Documentation ¶
Index ¶
- Constants
- Variables
- func ToPtr[T any](v T) *T
- type NamespaceInfoBuilder
- type PodInfoBuiler
- func (b *PodInfoBuiler) Build() *controllers.PodInfo
- func (b *PodInfoBuiler) ResetInterfaces() *PodInfoBuiler
- func (b *PodInfoBuiler) WithInterface(netAttachName string, deviceID string, interfaceName string, ...) *PodInfoBuiler
- func (b *PodInfoBuiler) WithLabels(kvs ...string) *PodInfoBuiler
- func (b *PodInfoBuiler) WithName(n string) *PodInfoBuiler
- func (b *PodInfoBuiler) WithNamespace(ns string) *PodInfoBuiler
- type PolicyInfoBuilder
Constants ¶
View Source
const ( TargetNamespace = "target" SourceNamespace = "source" )
Variables ¶
View Source
var ( PolicyDefaultAllow = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy-allow", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{}, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: nil, To: nil, }, }, }, } PolicyDefaultDeny = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy-allow", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{}, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: nil, }, } PolicyIPBlockNoPorts = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: nil, To: []multiv1beta1.MultiNetworkPolicyPeer{ { IPBlock: &multiv1beta1.IPBlock{ CIDR: "10.17.0.0/16", Except: []string{"10.17.0.0/24"}, }, }, }, }, }, }, } PolicyIPBlockWithPorts = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{}, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, { Protocol: ToPtr(v1.ProtocolUDP), Port: ToPtr(intstr.FromInt(7777)), }, { Port: ToPtr(intstr.FromInt(8888)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { IPBlock: &multiv1beta1.IPBlock{ CIDR: "10.17.0.0/16", Except: []string{"10.17.0.0/24"}, }, }, }, }, }, }, } PolicyIPBlockWithMultipeRules = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: nil, To: []multiv1beta1.MultiNetworkPolicyPeer{ { IPBlock: &multiv1beta1.IPBlock{ CIDR: "10.17.0.0/16", Except: []string{"10.17.0.0/24", "10.17.1.0/24"}, }, }, }, }, { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { IPBlock: &multiv1beta1.IPBlock{ CIDR: "20.17.0.0/16", Except: []string{"20.17.0.0/24", "20.17.1.0/24"}, }, }, }, }, }, }, } PolicyIPBlockWithMultipePeers = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "ipblock-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { IPBlock: &multiv1beta1.IPBlock{ CIDR: "10.17.0.0/16", Except: []string{"10.17.0.0/24"}, }, }, { IPBlock: &multiv1beta1.IPBlock{ CIDR: "20.17.0.0/16", Except: []string{"20.17.0.0/24"}, }, }, }, }, }, }, } PolicySelectorAsSourceNoPorts = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "selector-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: nil, To: []multiv1beta1.MultiNetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "source"}, }, NamespaceSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"kubernetes.io/metadata.name": SourceNamespace}, }, }, }, }, }, }, } PolicySelectorAsSourceWithPorts = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "selector-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, { Protocol: ToPtr(v1.ProtocolUDP), Port: ToPtr(intstr.FromInt(7777)), }, { Port: ToPtr(intstr.FromInt(8888)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{}, NamespaceSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"kubernetes.io/metadata.name": SourceNamespace}, }, }, }, }, }, }, } PolicySelectorAsSourceMultipleRules = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "selector-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{}, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: nil, To: []multiv1beta1.MultiNetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "source-1"}, }, NamespaceSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"kubernetes.io/metadata.name": SourceNamespace}, }, }, }, }, { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "source-2"}, }, NamespaceSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"kubernetes.io/metadata.name": SourceNamespace}, }, }, }, }, }, }, } PolicySelectorAsSourceMultiplePeers = multiv1beta1.MultiNetworkPolicy{ TypeMeta: metav1.TypeMeta{ Kind: "MultiNetworkPolicy", APIVersion: "k8s.cni.cncf.io/v1beta1", }, ObjectMeta: metav1.ObjectMeta{ Name: "selector-policy", Namespace: TargetNamespace, }, Spec: multiv1beta1.MultiNetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: map[string]string{"app": "target"}, }, PolicyTypes: []multiv1beta1.MultiPolicyType{multiv1beta1.PolicyTypeEgress}, Ingress: nil, Egress: []multiv1beta1.MultiNetworkPolicyEgressRule{ { Ports: []multiv1beta1.MultiNetworkPolicyPort{ { Protocol: ToPtr(v1.ProtocolTCP), Port: ToPtr(intstr.FromInt(6666)), }, }, To: []multiv1beta1.MultiNetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "source-1"}, }, NamespaceSelector: &metav1.LabelSelector{}, }, { PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "source-2"}, }, NamespaceSelector: &metav1.LabelSelector{}, }, }, }, }, }, } )
Functions ¶
Types ¶
type NamespaceInfoBuilder ¶
type NamespaceInfoBuilder struct {
// contains filtered or unexported fields
}
NamespaceInfoBuilder is a NamespaceInfo Builder for testing purposes
func NewNamespaceInfoBuilder ¶
func NewNamespaceInfoBuilder() *NamespaceInfoBuilder
func (*NamespaceInfoBuilder) Build ¶
func (b *NamespaceInfoBuilder) Build() *controllers.NamespaceInfo
func (*NamespaceInfoBuilder) WithLabels ¶
func (b *NamespaceInfoBuilder) WithLabels(kvs ...string) *NamespaceInfoBuilder
WithLabels accepts list of "<key>="<val>" formatted strings, overrides labels set in preceding call
func (*NamespaceInfoBuilder) WithName ¶
func (b *NamespaceInfoBuilder) WithName(n string) *NamespaceInfoBuilder
type PodInfoBuiler ¶
type PodInfoBuiler struct {
// contains filtered or unexported fields
}
PodInfoBuiler is a PodInfo Builder for testing purposes
func NewPodInfoBuiler ¶
func NewPodInfoBuiler() *PodInfoBuiler
func (*PodInfoBuiler) Build ¶
func (b *PodInfoBuiler) Build() *controllers.PodInfo
func (*PodInfoBuiler) ResetInterfaces ¶
func (b *PodInfoBuiler) ResetInterfaces() *PodInfoBuiler
func (*PodInfoBuiler) WithInterface ¶
func (b *PodInfoBuiler) WithInterface(netAttachName string, deviceID string, interfaceName string, interfaceType string, ips []string) *PodInfoBuiler
func (*PodInfoBuiler) WithLabels ¶
func (b *PodInfoBuiler) WithLabels(kvs ...string) *PodInfoBuiler
WithLabels accepts list of "<key>="<val>" formatted strings, overrides labels set in preceding call
func (*PodInfoBuiler) WithName ¶
func (b *PodInfoBuiler) WithName(n string) *PodInfoBuiler
func (*PodInfoBuiler) WithNamespace ¶
func (b *PodInfoBuiler) WithNamespace(ns string) *PodInfoBuiler
type PolicyInfoBuilder ¶
type PolicyInfoBuilder struct {
// contains filtered or unexported fields
}
PolicyInfoBuilder is a PolicyInfo Builder for testing purposes
func NewPolicyInfoBuilder ¶
func NewPolicyInfoBuilder() *PolicyInfoBuilder
func (*PolicyInfoBuilder) Build ¶
func (b *PolicyInfoBuilder) Build() *controllers.PolicyInfo
func (*PolicyInfoBuilder) WithNetworks ¶
func (b *PolicyInfoBuilder) WithNetworks(nets ...string) *PolicyInfoBuilder
func (*PolicyInfoBuilder) WithPolicy ¶
func (b *PolicyInfoBuilder) WithPolicy(p *multiv1beta1.MultiNetworkPolicy) *PolicyInfoBuilder
Click to show internal directories.
Click to hide internal directories.