networkpolicies

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2019 License: Apache-2.0, MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Agnostic

type Agnostic struct{}

Agnostic contains cloud agnostic settings.

func (*Agnostic) AddonManager

func (a *Agnostic) AddonManager() *SourcePod

AddonManager points to gardener-resource-manager instance.

func (*Agnostic) Busybox

func (a *Agnostic) Busybox() *SourcePod

Busybox points to busybox instance.

func (*Agnostic) CloudControllerManagerNotSecured

func (a *Agnostic) CloudControllerManagerNotSecured() *SourcePod

CloudControllerManagerNotSecured points to cloud-agnostic cloud-controller-manager running on HTTP port.

func (*Agnostic) CloudControllerManagerSecured

func (a *Agnostic) CloudControllerManagerSecured() *SourcePod

CloudControllerManagerSecured points to cloud-agnostic cloud-controller-manager running on HTTPS port.

func (*Agnostic) DependencyWatchdog

func (a *Agnostic) DependencyWatchdog() *SourcePod

DependencyWatchdog points to dependency-watchdog instance.

func (*Agnostic) ElasticSearch

func (a *Agnostic) ElasticSearch() *SourcePod

ElasticSearch points to cloud-agnostic elasticsearch instance.

func (*Agnostic) EtcdEvents

func (a *Agnostic) EtcdEvents() *SourcePod

EtcdEvents points to cloud-agnostic etcd-main instance.

func (*Agnostic) EtcdMain

func (a *Agnostic) EtcdMain() *SourcePod

EtcdMain points to cloud-agnostic etcd-main instance.

func (*Agnostic) External

func (a *Agnostic) External() *Host

External points external host.

func (*Agnostic) GardenPrometheus

func (a *Agnostic) GardenPrometheus() *Host

GardenPrometheus points the Gardener Prometheus running in the seed cluster.

func (*Agnostic) Grafana

func (a *Agnostic) Grafana() *SourcePod

Grafana points to cloud-agnostic grafana instance.

func (*Agnostic) Kibana

func (a *Agnostic) Kibana() *SourcePod

Kibana points to cloud-agnostic kibana instance.

func (*Agnostic) KubeAPIServer

func (a *Agnostic) KubeAPIServer() *SourcePod

KubeAPIServer points to cloud-agnostic kube-apiserver.

func (*Agnostic) KubeControllerManagerNotSecured

func (a *Agnostic) KubeControllerManagerNotSecured() *SourcePod

KubeControllerManagerNotSecured points to cloud-agnostic kube-controller-manager running on HTTP port.

func (*Agnostic) KubeControllerManagerSecured

func (a *Agnostic) KubeControllerManagerSecured() *SourcePod

KubeControllerManagerSecured points to cloud-agnostic kube-controller-manager running on HTTPS port.

func (*Agnostic) KubeSchedulerNotSecured

func (a *Agnostic) KubeSchedulerNotSecured() *SourcePod

KubeSchedulerNotSecured points to cloud-agnostic kube-scheduler running on HTTP port.

func (*Agnostic) KubeSchedulerSecured

func (a *Agnostic) KubeSchedulerSecured() *SourcePod

KubeSchedulerSecured points to cloud-agnostic kube-scheduler running on HTTPS port.

func (*Agnostic) KubeStateMetricsSeed

func (a *Agnostic) KubeStateMetricsSeed() *SourcePod

KubeStateMetricsSeed points to cloud-agnostic kube-state-metrics-seed instance.

func (*Agnostic) KubeStateMetricsShoot

func (a *Agnostic) KubeStateMetricsShoot() *SourcePod

KubeStateMetricsShoot points to cloud-agnostic kube-state-metrics-shoot instance.

func (*Agnostic) MachineControllerManager

func (a *Agnostic) MachineControllerManager() *SourcePod

MachineControllerManager points to cloud-agnostic machine-controller-manager instance.

func (*Agnostic) Prometheus

func (a *Agnostic) Prometheus() *SourcePod

Prometheus points to cloud-agnostic prometheus instance.

func (*Agnostic) SeedKubeAPIServer

func (a *Agnostic) SeedKubeAPIServer() *Host

SeedKubeAPIServer points the Seed Kube APIServer.

type CloudAware

type CloudAware interface {
	// Rules returns a list of all Rules of the CloudProvider.
	Rules() []Rule

	// Sources returns a list of all Sources of the CloudProvider.
	Sources() []*SourcePod

	// EgressFromOtherNamespaces returns a list of all TargetPod.
	EgressFromOtherNamespaces(source *SourcePod) Rule

	// Provider returns the CloudProvider.
	Provider() string
}

CloudAware contains a Cloud-specific information for Source(s) to Target(s) communication.

type Host

type Host struct {
	Description string
	HostName    string
	Port        int32
}

Host contains host with port and optional description.

type HostRule

type HostRule struct {
	Host
	Allowed bool
}

HostRule contains a target Host and decision if it's visible to the source Pod.

func (*HostRule) ToString

func (t *HostRule) ToString() string

ToString returns the string representation of TargetHost.

type NamespacedSourcePod

type NamespacedSourcePod struct {
	*SourcePod
	Namespace string
}

NamespacedSourcePod holds namespaced PodInfo.

func NewNamespacedSourcePod

func NewNamespacedSourcePod(sp *SourcePod, namespace string) *NamespacedSourcePod

NewNamespacedSourcePod creates a new NamespacedSourcePod.

type NamespacedTargetPod

type NamespacedTargetPod struct {
	*TargetPod
	Namespace string
}

NamespacedTargetPod holds namespaced TargetPod.

func NewNamespacedTargetPod

func NewNamespacedTargetPod(tp *TargetPod, namespace string) *NamespacedTargetPod

NewNamespacedTargetPod creates a new NamespacedTargetPod.

type Pod

type Pod struct {
	Name                   string
	Labels                 labels.Set
	ShootVersionConstraint string
	// For which seed clusters this pod is active.
	SeedClusterConstraints sets.String
}

Pod contains the barebone detals about a Pod.

func NewPod

func NewPod(name string, labels labels.Set, shootVersionConstraints ...string) Pod

NewPod creates a new instance of Pod.

func (*Pod) CheckSeedCluster

func (p *Pod) CheckSeedCluster(provider string) bool

CheckSeedCluster checks if Seed cluster is matched by ShootVersionConstraint.

func (*Pod) CheckVersion

func (p *Pod) CheckVersion(shoot *v1beta1.Shoot) bool

CheckVersion checks if shoot version is matched by ShootVersionConstraint.

func (*Pod) Selector

func (p *Pod) Selector() labels.Selector

Selector returns label selector for specific pod.

type PodRule

type PodRule struct {
	TargetPod
	Allowed bool
}

PodRule contains a rule which allows/disallow traffic to a TargetPod.

func (*PodRule) ToString

func (p *PodRule) ToString() string

ToString returns the string representation of TargetPod.

type Port

type Port struct {
	Port int32
	Name string
}

Port holds the data about a single port.

func NewSinglePort

func NewSinglePort(p int32) []Port

NewSinglePort returns just one port.

type Rule

type Rule struct {
	*SourcePod
	TargetPods  []PodRule
	TargetHosts []HostRule
}

Rule contains Pod and target Pods and Hosts to which it's (not) allowed to talk to.

type RuleBuilder

type RuleBuilder struct {
	// contains filtered or unexported fields
}

RuleBuilder is a builder for easy construction of Source.

func NewSource

func NewSource(pi *SourcePod) *RuleBuilder

NewSource creates a new instance of RuleBuilder.

func (*RuleBuilder) AllowHost

func (s *RuleBuilder) AllowHost(allowedHosts ...*Host) *RuleBuilder

AllowHost adds `allowedHosts` as allowed Targets.

func (*RuleBuilder) AllowPod

func (s *RuleBuilder) AllowPod(allowedSources ...*SourcePod) *RuleBuilder

AllowPod adds `allowedSources` as allowed Targets.

func (*RuleBuilder) AllowTargetPod

func (s *RuleBuilder) AllowTargetPod(allowTargetPods ...*TargetPod) *RuleBuilder

AllowTargetPod adds `allowTargetPods` as allowed Targets.

func (*RuleBuilder) Build

func (s *RuleBuilder) Build() Rule

Build returns the completed Source instance.

func (*RuleBuilder) DenyHost

func (s *RuleBuilder) DenyHost(deniedHosts ...*Host) *RuleBuilder

DenyHost adds `deniedHosts` as denied Targets.

func (*RuleBuilder) DenyPod

func (s *RuleBuilder) DenyPod(deniedPods ...*SourcePod) *RuleBuilder

DenyPod adds `deniedPods` as denied Targets.

func (*RuleBuilder) DenyTargetPod

func (s *RuleBuilder) DenyTargetPod(deniedTargets ...*TargetPod) *RuleBuilder

DenyTargetPod adds `deniedTargets` as denied Targets.

type SharedResources

type SharedResources struct {
	Mirror            string                       `json:"mirror"`
	External          string                       `json:"external"`
	SeedNodeIP        string                       `json:"seedNodeIP"`
	Policies          []networkingv1.NetworkPolicy `json:"policies"`
	SeedCloudProvider string                       `json:"seedCloudProvider"`
}

SharedResources are shared between Ginkgo Nodes.

type SourcePod

type SourcePod struct {
	Pod
	Ports            []Port
	ExpectedPolicies sets.String
}

SourcePod holds the data about pods in the shoot namespace and their services.

func (*SourcePod) AsTargetPods

func (s *SourcePod) AsTargetPods() []*TargetPod

AsTargetPods returns a list of TargetPods for each Port. Returned slice is not deep copied!

func (*SourcePod) DummyPort

func (s *SourcePod) DummyPort() *TargetPod

DummyPort returns a TargetPod containing only one 8080 port. This resource is not deep copied!

func (*SourcePod) FromPort

func (s *SourcePod) FromPort(portName string) *TargetPod

FromPort returns a TargetPod containing only one specific port. This resource is not deep copied!

type TargetPod

type TargetPod struct {
	Pod
	Port
}

TargetPod contains data about a Pod listening on a specific port.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL