Documentation
¶
Index ¶
- Constants
- func VethNameForWorkload(namespace, podname string) string
- type Converter
- func (c Converter) GetPodIPs(pod *kapiv1.Pod) ([]string, error)
- func (c Converter) HasIPAddress(pod *kapiv1.Pod) bool
- func (c Converter) IsFinished(pod *kapiv1.Pod) bool
- func (c Converter) IsHostNetworked(pod *kapiv1.Pod) bool
- func (c Converter) IsReadyCalicoPod(pod *kapiv1.Pod) bool
- func (c Converter) IsScheduled(pod *kapiv1.Pod) bool
- func (c Converter) IsValidCalicoWorkloadEndpoint(pod *kapiv1.Pod) bool
- func (c Converter) JoinNetworkPolicyRevisions(crdNPRev, k8sNPRev string) string
- func (c Converter) JoinProfileRevisions(nsRev, saRev string) string
- func (c Converter) K8sNetworkPolicyToCalico(np *networkingv1.NetworkPolicy) (*model.KVPair, error)
- func (c Converter) NamespaceToProfile(ns *kapiv1.Namespace) (*model.KVPair, error)
- func (c Converter) ParseWorkloadEndpointName(workloadName string) (names.WorkloadEndpointIdentifiers, error)
- func (c Converter) PodToWorkloadEndpoint(pod *kapiv1.Pod) (*model.KVPair, error)
- func (c Converter) ProfileNameToNamespace(profileName string) (string, error)
- func (c Converter) ProfileNameToServiceAccount(profileName string) (ns, sa string, err error)
- func (c Converter) ServiceAccountToProfile(sa *kapiv1.ServiceAccount) (*model.KVPair, error)
- func (c Converter) SplitNetworkPolicyRevision(rev string) (crdNPRev string, k8sNPRev string, err error)
- func (c Converter) SplitProfileRevision(rev string) (nsRev string, saRev string, err error)
Constants ¶
const ( NamespaceLabelPrefix = "pcns." NamespaceProfileNamePrefix = "kns." K8sNetworkPolicyNamePrefix = "knp.default." ServiceAccountLabelPrefix = "pcsa." ServiceAccountProfileNamePrefix = "ksa." // AnnotationPodIP is an annotation we apply to pods when assigning them an IP. It // duplicates the value of the Pod.Status.PodIP field, which is set by kubelet but, // since we write it ourselves, we can make sure that it is written synchronously // and quickly. AnnotationPodIP = "cni.projectcalico.org/podIP" )
const ( SelectorNamespace selectorType = iota SelectorPod )
Variables ¶
This section is empty.
Functions ¶
func VethNameForWorkload ¶
VethNameForWorkload returns a deterministic veth name for the given Kubernetes workload (WEP) name and namespace.
Types ¶
type Converter ¶
type Converter struct{}
TODO: make this private and expose a public conversion interface instead
func (Converter) GetPodIPs ¶
GetPodIPs extracts the IP addresses from a Kubernetes Pod. At present, only a single IP is expected/supported. GetPodIPs loads the IP either from the PodIP field, if present, or the calico podIP annotation.
func (Converter) IsReadyCalicoPod ¶
IsReadyCalicoPod returns true if the pod is a valid Calico WorkloadEndpoint and has an IP address assigned (i.e. it's ready for Calico networking).
func (Converter) IsValidCalicoWorkloadEndpoint ¶
IsValidCalicoWorkloadEndpoint returns true if the pod should be shown as a workloadEndpoint in the Calico API and false otherwise. Note: since we completely ignore notifications for invalid Pods, it is important that pods can only transition from not-valid to valid and not the other way. If they transition from valid to invalid, we'll fail to emit a deletion event in the watcher.
func (Converter) JoinNetworkPolicyRevisions ¶
JoinNetworkPolicyRevisions constructs the revision from the individual CRD and K8s NetworkPolicy revisions.
func (Converter) JoinProfileRevisions ¶
JoinProfileRevisions constructs the revision from the individual namespace and serviceaccount revisions. This is conditional on the feature flag for serviceaccount set or not.
func (Converter) K8sNetworkPolicyToCalico ¶
func (c Converter) K8sNetworkPolicyToCalico(np *networkingv1.NetworkPolicy) (*model.KVPair, error)
K8sNetworkPolicyToCalico converts a k8s NetworkPolicy to a model.KVPair.
func (Converter) NamespaceToProfile ¶
NamespaceToProfile converts a Namespace to a Calico Profile. The Profile stores labels from the Namespace which are inherited by the WorkloadEndpoints within the Profile. This Profile also has the default ingress and egress rules, which are both 'allow'.
func (Converter) ParseWorkloadEndpointName ¶
func (c Converter) ParseWorkloadEndpointName(workloadName string) (names.WorkloadEndpointIdentifiers, error)
ParseWorkloadName extracts the Node name, Orchestrator, Pod name and endpoint from the given WorkloadEndpoint name. The expected format for k8s is <node>-k8s-<pod>-<endpoint>
func (Converter) PodToWorkloadEndpoint ¶
PodToWorkloadEndpoint converts a Pod to a WorkloadEndpoint. It assumes the calling code has verified that the provided Pod is valid to convert to a WorkloadEndpoint. PodToWorkloadEndpoint requires a Pods Name and Node Name to be populated. It will fail to convert from a Pod to WorkloadEndpoint otherwise.
func (Converter) ProfileNameToNamespace ¶
ProfileNameToNamespace extracts the Namespace name from the given Profile name.
func (Converter) ProfileNameToServiceAccount ¶
ProfileNameToServiceAccount extracts the ServiceAccount name from the given Profile name.
func (Converter) ServiceAccountToProfile ¶
ServiceAccountToProfile converts a ServiceAccount to a Calico Profile. The Profile stores labels from the ServiceAccount which are inherited by the WorkloadEndpoints within the Profile.
func (Converter) SplitNetworkPolicyRevision ¶
func (c Converter) SplitNetworkPolicyRevision(rev string) (crdNPRev string, k8sNPRev string, err error)
SplitNetworkPolicyRevision extracts the CRD and K8s NetworkPolicy revisions from the combined revision returned on the KDD NetworkPolicy client.
func (Converter) SplitProfileRevision ¶
SplitProfileRevision extracts the namespace and serviceaccount revisions from the combined revision returned on the KDD service account based profile. This is conditional on the feature flag for serviceaccount set or not.
Source Files