types

package
v1.7.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package types contains common types in the antrea-controller.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateNormalizedName added in v1.6.0

func GenerateNormalizedName(namespace string, podSelector, nsSelector, eeSelector labels.Selector, nodeSelector labels.Selector) string

GenerateNormalizedName generates a string, based on the selectors, in the following format: "namespace=NamespaceName And podSelector=normalizedPodSelector". Note: Namespace and nsSelector may or may not be set depending on the selector. However, they cannot be set simultaneously.

Types

type AddressGroup

type AddressGroup struct {
	SpanMeta
	// UID is generated from the hash value of GroupSelector.NormalizedName.
	// In case the AddressGroup is created for a ClusterGroup, the UID is
	// that of the corresponding ClusterGroup.
	UID types.UID
	// Name of this group, currently it's same as UID.
	Name string
	// Selector describes how the group selects pods to get their addresses.
	Selector GroupSelector
	// GroupMembers is a set of GroupMembers selected by this group.
	// It will be converted to a slice of GroupMember for transferring according
	// to client's selection.
	GroupMembers controlplane.GroupMemberSet
}

AddressGroup describes a set of addresses used as source or destination of Network Policy rules.

type AppliedToGroup

type AppliedToGroup struct {
	SpanMeta
	// UID is generated from the hash value of GroupSelector.NormalizedName.
	// In case the AppliedToGroup is created for a ClusterGroup, the UID is
	// that of the corresponding ClusterGroup.
	UID types.UID
	// Name of this group, currently it's same as UID.
	Name string
	// Selector describes how the group selects pods.
	Selector GroupSelector
	// GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node,
	// either GroupMembers or ExternalEntity on the external node.
	// It will be converted to a slice of GroupMember for transferring according
	// to client's selection.
	GroupMemberByNode map[string]controlplane.GroupMemberSet
}

AppliedToGroup describes a set of GroupMembers to apply Network Policies to.

type EgressGroup

type EgressGroup struct {
	SpanMeta
	// UID of this EgressGroup, it's same as the UID of the Egress.
	UID types.UID
	// Name of this EgressGroup, it's same as the name of the Egress.
	Name string
	// GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node.
	// It will be converted to a slice of GroupMember for transferring according to client's selection.
	GroupMemberByNode map[string]controlplane.GroupMemberSet
}

EgressGroup describes a set of GroupMembers to apply Egress to. TODO: Unify it with NetworkPolicy AppliedToGroup.

type Group

type Group struct {
	// UID is a unique identifier of this internal Group. It is same as that of the ClusterGroup
	// resource UID.
	UID types.UID
	// Name of the ClusterGroup for which this internal Group is created.
	Name string
	// MembersComputed knows whether the controller has computed the comprehensive members
	// of the Group. It is updated during the syncInternalGroup process.
	MembersComputed v1.ConditionStatus
	// Selector describes how the internal group selects Pods to get their addresses.
	// Selector is nil if Group is defined with ipBlock, or if it has ServiceReference
	// and has not been processed by the controller yet / Service cannot be found.
	Selector *GroupSelector
	IPBlocks []controlplane.IPBlock
	// ServiceReference is reference to a v1.Service, which this Group keeps in sync
	// and updates Selector based on the Service's selector.
	ServiceReference *controlplane.ServiceReference
	// ChildGroups is the list of Group names that belongs to this Group.
	ChildGroups []string
}

Group describes a set of GroupMembers which can be referenced in Antrea-native NetworkPolicies. These Groups can then be converted to AppliedToGroup or AddressGroup. Each internal Group corresponds to a single ClusterGroup, i.e. unlike AppliedTo/AddressGroups created for standalone selectors, these internal Groups are not shared by ClusterGroups created with same selectors.

type GroupSelector

type GroupSelector struct {
	// The normalized name is calculated from Namespace, PodSelector, ExternalEntitySelector and NamespaceSelector.
	// If multiple policies have same standalone selectors, they should share this group by comparing NormalizedName.
	// It's also used to generate Name and UUID of AddressGroup or AppliedToGroup.
	// Internal Groups corresponding to the ClusterGroups use the NormalizedName to detect if there is a change in
	// the selectors.
	NormalizedName string
	// If Namespace is set, NamespaceSelector can not be set. It means only GroupMembers in this Namespace will be matched.
	Namespace string
	// This is a label selector which selects GroupMembers. If Namespace is also set, it selects the GroupMembers in the Namespace.
	// If NamespaceSelector is set instead, it selects the GroupMembers in the Namespaces selected by NamespaceSelector.
	// If Namespace and NamespaceSelector both are unset, it selects the GroupMembers in all the Namespaces.
	PodSelector labels.Selector
	// This is a label selector which selects Namespaces. If this field is set, Namespace can not be set.
	NamespaceSelector labels.Selector
	// This is a label selector which selects ExternalEntities. Within a group, ExternalEntitySelector cannot be
	// set concurrently with PodSelector. If Namespace is also set, it selects the ExternalEntities in the Namespace.
	// If NamespaceSelector is set instead, it selects ExternalEntities in the Namespaces selected by NamespaceSelector.
	// If Namespace and NamespaceSelector both are unset, it selects the ExternalEntities in all the Namespaces.
	// TODO: Add validation in API to not allow externalEntitySelector and podSelector in the same group.
	ExternalEntitySelector labels.Selector

	// This is a label selector which selects certain Node IPs. Within a group NodeSelector cannot be set together with
	// other selectors: Namespace/NamespaceSelector/PodSelector/ExternalEntitySelector.
	NodeSelector labels.Selector
}

GroupSelector describes how to select GroupMembers.

func NewGroupSelector

func NewGroupSelector(namespace string, podSelector, nsSelector, extEntitySelector, nodeSelector *metav1.LabelSelector) *GroupSelector

NewGroupSelector converts the podSelector, namespaceSelector, externalEntitySelector and nodeSelector and NetworkPolicy Namespace to a networkpolicy.GroupSelector object.

type NetworkPolicy

type NetworkPolicy struct {
	SpanMeta
	// UID of the internal NetworkPolicy.
	UID types.UID
	// Name of the internal Network Policy, must be unique across all Network Policy types.
	Name string
	// Generation of the internal Network Policy. It's inherited from the original Network Policy.
	Generation int64
	// Reference to the original Network Policy.
	SourceRef *controlplane.NetworkPolicyReference
	// Priority represents the relative priority of this NetworkPolicy as compared to
	// other NetworkPolicies. Priority will be unset (nil) for K8s NetworkPolicy.
	Priority *float64
	// Rules is a list of rules to be applied to the selected GroupMembers.
	Rules []controlplane.NetworkPolicyRule
	// AppliedToGroups is a list of names of AppliedToGroups to which this policy applies.
	AppliedToGroups []string
	// TierPriority represents the priority of the Tier associated with this Network
	// Policy.
	TierPriority *int32
	// AppliedToPerRule tracks if appliedTo is set per rule basis rather than in policy spec.
	// Must be false for K8s NetworkPolicy.
	AppliedToPerRule bool
	// PerNamespaceSelectors maintains a list of unique Namespace selectors of appliedTo groups
	// of the NetworkPolicy, for which a per-namespace rule is created.
	// It is used as an index so that Namespace updates can trigger corresponding rules
	// to re-calculate affected Namespaces.
	// It is set only for AntreaClusterNetworkPolicies with per-namespace rules.
	PerNamespaceSelectors []labels.Selector
}

NetworkPolicy describes what network traffic is allowed for a set of GroupMembers.

type Span

type Span interface {
	Has(nodeName string) bool
}

Span provides methods to work with SpanMeta and objects composed of it.

type SpanMeta

type SpanMeta struct {
	// NodeNames is a set of node names that this object should be sent to.
	// nil means it's not calculated yet while empty set means the span is 0 Node.
	NodeNames sets.String
}

SpanMeta describes the span information of an object.

func (*SpanMeta) Has

func (meta *SpanMeta) Has(nodeName string) bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL