resolver

package

v0.0.0-...-e204674 Latest Latest Go to latest Published: Oct 3, 2018 License: Apache-2.0 Imports: 16 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-kubernetes

Documentation ¶

Overview ¶

Package resolver resolves each Container to a specific Trireme policy based on Kubernetes Policy definitions.

Index ¶

Constants
type KubernetesPolicy
- func NewKubernetesPolicy(ctx context.Context, controller controller.TriremeController, ...) (*KubernetesPolicy, error)
type NamespaceWatcher
- func NewNamespaceWatcher(namespace string, policyStore kubecache.Store, ...) *NamespaceWatcher

Constants ¶

View Source

const UpstreamNameIdentifier = "k8s:name"

UpstreamNameIdentifier is the identifier used to identify the nane on the resulting PU

View Source

const UpstreamNamespaceIdentifier = "k8s:namespace"

UpstreamNamespaceIdentifier is the identifier used to identify the nanespace on the resulting PU

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type KubernetesPolicy ¶

type KubernetesPolicy struct {
	KubernetesClient *kubernetes.Client
	// contains filtered or unexported fields
}

KubernetesPolicy represents a Trireme Policer for Kubernetes. It implements the Trireme Resolver interface and implements the policies defined by Kubernetes NetworkPolicy API.

func NewKubernetesPolicy ¶

func NewKubernetesPolicy(ctx context.Context, controller controller.TriremeController, kubeconfig string, nodename string, triremeNetworks []string) (*KubernetesPolicy, error)

NewKubernetesPolicy creates a new policy engine for the Trireme package

func (*KubernetesPolicy) HandlePUEvent ¶

func (k *KubernetesPolicy) HandlePUEvent(ctx context.Context, puID string, event common.Event, runtime policy.RuntimeReader) error

HandlePUEvent is called by Trireme for notification that a specific PU got an event.

func (*KubernetesPolicy) ResolvePolicy ¶

func (k *KubernetesPolicy) ResolvePolicy(contextID string, runtime policy.RuntimeReader) (*policy.PUPolicy, error)

ResolvePolicy generates the Policy for the target PU. The policy for the PU will be based on the defined Kubernetes NetworkPolicies on the Pod to which the PU belongs.

func (*KubernetesPolicy) Run ¶

func (k *KubernetesPolicy) Run(sync chan struct{})

Run starts the KubernetesPolicer by watching for Namespace Changes. Run is blocking. Use go

func (*KubernetesPolicy) Stop ¶

func (k *KubernetesPolicy) Stop()

Stop Stops all the channels

type NamespaceWatcher ¶

type NamespaceWatcher struct {
	// contains filtered or unexported fields
}

NamespaceWatcher implements the policy for a specific Namespace

func NewNamespaceWatcher ¶

func NewNamespaceWatcher(namespace string,
	policyStore kubecache.Store, policyController kubecache.Controller, policyControllerStop chan struct{}) *NamespaceWatcher

NewNamespaceWatcher initialize a new NamespaceWatcher that watches the Pod and Networkpolicy events on the specific namespace passed in parameter.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL