networkpolicies

package
v1.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2020 License: Apache-2.0, MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Agnostic 

type Agnostic struct{}

Agnostic contains cloud agnostic settings.

func (*Agnostic) AddonManager 

func (a *Agnostic) AddonManager() *SourcePod

AddonManager points to gardener-resource-manager instance.

func (*Agnostic) Busybox 

func (a *Agnostic) Busybox() *SourcePod

Busybox points to busybox instance.

func (*Agnostic) CloudControllerManagerNotSecured 

func (a *Agnostic) CloudControllerManagerNotSecured() *SourcePod

CloudControllerManagerNotSecured points to cloud-agnostic cloud-controller-manager running on HTTP port.

func (*Agnostic) CloudControllerManagerSecured 

func (a *Agnostic) CloudControllerManagerSecured() *SourcePod

CloudControllerManagerSecured points to cloud-agnostic cloud-controller-manager running on HTTPS port.

func (*Agnostic) DependencyWatchdog 

func (a *Agnostic) DependencyWatchdog() *SourcePod

DependencyWatchdog points to dependency-watchdog instance.

func (*Agnostic) ElasticSearch 

func (a *Agnostic) ElasticSearch() *SourcePod

ElasticSearch points to cloud-agnostic elasticsearch instance.

func (*Agnostic) EtcdEvents 

func (a *Agnostic) EtcdEvents() *SourcePod

EtcdEvents points to cloud-agnostic etcd-main instance.

func (*Agnostic) EtcdMain 

func (a *Agnostic) EtcdMain() *SourcePod

EtcdMain points to cloud-agnostic etcd-main instance.

func (*Agnostic) External 

func (a *Agnostic) External() *Host

External points external host.

func (*Agnostic) GardenPrometheus 

func (a *Agnostic) GardenPrometheus() *Host

GardenPrometheus points the Gardener Prometheus running in the seed cluster.

func (*Agnostic) Grafana 

func (a *Agnostic) Grafana() *SourcePod

Grafana points to cloud-agnostic grafana instance.

func (*Agnostic) Kibana 

func (a *Agnostic) Kibana() *SourcePod

Kibana points to cloud-agnostic kibana instance.

func (*Agnostic) KubeAPIServer 

func (a *Agnostic) KubeAPIServer() *SourcePod

KubeAPIServer points to cloud-agnostic kube-apiserver.

func (*Agnostic) KubeControllerManagerNotSecured 

func (a *Agnostic) KubeControllerManagerNotSecured() *SourcePod

KubeControllerManagerNotSecured points to cloud-agnostic kube-controller-manager running on HTTP port.

func (*Agnostic) KubeControllerManagerSecured 

func (a *Agnostic) KubeControllerManagerSecured() *SourcePod

KubeControllerManagerSecured points to cloud-agnostic kube-controller-manager running on HTTPS port.

func (*Agnostic) KubeSchedulerNotSecured 

func (a *Agnostic) KubeSchedulerNotSecured() *SourcePod

KubeSchedulerNotSecured points to cloud-agnostic kube-scheduler running on HTTP port.

func (*Agnostic) KubeSchedulerSecured 

func (a *Agnostic) KubeSchedulerSecured() *SourcePod

KubeSchedulerSecured points to cloud-agnostic kube-scheduler running on HTTPS port.

func (*Agnostic) KubeStateMetricsSeed 

func (a *Agnostic) KubeStateMetricsSeed() *SourcePod

KubeStateMetricsSeed points to cloud-agnostic kube-state-metrics-seed instance.

func (*Agnostic) KubeStateMetricsShoot 

func (a *Agnostic) KubeStateMetricsShoot() *SourcePod

KubeStateMetricsShoot points to cloud-agnostic kube-state-metrics-shoot instance.

func (*Agnostic) MachineControllerManager 

func (a *Agnostic) MachineControllerManager() *SourcePod

MachineControllerManager points to cloud-agnostic machine-controller-manager instance.

func (*Agnostic) Prometheus 

func (a *Agnostic) Prometheus() *SourcePod

Prometheus points to cloud-agnostic prometheus instance.

func (*Agnostic) SeedKubeAPIServer 

func (a *Agnostic) SeedKubeAPIServer() *Host

SeedKubeAPIServer points the Seed Kube APIServer.

type CloudAware 

type CloudAware interface {
	// Rules returns a list of all Rules of the CloudProvider.
	Rules() []Rule

	// Sources returns a list of all Sources of the CloudProvider.
	Sources() []*SourcePod

	// EgressFromOtherNamespaces returns a list of all TargetPod.
	EgressFromOtherNamespaces(source *SourcePod) Rule

	// Provider returns the CloudProvider.
	Provider() string
}

CloudAware contains a Cloud-specific information for Source(s) to Target(s) communication.

type Host 

type Host struct {
	Description string
	HostName    string
	Port        int32
}

Host contains host with port and optional description.

type HostRule 

type HostRule struct {
	Host
	Allowed bool
}

HostRule contains a target Host and decision if it's visible to the source Pod.

func (*HostRule) ToString 

func (t *HostRule) ToString() string

ToString returns the string representation of TargetHost.

type NamespacedSourcePod 

type NamespacedSourcePod struct {
	*SourcePod
	Namespace string
}

NamespacedSourcePod holds namespaced PodInfo.

func NewNamespacedSourcePod 

func NewNamespacedSourcePod(sp *SourcePod, namespace string) *NamespacedSourcePod

NewNamespacedSourcePod creates a new NamespacedSourcePod.

type NamespacedTargetPod 

type NamespacedTargetPod struct {
	*TargetPod
	Namespace string
}

NamespacedTargetPod holds namespaced TargetPod.

func NewNamespacedTargetPod 

func NewNamespacedTargetPod(tp *TargetPod, namespace string) *NamespacedTargetPod

NewNamespacedTargetPod creates a new NamespacedTargetPod.

type Pod 

type Pod struct {
	Name                   string
	Labels                 labels.Set
	ShootVersionConstraint string
	// For which seed clusters this pod is active.
	SeedClusterConstraints sets.String
}

Pod contains the barebone detals about a Pod.

func NewPod 

func NewPod(name string, labels labels.Set, shootVersionConstraints ...string) Pod

NewPod creates a new instance of Pod.

func (*Pod) CheckSeedCluster 

func (p *Pod) CheckSeedCluster(provider string) bool

CheckSeedCluster checks if Seed cluster is matched by ShootVersionConstraint.

func (*Pod) CheckVersion 

func (p *Pod) CheckVersion(shoot *v1beta1.Shoot) bool

CheckVersion checks if shoot version is matched by ShootVersionConstraint.

func (*Pod) Selector 

func (p *Pod) Selector() labels.Selector

Selector returns label selector for specific pod.

type PodRule 

type PodRule struct {
	TargetPod
	Allowed bool
}

PodRule contains a rule which allows/disallow traffic to a TargetPod.

func (*PodRule) ToString 

func (p *PodRule) ToString() string

ToString returns the string representation of TargetPod.

type Port 

type Port struct {
	Port int32
	Name string
}

Port holds the data about a single port.

func NewSinglePort 

func NewSinglePort(p int32) []Port

NewSinglePort returns just one port.

type Rule 

type Rule struct {
	*SourcePod
	TargetPods  []PodRule
	TargetHosts []HostRule
}

Rule contains Pod and target Pods and Hosts to which it's (not) allowed to talk to.

type RuleBuilder 

type RuleBuilder struct {
	// contains filtered or unexported fields
}

RuleBuilder is a builder for easy construction of Source.

func NewSource 

func NewSource(pi *SourcePod) *RuleBuilder

NewSource creates a new instance of RuleBuilder.

func (*RuleBuilder) AllowHost 

func (s *RuleBuilder) AllowHost(allowedHosts ...*Host) *RuleBuilder

AllowHost adds `allowedHosts` as allowed Targets.

func (*RuleBuilder) AllowPod 

func (s *RuleBuilder) AllowPod(allowedSources ...*SourcePod) *RuleBuilder

AllowPod adds `allowedSources` as allowed Targets.

func (*RuleBuilder) AllowTargetPod 

func (s *RuleBuilder) AllowTargetPod(allowTargetPods ...*TargetPod) *RuleBuilder

AllowTargetPod adds `allowTargetPods` as allowed Targets.

func (*RuleBuilder) Build 

func (s *RuleBuilder) Build() Rule

Build returns the completed Source instance.

func (*RuleBuilder) DenyHost 

func (s *RuleBuilder) DenyHost(deniedHosts ...*Host) *RuleBuilder

DenyHost adds `deniedHosts` as denied Targets.

func (*RuleBuilder) DenyPod 

func (s *RuleBuilder) DenyPod(deniedPods ...*SourcePod) *RuleBuilder

DenyPod adds `deniedPods` as denied Targets.

func (*RuleBuilder) DenyTargetPod 

func (s *RuleBuilder) DenyTargetPod(deniedTargets ...*TargetPod) *RuleBuilder

DenyTargetPod adds `deniedTargets` as denied Targets.

type SharedResources 

type SharedResources struct {
	Mirror            string                       `json:"mirror"`
	External          string                       `json:"external"`
	SeedNodeIP        string                       `json:"seedNodeIP"`
	Policies          []networkingv1.NetworkPolicy `json:"policies"`
	SeedCloudProvider string                       `json:"seedCloudProvider"`
}

SharedResources are shared between Ginkgo Nodes.

type SourcePod 

type SourcePod struct {
	Pod
	Ports            []Port
	ExpectedPolicies sets.String
}

SourcePod holds the data about pods in the shoot namespace and their services.

func (*SourcePod) AsTargetPods 

func (s *SourcePod) AsTargetPods() []*TargetPod

AsTargetPods returns a list of TargetPods for each Port. Returned slice is not deep copied!

func (*SourcePod) DummyPort 

func (s *SourcePod) DummyPort() *TargetPod

DummyPort returns a TargetPod containing only one 8080 port. This resource is not deep copied!

func (*SourcePod) FromPort 

func (s *SourcePod) FromPort(portName string) *TargetPod

FromPort returns a TargetPod containing only one specific port. This resource is not deep copied!

type TargetPod 

type TargetPod struct {
	Pod
	Port
}

TargetPod contains data about a Pod listening on a specific port.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.