Documentation
¶
Index ¶
Constants ¶
View Source
const ( SecurityPolicyPrefix = "tower.sp-" IsolationPolicyPrefix = "tower.ip-" IsolationPolicyIngressPrefix = "tower.ip.ingress-" IsolationPolicyEgressPrefix = "tower.ip.egress-" SecurityPolicyCommunicablePrefix = "tower.sp.communicable-" SystemEndpointsPolicyName = "tower.sp.internal-system.endpoints" ControllerPolicyName = "tower.sp.internal-controller" GlobalWhitelistPolicyName = "tower.sp.global-user.whitelist" FTPPortRange = "21" TFTPPortRange = "69" InternalAllowlistPriority int32 = 90 BlocklistPriority int32 = 50 AllowlistPriority int32 = 30 K8sNsNameLabel = "kubernetes.io/metadata.name" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller sync SecurityPolicy and IsolationPolicy as v1alpha1.SecurityPolicy from tower. For v1alpha1.SecurityPolicy, has the following naming rules:
- If origin policy is SecurityPolicy, policy.name = {{SecurityPolicyPrefix}}{{SecurityPolicy.ID}}
- If origin policy is IsolationPolicy, policy.name = {{IsolationPolicyPrefix}}{{IsolationPolicy.ID}}
- If policy was generated to make intragroup communicable, policy.name = {{SecurityPolicyCommunicablePrefix}}{{SelectorHash}}-{{SecurityPolicy.ID}}
- If origin policy is SystemEndpointsPolicy, policy.name = {{SystemEndpointsPolicyName}}
- If origin policy is ControllerPolicy, policy.name = {{ControllerPolicyName}}
func New ¶
func New( towerFactory informer.SharedInformerFactory, crdFactory crd.SharedInformerFactory, crdClient clientset.Interface, resyncPeriod time.Duration, namespace string, podNamespace string, everouteCluster string, ) *Controller
New creates a new instance of controller.
func (*Controller) Run ¶
func (c *Controller) Run(workers uint, stopCh <-chan struct{})
Run begins processing items, and will continue until a value is sent down stopCh, or stopCh closed.
Source Files
Click to show internal directories.
Click to hide internal directories.