dataplane

package
v1.5.40 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2024 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidApplyConfig       = errors.New("invalid apply config")
	ErrIncorrectNumberOfNetPols = errors.New("expected to have exactly one netpol since dp.netPolInBackground == false")
)

Functions

This section is empty.

Types

type Config

type Config struct {

	// ApplyInBackground is currently used in Windows to apply the following in background: IPSets and NetPols for new/updated Pods
	ApplyInBackground bool
	ApplyMaxBatches   int
	ApplyInterval     time.Duration
	// NetPolInBackground is currently used in Linux to apply NetPol controller Add events in the background
	NetPolInBackground bool
	MaxPendingNetPols  int
	NetPolInterval     time.Duration
	*ipsets.IPSetManagerCfg
	*policies.PolicyManagerCfg
	// contains filtered or unexported fields
}

TODO put NodeName in Config?

type DataPlane

type DataPlane struct {
	*Config
	// contains filtered or unexported fields
}

func NewDataPlane

func NewDataPlane(nodeName string, ioShim *common.IOShim, cfg *Config, stopChannel <-chan struct{}) (*DataPlane, error)

func (*DataPlane) AddPolicy

func (dp *DataPlane) AddPolicy(policy *policies.NPMNetworkPolicy) error

AddPolicy takes in a translated NPMNetworkPolicy object and applies on dataplane

func (*DataPlane) AddToLists

func (dp *DataPlane) AddToLists(listName, setNames []*ipsets.IPSetMetadata) error

AddToLists takes a list name and list of sets which are to be added as members to given list

func (*DataPlane) AddToSets

func (dp *DataPlane) AddToSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error

AddToSets takes in a list of IPSet names along with IP member and then updates it local cache

func (*DataPlane) ApplyDataPlane

func (dp *DataPlane) ApplyDataPlane() error

ApplyDataPlane all the IPSet operations just update cache and update a dirty ipset structure, they do not change apply changes into dataplane. This function needs to be called at the end of IPSet operations of a given controller event, it will check for the dirty ipset list and accordingly makes changes in dataplane. This function helps emulate a single call to dataplane instead of multiple ipset operations calls ipset operations calls to dataplane

func (*DataPlane) BootupDataplane

func (dp *DataPlane) BootupDataplane() error

BootupDataplane cleans the NPM sets and policies in the dataplane and performs initialization.

func (*DataPlane) CreateIPSets

func (dp *DataPlane) CreateIPSets(setMetadata []*ipsets.IPSetMetadata)

CreateIPSets takes in a set object and updates local cache with this set

func (*DataPlane) DeleteIPSet

func (dp *DataPlane) DeleteIPSet(setMetadata *ipsets.IPSetMetadata, forceDelete util.DeleteOption)

DeleteSet checks for members and references of the given "set" type ipset if not used then will delete it from cache

func (*DataPlane) FinishBootupPhase

func (dp *DataPlane) FinishBootupPhase()

FinishBootupPhase marks the point when Pod Controller is starting to run, so dp.AddPolicy() can no longer apply IPSets in the background. This function must be called on Windows when ApplyInBackground is true.

func (*DataPlane) GetAllIPSets

func (dp *DataPlane) GetAllIPSets() map[string]string

func (*DataPlane) GetAllPolicies

func (dp *DataPlane) GetAllPolicies() []string

GetAllPolicies is deprecated and only used in the goalstateprocessor, which is deprecated

func (*DataPlane) GetIPSet

func (dp *DataPlane) GetIPSet(setName string) *ipsets.IPSet

func (*DataPlane) RemoveFromList

func (dp *DataPlane) RemoveFromList(listName *ipsets.IPSetMetadata, setNames []*ipsets.IPSetMetadata) error

RemoveFromList takes a list name and list of sets which are to be removed as members to given list

func (*DataPlane) RemoveFromSets

func (dp *DataPlane) RemoveFromSets(setNames []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error

RemoveFromSets takes in list of setnames from which a given IP member should be removed and will update the local cache

func (*DataPlane) RemovePolicy

func (dp *DataPlane) RemovePolicy(policyKey string) error

RemovePolicy takes in network policyKey (namespace/name of network policy) and removes it from dataplane and cache

func (*DataPlane) RunPeriodicTasks

func (dp *DataPlane) RunPeriodicTasks()

RunPeriodicTasks runs periodic tasks. Should only be called once.

func (*DataPlane) UpdatePolicy

func (dp *DataPlane) UpdatePolicy(policy *policies.NPMNetworkPolicy) error

UpdatePolicy takes in updated policy object, calculates the delta and applies changes onto dataplane accordingly

type GenericDataplane

type GenericDataplane interface {
	BootupDataplane() error
	FinishBootupPhase()
	RunPeriodicTasks()
	GetAllIPSets() map[string]string
	GetIPSet(setName string) *ipsets.IPSet
	CreateIPSets(setMetadatas []*ipsets.IPSetMetadata)
	DeleteIPSet(setMetadata *ipsets.IPSetMetadata, deleteOption util.DeleteOption)
	AddToSets(setMetadatas []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
	RemoveFromSets(setMetadatas []*ipsets.IPSetMetadata, podMetadata *PodMetadata) error
	AddToLists(listMetadatas []*ipsets.IPSetMetadata, setMetadatas []*ipsets.IPSetMetadata) error
	RemoveFromList(listMetadata *ipsets.IPSetMetadata, setMetadatas []*ipsets.IPSetMetadata) error
	ApplyDataPlane() error
	// GetAllPolicies is deprecated and only used in the goalstateprocessor, which is deprecated
	GetAllPolicies() []string
	AddPolicy(policies *policies.NPMNetworkPolicy) error
	RemovePolicy(PolicyKey string) error
	UpdatePolicy(policies *policies.NPMNetworkPolicy) error
}

type PodMetadata

type PodMetadata struct {
	PodKey   string
	PodIP    string
	NodeName string
}

PodMetadata is what is passed to dataplane to specify pod ipset todo definitely requires further optimization between the intersection of types, PodMetadata, NpmPod and corev1.pod

func NewPodMetadata

func NewPodMetadata(podKey, podIP, nodeName string) *PodMetadata

func (*PodMetadata) Namespace

func (p *PodMetadata) Namespace() string

type PolicyMode

type PolicyMode string

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL