v1

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 21, 2021 License: MIT Imports: 13 Imported by: 3

Documentation

Overview

Package v1 contains API Schema definitions for the firewall v1 API group +kubebuilder:object:generate=true +groupName=metal-stack.io

Index

Constants

View Source 
const (
	// ClusterwideNetworkPolicyNamespace defines the namespace CNWPs are expected.
	ClusterwideNetworkPolicyNamespace = "firewall"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "metal-stack.io", Version: "v1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ClusterwideNetworkPolicy 

type ClusterwideNetworkPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec PolicySpec `json:"spec,omitempty"`
}

ClusterwideNetworkPolicy contains the desired state for a cluster wide network policy to be applied. +kubebuilder:object:root=true +kubebuilder:resource:shortName=cwnp +kubebuilder:subresource:status

func (*ClusterwideNetworkPolicy) DeepCopy 

func (in *ClusterwideNetworkPolicy) DeepCopy() *ClusterwideNetworkPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterwideNetworkPolicy.

func (*ClusterwideNetworkPolicy) DeepCopyInto 

func (in *ClusterwideNetworkPolicy) DeepCopyInto(out *ClusterwideNetworkPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterwideNetworkPolicy) DeepCopyObject 

func (in *ClusterwideNetworkPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterwideNetworkPolicyList 

type ClusterwideNetworkPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterwideNetworkPolicy `json:"items"`
}

ClusterwideNetworkPolicyList contains a list of ClusterwideNetworkPolicy +kubebuilder:object:root=true

func (*ClusterwideNetworkPolicyList) DeepCopy 

func (in *ClusterwideNetworkPolicyList) DeepCopy() *ClusterwideNetworkPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterwideNetworkPolicyList.

func (*ClusterwideNetworkPolicyList) DeepCopyInto 

func (in *ClusterwideNetworkPolicyList) DeepCopyInto(out *ClusterwideNetworkPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterwideNetworkPolicyList) DeepCopyObject 

func (in *ClusterwideNetworkPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type Counter 

type Counter struct {
	Bytes   uint64 `json:"bytes"`
	Packets uint64 `json:"packets"`
}

Counter holds values of a nftables counter object

func (*Counter) DeepCopy 

func (in *Counter) DeepCopy() *Counter

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Counter.

func (*Counter) DeepCopyInto 

func (in *Counter) DeepCopyInto(out *Counter)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Data added in v0.2.0 

type Data struct {
	// Interval on which rule reconciliation should happen
	Interval string `json:"interval,omitempty"`
	// DryRun if set to true, firewall rules are not applied
	DryRun bool `json:"dryrun,omitempty"`
	// TrafficControl defines where to store the generated ipv4 firewall rules on disk
	Ipv4RuleFile string `json:"ipv4rulefile,omitempty"`
	// RateLimits allows configuration of rate limit rules for interfaces.
	RateLimits []RateLimit `json:"rateLimits,omitempty"`
	// InternalPrefixes specify prefixes which are considered local to the partition or all regions.
	// Traffic to/from these prefixes is accounted as internal traffic
	// TODO: align to camel-case - rename to internalPrefixes
	InternalPrefixes []string `json:"internalprefixes,omitempty"`
	// EgressRules
	EgressRules []EgressRuleSNAT `json:"egressRules,omitempty"`
	// FirewallNetworks holds the networks known at the metal-api for this firewall machine
	FirewallNetworks []FirewallNetwork `json:"firewallNetworks,omitempty"`
}

Data contains the fields over which the signature is calculated.

func (*Data) DeepCopy added in v0.2.0 

func (in *Data) DeepCopy() *Data

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Data.

func (*Data) DeepCopyInto added in v0.2.0 

func (in *Data) DeepCopyInto(out *Data)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Data) Sign added in v0.2.0 

func (d *Data) Sign(privateKey *rsa.PrivateKey) (string, error)

Sign builds a signature for firewall data

func (*Data) Verify added in v0.2.0 

func (d *Data) Verify(pubKey *rsa.PublicKey, sig string) (bool, error)

Verify checks the firewall data against a given signature with public key

type DeviceStat 

type DeviceStat struct {
	InBytes  uint64 `json:"in"`
	OutBytes uint64 `json:"out"`
	// Deprecated: TotalBytes is kept for backwards compatibility
	TotalBytes uint64 `json:"total"`
}

DeviceStat contains statistics of a device

func (*DeviceStat) DeepCopy 

func (in *DeviceStat) DeepCopy() *DeviceStat

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceStat.

func (*DeviceStat) DeepCopyInto 

func (in *DeviceStat) DeepCopyInto(out *DeviceStat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DeviceStatsByDevice 

type DeviceStatsByDevice map[string]DeviceStat

DeviceStatsByDevice contains DeviceStatistics grouped by device name

func (DeviceStatsByDevice) DeepCopy 

func (in DeviceStatsByDevice) DeepCopy() DeviceStatsByDevice

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeviceStatsByDevice.

func (DeviceStatsByDevice) DeepCopyInto 

func (in DeviceStatsByDevice) DeepCopyInto(out *DeviceStatsByDevice)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressRule 

type EgressRule struct {
	// List of destination ports for outgoing traffic.
	// Each item in this list is combined using a logical OR. If this field is
	// empty or missing, this rule matches all ports (traffic not restricted by port).
	// If this field is present and contains at least one item, then this rule allows
	// traffic only if the traffic matches at least one port in the list.
	// +optional
	Ports []networking.NetworkPolicyPort `json:"ports,omitempty"`

	// List of destinations for outgoing traffic of a cluster for this rule.
	// Items in this list are combined using a logical OR operation. If this field is
	// empty or missing, this rule matches all destinations (traffic not restricted by
	// destination). If this field is present and contains at least one item, this rule
	// allows traffic only if the traffic matches at least one item in the to list.
	// +optional
	To []networking.IPBlock `json:"to,omitempty"`
}

EgressRule describes a particular set of traffic that is allowed out of the cluster The traffic must match both ports and to.

func (*EgressRule) DeepCopy 

func (in *EgressRule) DeepCopy() *EgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressRule.

func (*EgressRule) DeepCopyInto 

func (in *EgressRule) DeepCopyInto(out *EgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressRuleSNAT added in v0.2.0 

type EgressRuleSNAT struct {
	NetworkID string   `json:"networkid" yaml:"networkid"`
	IPs       []string `json:"ips" yaml:"ips"`
}

EgressRuleSNAT holds a Source-NAT rule

func (*EgressRuleSNAT) DeepCopy added in v0.2.0 

func (in *EgressRuleSNAT) DeepCopy() *EgressRuleSNAT

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressRuleSNAT.

func (*EgressRuleSNAT) DeepCopyInto added in v0.2.0 

func (in *EgressRuleSNAT) DeepCopyInto(out *EgressRuleSNAT)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Firewall 

type Firewall struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   FirewallSpec   `json:"spec,omitempty"`
	Status FirewallStatus `json:"status,omitempty"`
}

Firewall is the Schema for the firewalls API +kubebuilder:object:root=true +kubebuilder:resource:shortName=fw +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Interval",type=string,JSONPath=`.spec.interval` +kubebuilder:printcolumn:name="InternalPrefixes",type=string,JSONPath=`.spec.internalprefixes`

func (*Firewall) DeepCopy 

func (in *Firewall) DeepCopy() *Firewall

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Firewall.

func (*Firewall) DeepCopyInto 

func (in *Firewall) DeepCopyInto(out *Firewall)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Firewall) DeepCopyObject 

func (in *Firewall) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type FirewallList 

type FirewallList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []Firewall `json:"items"`
}

FirewallList contains a list of Firewall +kubebuilder:object:root=true

func (*FirewallList) DeepCopy 

func (in *FirewallList) DeepCopy() *FirewallList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallList.

func (*FirewallList) DeepCopyInto 

func (in *FirewallList) DeepCopyInto(out *FirewallList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*FirewallList) DeepCopyObject 

func (in *FirewallList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type FirewallNetwork added in v0.2.0 

type FirewallNetwork struct {
	Asn                 *int64   `json:"asn"`
	Destinationprefixes []string `json:"destinationprefixes"`
	Ips                 []string `json:"ips"`
	Nat                 *bool    `json:"nat"`
	Networkid           *string  `json:"networkid"`
	Networktype         *string  `json:"networktype"`
	Prefixes            []string `json:"prefixes"`
	Vrf                 *int64   `json:"vrf"`
}

func (*FirewallNetwork) DeepCopy added in v0.2.0 

func (in *FirewallNetwork) DeepCopy() *FirewallNetwork

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallNetwork.

func (*FirewallNetwork) DeepCopyInto added in v0.2.0 

func (in *FirewallNetwork) DeepCopyInto(out *FirewallNetwork)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FirewallSpec 

type FirewallSpec struct {
	// Data contains the data over which the signature is calculated.
	Data `json:",inline"`

	// Signature of firewall attributes generated by GEPM.
	Signature string `json:"signature"`
	// ControllerVersion holds the firewall-controller version to reconcile.
	ControllerVersion string `json:"controllerVersion,omitempty"`
	// ControllerURL points to the downloadable binary artifact of the firewall controller
	ControllerURL string `json:"controllerURL,omitempty"`
}

FirewallSpec defines the desired state of Firewall

func (*FirewallSpec) DeepCopy 

func (in *FirewallSpec) DeepCopy() *FirewallSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallSpec.

func (*FirewallSpec) DeepCopyInto 

func (in *FirewallSpec) DeepCopyInto(out *FirewallSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FirewallStats 

type FirewallStats struct {
	RuleStats   RuleStatsByAction   `json:"rules"`
	DeviceStats DeviceStatsByDevice `json:"devices"`
	IDSStats    IDSStatsByDevice    `json:"idsstats"`
}

FirewallStats contains firewall statistics

func (*FirewallStats) DeepCopy 

func (in *FirewallStats) DeepCopy() *FirewallStats

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallStats.

func (*FirewallStats) DeepCopyInto 

func (in *FirewallStats) DeepCopyInto(out *FirewallStats)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FirewallStatus 

type FirewallStatus struct {
	Message       string        `json:"message,omitempty"`
	FirewallStats FirewallStats `json:"stats"`
	Updated       metav1.Time   `json:"lastRun,omitempty"`
}

FirewallStatus defines the observed state of Firewall

func (*FirewallStatus) DeepCopy 

func (in *FirewallStatus) DeepCopy() *FirewallStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallStatus.

func (*FirewallStatus) DeepCopyInto 

func (in *FirewallStatus) DeepCopyInto(out *FirewallStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IDSStatsByDevice 

type IDSStatsByDevice map[string]InterfaceStat

func (IDSStatsByDevice) DeepCopy 

func (in IDSStatsByDevice) DeepCopy() IDSStatsByDevice

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IDSStatsByDevice.

func (IDSStatsByDevice) DeepCopyInto 

func (in IDSStatsByDevice) DeepCopyInto(out *IDSStatsByDevice)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressRule 

type IngressRule struct {
	// List of ports which should be made accessible on the cluster for this
	// rule. Each item in this list is combined using a logical OR. If this field is
	// empty or missing, this rule matches all ports (traffic not restricted by port).
	// If this field is present and contains at least one item, then this rule allows
	// traffic only if the traffic matches at least one port in the list.
	// +optional
	Ports []networking.NetworkPolicyPort `json:"ports,omitempty"`

	// List of sources which should be able to access the cluster for this rule.
	// Items in this list are combined using a logical OR operation. If this field is
	// empty or missing, this rule matches all sources (traffic not restricted by
	// source). If this field is present and contains at least one item, this rule
	// allows traffic only if the traffic matches at least one item in the from list.
	// +optional
	From []networking.IPBlock `json:"from,omitempty"`
}

IngressRule describes a particular set of traffic that is allowed to the cluster. The traffic must match both ports and from.

func (*IngressRule) DeepCopy 

func (in *IngressRule) DeepCopy() *IngressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressRule.

func (*IngressRule) DeepCopyInto 

func (in *IngressRule) DeepCopyInto(out *IngressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InterfaceStat 

type InterfaceStat struct {
	Drop             int `json:"drop"`
	InvalidChecksums int `json:"invalidchecksums"`
	Packets          int `json:"packets"`
}

func (*InterfaceStat) DeepCopy 

func (in *InterfaceStat) DeepCopy() *InterfaceStat

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InterfaceStat.

func (*InterfaceStat) DeepCopyInto 

func (in *InterfaceStat) DeepCopyInto(out *InterfaceStat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicySpec 

type PolicySpec struct {
	// Description is a free form string, it can be used by the creator of
	// the rule to store human readable explanation of the purpose of this
	// rule. Rules cannot be identified by comment.
	//
	// +optional
	Description string `json:"description,omitempty"`

	// List of ingress rules to be applied. Traffic is allowed to
	// a cluster if there is a ClusterwideNetworkPolicy that allows it, OR there is a service
	// exposed with type Loadbalancer. Clusters are isolated by default.
	// +optional
	Ingress []IngressRule `json:"ingress,omitempty"`

	// List of egress rules to be applied. Outgoing traffic is
	// allowed if there is a ClusterwideNetworkPolicy that allows it.
	// Clusters are isolated by default.
	// +optional
	Egress []EgressRule `json:"egress,omitempty"`
}

PolicySpec defines the rules to create for ingress and egress

func (*PolicySpec) DeepCopy 

func (in *PolicySpec) DeepCopy() *PolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec.

func (*PolicySpec) DeepCopyInto 

func (in *PolicySpec) DeepCopyInto(out *PolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicySpec) Validate added in v1.0.1 

func (p *PolicySpec) Validate() error

Validate validates the spec of a ClusterwideNetworkPolicy

type RateLimit 

type RateLimit struct {
	// NetworkID specifies the network which should be rate limited
	NetworkID string `json:"networkid" yaml:"networkid"`
	// Rate is the input rate in MiB/s
	Rate uint32 `json:"rate" yaml:"rate"`
}

RateLimit contains the rate limit rule for a network.

func (*RateLimit) DeepCopy 

func (in *RateLimit) DeepCopy() *RateLimit

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimit.

func (*RateLimit) DeepCopyInto 

func (in *RateLimit) DeepCopyInto(out *RateLimit)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleStat 

type RuleStat struct {
	Counter Counter `json:"counter"`
}

RuleStat contains the statistics for a single nftables rule

func (*RuleStat) DeepCopy 

func (in *RuleStat) DeepCopy() *RuleStat

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStat.

func (*RuleStat) DeepCopyInto 

func (in *RuleStat) DeepCopyInto(out *RuleStat)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleStats 

type RuleStats map[string]RuleStat

RuleStats contains firewall rule statistics of all rules of an action

func (RuleStats) DeepCopy 

func (in RuleStats) DeepCopy() RuleStats

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStats.

func (RuleStats) DeepCopyInto 

func (in RuleStats) DeepCopyInto(out *RuleStats)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleStatsByAction 

type RuleStatsByAction map[string]RuleStats

RuleStatsByAction contains firewall rule statistics groups by action: e.g. accept, drop, policy, masquerade

func (RuleStatsByAction) DeepCopy 

func (in RuleStatsByAction) DeepCopy() RuleStatsByAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleStatsByAction.

func (RuleStatsByAction) DeepCopyInto 

func (in RuleStatsByAction) DeepCopyInto(out *RuleStatsByAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.