ipsets

package
v1.4.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2021 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Unknown SetType
	UnknownType SetType = 0
	// NameSpace IPSet is created to hold
	// ips of pods in a given NameSapce
	NameSpace SetType = 1
	// KeyLabelOfNameSpace IPSet is a list kind ipset
	// with members as ipsets of namespace with this Label Key
	KeyLabelOfNameSpace SetType = 2
	// KeyValueLabelOfNameSpace IPSet is a list kind ipset
	// with members as ipsets of namespace with this Label
	KeyValueLabelOfNameSpace SetType = 3
	// KeyLabelOfPod IPSet contains IPs of Pods with this Label Key
	KeyLabelOfPod SetType = 4
	// KeyValueLabelOfPod IPSet contains IPs of Pods with this Label
	KeyValueLabelOfPod SetType = 5
	// NamedPorts IPSets contains a given namedport
	NamedPorts SetType = 6
	// NestedLabelOfPod is derived for multivalue matchexpressions
	NestedLabelOfPod SetType = 7
	// CIDRBlocks holds CIDR blocks
	CIDRBlocks SetType = 8
	// Unknown const for unknown string
	Unknown string = "unknown"
)

Variables

View Source 
var (

	// ErrIPSetInvalidKind is returned when IPSet kind is invalid
	ErrIPSetInvalidKind = errors.New("invalid IPSet Kind")
)

Functions

This section is empty.

Types

type IPSet 

type IPSet struct {
	Name       string
	HashedName string
	// SetProperties embedding set properties
	SetProperties
	// IpPodKey is used for setMaps to store Ips and ports as keys
	// and podKey as value
	IPPodKey map[string]string
	// This is used for listMaps to store child IP Sets
	MemberIPSets map[string]*IPSet
	// Using a map to emulate set and value as struct{} for
	// minimal memory consumption
	// SelectorReference holds networkpolicy names where this IPSet
	// is being used in PodSelector and NameSpace
	SelectorReference map[string]struct{}
	// NetPolReference holds networkpolicy names where this IPSet
	// is being referred as part of rules
	NetPolReference map[string]struct{}
	// contains filtered or unexported fields
}

func NewIPSet 

func NewIPSet(setMetadata *IPSetMetadata) *IPSet

func (*IPSet) Compare added in v1.4.13 

func (set *IPSet) Compare(newSet *IPSet) bool

Compare checks if two ipsets are same

func (*IPSet) GetSetContents 

func (set *IPSet) GetSetContents() ([]string, error)

func (*IPSet) ShallowCompare 

func (set *IPSet) ShallowCompare(newSet *IPSet) bool

ShallowCompare check if the properties of IPSets are same

type IPSetManager 

type IPSetManager struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewIPSetManager 

func NewIPSetManager(iMgrCfg *IPSetManagerCfg, ioShim *common.IOShim) *IPSetManager

func (*IPSetManager) AddReference 

func (iMgr *IPSetManager) AddReference(setName, referenceName string, referenceType ReferenceType) error

AddReference takes in the prefixed setname and adds relevant reference

func (*IPSetManager) AddToList added in v1.4.13 

func (iMgr *IPSetManager) AddToList(listMetadata *IPSetMetadata, setMetadatas []*IPSetMetadata) error

func (*IPSetManager) AddToSet added in v1.4.13 

func (iMgr *IPSetManager) AddToSet(addToSets []*IPSetMetadata, ip, podKey string) error

func (*IPSetManager) ApplyIPSets 

func (iMgr *IPSetManager) ApplyIPSets(networkID string) error

func (*IPSetManager) CreateIPSet added in v1.4.13 

func (iMgr *IPSetManager) CreateIPSet(setMetadata *IPSetMetadata)

func (*IPSetManager) DeleteIPSet 

func (iMgr *IPSetManager) DeleteIPSet(name string)

DeleteIPSet expects the prefixed ipset name

func (*IPSetManager) DeleteReference 

func (iMgr *IPSetManager) DeleteReference(setName, referenceName string, referenceType ReferenceType) error

DeleteReference takes in the prefixed setname and removes relevant reference

func (*IPSetManager) GetIPSet 

func (iMgr *IPSetManager) GetIPSet(name string) *IPSet

GetIPSet needs the prefixed ipset name

func (*IPSetManager) GetIPsFromSelectorIPSets added in v1.4.13 

func (iMgr *IPSetManager) GetIPsFromSelectorIPSets(setList map[string]struct{}) (map[string]struct{}, error)

GetIPsFromSelectorIPSets will take in a map of prefixedSetNames and return an intersection of IPs

func (*IPSetManager) GetSelectorReferencesBySet added in v1.4.13 

func (iMgr *IPSetManager) GetSelectorReferencesBySet(setName string) (map[string]struct{}, error)

func (*IPSetManager) RemoveFromList 

func (iMgr *IPSetManager) RemoveFromList(listMetadata *IPSetMetadata, setMetadatas []*IPSetMetadata) error

func (*IPSetManager) RemoveFromSet added in v1.4.13 

func (iMgr *IPSetManager) RemoveFromSet(removeFromSets []*IPSetMetadata, ip, podKey string) error

func (*IPSetManager) ResetIPSets 

func (iMgr *IPSetManager) ResetIPSets() error

type IPSetManagerCfg 

type IPSetManagerCfg struct {
	IPSetMode   IPSetMode
	NetworkName string
}

type IPSetMetadata 

type IPSetMetadata struct {
	Name string
	Type SetType
}

func NewIPSetMetadata 

func NewIPSetMetadata(name string, setType SetType) *IPSetMetadata

NewIPSetMetadata is used for controllers to send in skeleton ipsets to DP

func (*IPSetMetadata) GetPrefixName 

func (setMetadata *IPSetMetadata) GetPrefixName() string

type IPSetMode 

type IPSetMode string
const (
	// ApplyAllIPSets will change dataplane behavior to apply all ipsets
	ApplyAllIPSets IPSetMode = "all"
	// ApplyOnNeed will change dataplane behavior to apply
	// only ipsets that are referenced by network policies
	ApplyOnNeed IPSetMode = "on-need"
)

type ReferenceType 

type ReferenceType string

ReferenceType specifies the kind of reference for an IPSet 

const (
	SelectorType ReferenceType = "Selector"
	NetPolType   ReferenceType = "NetPol"
)

Possible ReferenceTypes

type SetKind 

type SetKind string
const (
	// ListSet is of kind list with members as other IPSets
	ListSet SetKind = "list"
	// HashSet is of kind hashset with members as IPs and/or port
	HashSet SetKind = "set"
	// UnknownKind is returned when kind is unknown
	UnknownKind SetKind = "unknown"
)

func GetSetKind added in v1.4.14 

func GetSetKind(setType SetType) SetKind

type SetProperties 

type SetProperties struct {
	// Stores type of ip grouping
	Type SetType
	// Stores kind of ipset in dataplane
	Kind SetKind
}

type SetType 

type SetType int8

func (SetType) String 

func (x SetType) String() string

type TranslatedIPSet 

type TranslatedIPSet struct {
	Metadata *IPSetMetadata
	// Members holds member ipset names for NestedLabelOfPod and ip address ranges
	// for CIDRBlocks IPSet
	Members []string
}

TranslatedIPSet is created by translation engine and provides IPSets used in network policy. Only 2 types of IPSets are generated with members: 1. CIDRBlocks IPSet 2. NestedLabelOfPod IPSet from multi value labels Members field holds member ipset names for NestedLabelOfPod and ip address ranges for CIDRBlocks IPSet

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.