Documentation
¶
Index ¶
- Variables
- type Config
- type DataPlane
- func (dp *DataPlane) AddPolicy(policy *policies.NPMNetworkPolicy) error
- func (dp *DataPlane) AddToLists(listName, setNames []*ipsets.IPSetMetadata) error
- func (dp *DataPlane) AddToSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
- func (dp *DataPlane) ApplyDataPlane() error
- func (dp *DataPlane) BootupDataplane() error
- func (dp *DataPlane) CreateIPSets(setMetadata []*ipsets.IPSetMetadata)
- func (dp *DataPlane) DeleteIPSet(setMetadata *ipsets.IPSetMetadata, forceDelete util.DeleteOption)
- func (dp *DataPlane) FinishBootupPhase()
- func (dp *DataPlane) GetAllIPSets() map[string]string
- func (dp *DataPlane) GetAllPolicies() []string
- func (dp *DataPlane) GetIPSet(setName string) *ipsets.IPSet
- func (dp *DataPlane) RemoveFromList(listName *ipsets.IPSetMetadata, setNames []*ipsets.IPSetMetadata) error
- func (dp *DataPlane) RemoveFromSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
- func (dp *DataPlane) RemovePolicy(policyKey string) error
- func (dp *DataPlane) RunPeriodicTasks()
- func (dp *DataPlane) UpdatePolicy(policy *policies.NPMNetworkPolicy) error
- type GenericDataplane
- type PodMetadata
- type PolicyMode
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidApplyConfig = errors.New("invalid apply config") ErrIncorrectNumberOfNetPols = errors.New("expected to have exactly one netpol since dp.netPolInBackground == false") )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// ApplyInBackground is currently used in Windows to apply the following in background: IPSets and NetPols for new/updated Pods
ApplyInBackground bool
ApplyMaxBatches int
ApplyInterval time.Duration
// NetPolInBackground is currently used in Linux to apply NetPol controller Add events in the background
NetPolInBackground bool
MaxPendingNetPols int
NetPolInterval time.Duration
*ipsets.IPSetManagerCfg
*policies.PolicyManagerCfg
// contains filtered or unexported fields
}
TODO put NodeName in Config?
type DataPlane ¶
type DataPlane struct {
*Config
// contains filtered or unexported fields
}
func NewDataPlane ¶
func (*DataPlane) AddPolicy ¶
func (dp *DataPlane) AddPolicy(policy *policies.NPMNetworkPolicy) error
AddPolicy takes in a translated NPMNetworkPolicy object and applies on dataplane
func (*DataPlane) AddToLists ¶
func (dp *DataPlane) AddToLists(listName, setNames []*ipsets.IPSetMetadata) error
AddToLists takes a list name and list of sets which are to be added as members to given list
func (*DataPlane) AddToSets ¶
func (dp *DataPlane) AddToSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
AddToSets takes in a list of IPSet names along with IP member and then updates it local cache
func (*DataPlane) ApplyDataPlane ¶
ApplyDataPlane all the IPSet operations just update cache and update a dirty ipset structure, they do not change apply changes into dataplane. This function needs to be called at the end of IPSet operations of a given controller event, it will check for the dirty ipset list and accordingly makes changes in dataplane. This function helps emulate a single call to dataplane instead of multiple ipset operations calls ipset operations calls to dataplane
func (*DataPlane) BootupDataplane ¶
BootupDataplane cleans the NPM sets and policies in the dataplane and performs initialization.
func (*DataPlane) CreateIPSets ¶
func (dp *DataPlane) CreateIPSets(setMetadata []*ipsets.IPSetMetadata)
CreateIPSets takes in a set object and updates local cache with this set
func (*DataPlane) DeleteIPSet ¶
func (dp *DataPlane) DeleteIPSet(setMetadata *ipsets.IPSetMetadata, forceDelete util.DeleteOption)
DeleteSet checks for members and references of the given "set" type ipset if not used then will delete it from cache
func (*DataPlane) FinishBootupPhase ¶
func (dp *DataPlane) FinishBootupPhase()
FinishBootupPhase marks the point when Pod Controller is starting to run, so dp.AddPolicy() can no longer apply IPSets in the background. This function must be called on Windows when ApplyInBackground is true.
func (*DataPlane) GetAllIPSets ¶
func (*DataPlane) GetAllPolicies ¶
GetAllPolicies is deprecated and only used in the goalstateprocessor, which is deprecated
func (*DataPlane) RemoveFromList ¶
func (dp *DataPlane) RemoveFromList(listName *ipsets.IPSetMetadata, setNames []*ipsets.IPSetMetadata) error
RemoveFromList takes a list name and list of sets which are to be removed as members to given list
func (*DataPlane) RemoveFromSets ¶
func (dp *DataPlane) RemoveFromSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
RemoveFromSets takes in list of setnames from which a given IP member should be removed and will update the local cache
func (*DataPlane) RemovePolicy ¶
RemovePolicy takes in network policyKey (namespace/name of network policy) and removes it from dataplane and cache
func (*DataPlane) RunPeriodicTasks ¶
func (dp *DataPlane) RunPeriodicTasks()
RunPeriodicTasks runs periodic tasks. Should only be called once.
func (*DataPlane) UpdatePolicy ¶
func (dp *DataPlane) UpdatePolicy(policy *policies.NPMNetworkPolicy) error
UpdatePolicy takes in updated policy object, calculates the delta and applies changes onto dataplane accordingly
type GenericDataplane ¶
type GenericDataplane interface {
BootupDataplane() error
FinishBootupPhase()
RunPeriodicTasks()
GetAllIPSets() map[string]string
GetIPSet(setName string) *ipsets.IPSet
CreateIPSets(setMetadatas []*ipsets.IPSetMetadata)
DeleteIPSet(setMetadata *ipsets.IPSetMetadata, deleteOption util.DeleteOption)
AddToSets(setMetadatas []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
RemoveFromSets(setMetadatas []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
AddToLists(listMetadatas []*ipsets.IPSetMetadata, setMetadatas []*ipsets.IPSetMetadata) error
RemoveFromList(listMetadata *ipsets.IPSetMetadata, setMetadatas []*ipsets.IPSetMetadata) error
ApplyDataPlane() error
// GetAllPolicies is deprecated and only used in the goalstateprocessor, which is deprecated
GetAllPolicies() []string
AddPolicy(policies *policies.NPMNetworkPolicy) error
RemovePolicy(PolicyKey string) error
UpdatePolicy(policies *policies.NPMNetworkPolicy) error
}
type PodMetadata ¶
PodMetadata is what is passed to dataplane to specify pod ipset todo definitely requires further optimization between the intersection of types, PodMetadata, NpmPod and corev1.pod
func NewPodMetadata ¶
func NewPodMetadata(podKey, podIP, nodeName string) *PodMetadata
func (*PodMetadata) Namespace ¶
func (p *PodMetadata) Namespace() string
type PolicyMode ¶
type PolicyMode string
Source Files
Directories