (*NetworkPolicy) DeepCopyInto ¶
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicy) DeepCopyObject ¶
func (in *NetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyList ¶
type NetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []NetworkPolicy `json:"items"` }
func (*NetworkPolicyList) DeepCopy ¶
func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList.
func (*NetworkPolicyList) DeepCopyInto ¶
func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicyList) DeepCopyObject ¶
func (in *NetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyPeer ¶
type NetworkPolicyPeer struct { // IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. // IPBlock cannot be set as part of the AppliedTo field. // Cannot be set with any other selector. // +optional IPBlock *IPBlock `json:"ipBlock,omitempty"` // Select Pods from NetworkPolicy's Namespace as workloads in // AppliedTo/To/From fields. If set with NamespaceSelector, Pods are // matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. // +optional PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"` // Select all Pods from Namespaces matched by this selector, as // workloads in To/From fields. If set with PodSelector, // Pods are matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except PodSelector or // ExternalEntitySelector. Cannot be set with Namespaces. // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Select Pod/ExternalEntity from Namespaces matched by specifc criteria. // Current supported criteria is match: Self, which selects from the same // Namespace of the appliedTo workloads. // Cannot be set with any other selector except PodSelector or // ExternalEntitySelector. This field can only be set when NetworkPolicyPeer // is created for ClusterNetworkPolicy ingress/egress rules. // Cannot be set with NamespaceSelector. // +optional Namespaces *PeerNamespaces `json:"namespaces,omitempty"` // Select ExternalEntities from NetworkPolicy's Namespace as workloads // in AppliedTo/To/From fields. If set with NamespaceSelector, // ExternalEntities are matched from Namespaces matched by the // NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. // +optional ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"` // Group is the name of the ClusterGroup which can be set as an // AppliedTo or within an Ingress or Egress rule in place of // a stand-alone selector. A Group cannot be set with any other // selector. Group string `json:"group,omitempty"` // Restrict egress access to the Fully Qualified Domain Names prescribed // by name or by wildcard match patterns. This field can only be set for // NetworkPolicyPeer of egress rules. // Supported formats are: // Exact FQDNs, i.e. "google.com", "db-svc.default.svc.cluster.local" // Wildcard expressions, i.e. "*wayfair.com". FQDN string `json:"fqdn,omitempty"` }
NetworkPolicyPeer describes the grouping selector of workloads.
func (*NetworkPolicyPeer) DeepCopy ¶
func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer.
func (*NetworkPolicyPeer) DeepCopyInto ¶
func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicyPhase ¶
type NetworkPolicyPhase string
NetworkPolicyPhase defines the phase in which a NetworkPolicy is.
const ( // NetworkPolicyPending means the NetworkPolicy has been accepted by the system, but it has not been processed by Antrea. NetworkPolicyPending NetworkPolicyPhase = "Pending" // NetworkPolicyRealizing means the NetworkPolicy has been observed by Antrea and is being realized. NetworkPolicyRealizing NetworkPolicyPhase = "Realizing" // NetworkPolicyRealized means the NetworkPolicy has been enforced to all Pods on all Nodes it applies to. NetworkPolicyRealized NetworkPolicyPhase = "Realized" )
These are the valid values for NetworkPolicyPhase.
type NetworkPolicyPort ¶
type NetworkPolicyPort struct { // The protocol (TCP, UDP, or SCTP) which traffic must match. // If not specified, this field defaults to TCP. // +optional Protocol *v1.Protocol `json:"protocol,omitempty"` // The port on the given protocol. This can be either a numerical // or named port on a Pod. If this field is not provided, this // matches all port names and numbers. // +optional Port *intstr.IntOrString `json:"port,omitempty"` // EndPort defines the end of the port range, being the end included within the range. // It can only be specified when a numerical `port` is specified. // +optional EndPort *int32 `json:"endPort,omitempty"` }
NetworkPolicyPort describes the port and protocol to match in a rule.
func (*NetworkPolicyPort) DeepCopy ¶
func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort.
func (*NetworkPolicyPort) DeepCopyInto ¶
func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicySpec ¶
type NetworkPolicySpec struct { // Tier specifies the tier to which this NetworkPolicy belongs to. // The NetworkPolicy order will be determined based on the combination of the // Tier's Priority and the NetworkPolicy's own Priority. If not specified, // this policy will be created in the Application Tier right above the K8s // NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the NetworkPolicy relative to other // NetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. Cannot be set in // conjunction with AppliedTo in each rule. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
NetworkPolicySpec defines the desired state for NetworkPolicy.
func (*NetworkPolicySpec) DeepCopy ¶
func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.
func (*NetworkPolicySpec) DeepCopyInto ¶
func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicyStatus ¶
type NetworkPolicyStatus struct { // The phase of a NetworkPolicy is a simple, high-level summary of the NetworkPolicy's status. Phase NetworkPolicyPhase `json:"phase"` // The generation observed by Antrea. ObservedGeneration int64 `json:"observedGeneration"` // The number of nodes that have realized the NetworkPolicy. CurrentNodesRealized int32 `json:"currentNodesRealized"` // The total number of nodes that should realize the NetworkPolicy. DesiredNodesRealized int32 `json:"desiredNodesRealized"` }
NetworkPolicyStatus represents information about the status of a NetworkPolicy.
func (*NetworkPolicyStatus) DeepCopy ¶
func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
func (*NetworkPolicyStatus) DeepCopyInto ¶
func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NodeResult ¶
type NodeResult struct { // Node is the node of the observation. Node string `json:"node,omitempty" yaml:"node,omitempty"` // Role of the node like sender, receiver, etc. Role string `json:"role,omitempty" yaml:"role,omitempty"` // Timestamp is the timestamp of the observations on the node. Timestamp int64 `json:"timestamp,omitempty" yaml:"timestamp,omitempty"` // Observations includes all observations from sender nodes, receiver ones, etc. Observations []Observation `json:"observations,omitempty" yaml:"observations,omitempty"` }
func (*NodeResult) DeepCopy ¶
func (in *NodeResult) DeepCopy() *NodeResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeResult.
func (*NodeResult) DeepCopyInto ¶
func (in *NodeResult) DeepCopyInto(out *NodeResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Observation ¶
type Observation struct { // Component is the observation component. Component TraceflowComponent `json:"component,omitempty" yaml:"component,omitempty"` // ComponentInfo is the extension of Component field. ComponentInfo string `json:"componentInfo,omitempty" yaml:"componentInfo,omitempty"` // Action is the action to the observation. Action TraceflowAction `json:"action,omitempty" yaml:"action,omitempty"` // Pod is the combination of Pod name and Pod Namespace. Pod string `json:"pod,omitempty" yaml:"pod,omitempty"` // DstMAC is the destination MAC. DstMAC string `json:"dstMAC,omitempty" yaml:"dstMAC,omitempty"` // NetworkPolicy is the combination of Namespace and NetworkPolicyName. NetworkPolicy string `json:"networkPolicy,omitempty" yaml:"networkPolicy,omitempty"` // TTL is the observation TTL. TTL int32 `json:"ttl,omitempty" yaml:"ttl,omitempty"` // TranslatedSrcIP is the translated source IP. TranslatedSrcIP string `json:"translatedSrcIP,omitempty" yaml:"translatedSrcIP,omitempty"` // TranslatedDstIP is the translated destination IP. TranslatedDstIP string `json:"translatedDstIP,omitempty" yaml:"translatedDstIP,omitempty"` // TunnelDstIP is the tunnel destination IP. TunnelDstIP string `json:"tunnelDstIP,omitempty" yaml:"tunnelDstIP,omitempty"` }
Observation describes those from sender nodes or receiver nodes.
func (*Observation) DeepCopy ¶
func (in *Observation) DeepCopy() *Observation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Observation.
func (*Observation) DeepCopyInto ¶
func (in *Observation) DeepCopyInto(out *Observation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Packet ¶
type Packet struct { SrcIP string `json:"srcIP,omitempty"` DstIP string `json:"dstIP,omitempty"` // Length is the IP packet length (includes the IPv4 or IPv6 header length). Length uint16 `json:"length,omitempty"` // TODO: change type IPHeader to *IPHeader and correct all internal references IPHeader IPHeader `json:"ipHeader,omitempty"` IPv6Header *IPv6Header `json:"ipv6Header,omitempty"` TransportHeader TransportHeader `json:"transportHeader,omitempty"` }
Packet includes header info.
func (*Packet) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Packet.
func (*Packet) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PeerNamespaces ¶
type PeerNamespaces struct {
Match NamespaceMatchType `json:"match,omitempty"`
}
func (*PeerNamespaces) DeepCopy ¶
func (in *PeerNamespaces) DeepCopy() *PeerNamespaces
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerNamespaces.
func (*PeerNamespaces) DeepCopyInto ¶
func (in *PeerNamespaces) DeepCopyInto(out *PeerNamespaces)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct { // Action specifies the action to be applied on the rule. Action *RuleAction `json:"action"` // Set of port and protocol allowed/denied by the rule. If this field is unset // or empty, this rule matches all ports. // +optional Ports []NetworkPolicyPort `json:"ports,omitempty"` // Rule is matched if traffic originates from workloads selected by // this field. If this field is empty, this rule matches all sources. // +optional From []NetworkPolicyPeer `json:"from"` // Rule is matched if traffic is intended for workloads selected by // this field. This field can't be used with ToServices. If this field // and ToServices are both empty or missing this rule matches all destinations. // +optional To []NetworkPolicyPeer `json:"to"` // Rule is matched if traffic is intended for a Service listed in this field. // Currently only ClusterIP types Services are supported in this field. This field // can only be used when AntreaProxy is enabled. This field can't be used with To // or Ports. If this field and To are both empty or missing, this rule matches all // destinations. // +optional ToServices []ServiceReference `json:"toServices,omitempty"` // Name describes the intention of this rule. // Name should be unique within the policy. // +optional Name string `json:"name"` // EnableLogging is used to indicate if agent should generate logs // when rules are matched. Should be default to false. EnableLogging bool `json:"enableLogging"` // Select workloads on which this rule will be applied to. Cannot be set in // conjunction with NetworkPolicySpec/ClusterNetworkPolicySpec.AppliedTo. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` }
Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleAction ¶
type RuleAction string
RuleAction describes the action to be applied on traffic matching a rule.
const ( // RuleActionAllow describes that the traffic matching the rule must be allowed. RuleActionAllow RuleAction = "Allow" // RuleActionDrop describes that the traffic matching the rule must be dropped. RuleActionDrop RuleAction = "Drop" // RuleActionPass indicates that the traffic matching the rule will not be evalutated // by Antrea NetworkPolicy or ClusterNetworkPolicy, but rather punt to K8s namespaced // NetworkPolicy for evaluaion. RuleActionPass RuleAction = "Pass" // RuleActionReject indicates that the traffic matching the rule must be rejected and the // client will receive a response. RuleActionReject RuleAction = "Reject" )
type ServiceReference ¶ added in v1.4.0
type ServiceReference struct { // Name of the Service Name string `json:"name"` // Namespace of the Service Namespace string `json:"namespace,omitempty"` }
ServiceReference represents a reference to a v1.Service.
func (*ServiceReference) DeepCopy ¶ added in v1.4.0
func (in *ServiceReference) DeepCopy() *ServiceReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceReference.
func (*ServiceReference) DeepCopyInto ¶ added in v1.4.0
func (in *ServiceReference) DeepCopyInto(out *ServiceReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Source ¶
type Source struct { // Namespace is the source namespace. Namespace string `json:"namespace,omitempty"` // Pod is the source pod. Pod string `json:"pod,omitempty"` // IP is the source IPv4 or IPv6 address. IP as the source is supported // only for live-traffic Traceflow. IP string `json:"ip,omitempty"` }
Source describes the source spec of the traceflow.
func (*Source) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source.
func (*Source) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TCPHeader ¶
type TCPHeader struct { // SrcPort is the source port. SrcPort int32 `json:"srcPort,omitempty"` // DstPort is the destination port. DstPort int32 `json:"dstPort,omitempty"` // Flags are flags in the header. Flags int32 `json:"flags,omitempty"` }
TCPHeader describes spec of a TCP header.
func (*TCPHeader) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPHeader.
func (*TCPHeader) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Tier ¶
type Tier struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of Tier. Spec TierSpec `json:"spec"` }
func (*Tier) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tier.
func (*Tier) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Tier) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TierList ¶
type TierList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []Tier `json:"items"` }
func (*TierList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierList.
func (*TierList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TierList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TierSpec ¶
type TierSpec struct { // Priority specfies the order of the Tier relative to other Tiers. Priority int32 `json:"priority"` // Description is an optional field to add more information regarding // the purpose of this Tier. Description string `json:"description,omitempty"` }
TierSpec defines the desired state for Tier.
func (*TierSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierSpec.
func (*TierSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Traceflow ¶
type Traceflow struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec TraceflowSpec `json:"spec,omitempty"` Status TraceflowStatus `json:"status,omitempty"` }
func (*Traceflow) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Traceflow.
func (*Traceflow) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Traceflow) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TraceflowAction ¶
type TraceflowAction string
const ( ActionDelivered TraceflowAction = "Delivered" ActionReceived TraceflowAction = "Received" ActionForwarded TraceflowAction = "Forwarded" ActionDropped TraceflowAction = "Dropped" ActionRejected TraceflowAction = "Rejected" // ActionForwardedOutOfOverlay indicates that the packet has been forwarded out of the network // managed by Antrea. This indicates that the Traceflow request can be considered complete. ActionForwardedOutOfOverlay TraceflowAction = "ForwardedOutOfOverlay" )
type TraceflowComponent ¶
type TraceflowComponent string
const ( ComponentSpoofGuard TraceflowComponent = "SpoofGuard" ComponentLB TraceflowComponent = "LB" ComponentRouting TraceflowComponent = "Routing" ComponentNetworkPolicy TraceflowComponent = "NetworkPolicy" ComponentForwarding TraceflowComponent = "Forwarding" )
type TraceflowList ¶
type TraceflowList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []Traceflow `json:"items"` }
func (*TraceflowList) DeepCopy ¶
func (in *TraceflowList) DeepCopy() *TraceflowList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TraceflowList.
func (*TraceflowList) DeepCopyInto ¶
func (in *TraceflowList) DeepCopyInto(out *TraceflowList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TraceflowList) DeepCopyObject ¶
func (in *TraceflowList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TraceflowPhase ¶
type TraceflowPhase string
const ( // Pending is not used anymore Pending TraceflowPhase = "Pending" Running TraceflowPhase = "Running" Succeeded TraceflowPhase = "Succeeded" Failed TraceflowPhase = "Failed" )
type TraceflowSpec ¶
type TraceflowSpec struct { Source Source `json:"source,omitempty"` Destination Destination `json:"destination,omitempty"` Packet Packet `json:"packet,omitempty"` // LiveTraffic indicates the Traceflow is to trace the live traffic // rather than an injected packet, when set to true. The first packet of // the first connection that matches the packet spec will be traced. LiveTraffic bool `json:"liveTraffic,omitempty"` // DroppedOnly indicates only the dropped packet should be captured in a // live-traffic Traceflow. DroppedOnly bool `json:"droppedOnly,omitempty"` // Timeout specifies the timeout of the Traceflow in seconds. Defaults // to 20 seconds if not set. Timeout uint16 `json:"timeout,omitempty"` }
TraceflowSpec describes the spec of the traceflow.
func (*TraceflowSpec) DeepCopy ¶
func (in *TraceflowSpec) DeepCopy() *TraceflowSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TraceflowSpec.
func (*TraceflowSpec) DeepCopyInto ¶
func (in *TraceflowSpec) DeepCopyInto(out *TraceflowSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TraceflowStatus ¶
type TraceflowStatus struct { // Phase is the Traceflow phase. Phase TraceflowPhase `json:"phase,omitempty"` // Reason is a message indicating the reason of the traceflow's current phase. Reason string `json:"reason,omitempty"` // StartTime is the time at which the Traceflow as started by the Antrea Controller. // Before K8s v1.20, null values (field not set) are not pruned, and a CR where a // metav1.Time field is not set would fail OpenAPI validation (type string). The // recommendation seems to be to use a pointer instead, and the field will be omitted when // serializing. // See https://github.com/kubernetes/kubernetes/issues/86811 StartTime *metav1.Time `json:"startTime,omitempty"` // DataplaneTag is a tag to identify a traceflow session across Nodes. DataplaneTag uint8 `json:"dataplaneTag,omitempty"` // Results is the collection of all observations on different nodes. Results []NodeResult `json:"results,omitempty"` // CapturedPacket is the captured packet in live-traffic Traceflow. CapturedPacket *Packet `json:"capturedPacket,omitempty"` }
TraceflowStatus describes current status of the traceflow.
func (*TraceflowStatus) DeepCopy ¶
func (in *TraceflowStatus) DeepCopy() *TraceflowStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TraceflowStatus.
func (*TraceflowStatus) DeepCopyInto ¶
func (in *TraceflowStatus) DeepCopyInto(out *TraceflowStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TransportHeader ¶
type TransportHeader struct { ICMP *ICMPEchoRequestHeader `json:"icmp,omitempty" yaml:"icmp,omitempty"` UDP *UDPHeader `json:"udp,omitempty" yaml:"udp,omitempty"` TCP *TCPHeader `json:"tcp,omitempty" yaml:"tcp,omitempty"` }
TransportHeader describes spec of a TransportHeader.
func (*TransportHeader) DeepCopy ¶
func (in *TransportHeader) DeepCopy() *TransportHeader
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TransportHeader.
func (*TransportHeader) DeepCopyInto ¶
func (in *TransportHeader) DeepCopyInto(out *TransportHeader)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UDPHeader ¶
type UDPHeader struct { // SrcPort is the source port. SrcPort int32 `json:"srcPort,omitempty"` // DstPort is the destination port. DstPort int32 `json:"dstPort,omitempty"` }
UDPHeader describes spec of a UDP header.
func (*UDPHeader) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UDPHeader.
func (*UDPHeader) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.