The highest tagged major version is v2.

controllers

package

v1.3.0 Latest Latest Go to latest Published: Mar 27, 2023 License: MIT Imports: 37 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/metal-stack/firewall-controller

Links

Open Source Insights

Documentation ¶

Index ¶

type ClusterwideNetworkPolicyReconciler
- func NewClusterwideNetworkPolicyReconciler(mgr ctrl.Manager) *ClusterwideNetworkPolicyReconciler
- func (r *ClusterwideNetworkPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error
type ClusterwideNetworkPolicyValidationReconciler
- func (r *ClusterwideNetworkPolicyValidationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *ClusterwideNetworkPolicyValidationReconciler) SetupWithManager(mgr ctrl.Manager) error
type CreateFirewall
type DroptailerReconciler
- func (r *DroptailerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *DroptailerReconciler) SetupWithManager(mgr ctrl.Manager) error
type FirewallInterface
- func NewFirewall(firewall firewallv1.Firewall, cwnps *firewallv1.ClusterwideNetworkPolicyList, ...) FirewallInterface
type FirewallReconciler
- func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *FirewallReconciler) SetupWithManager(mgr ctrl.Manager) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClusterwideNetworkPolicyReconciler ¶

type ClusterwideNetworkPolicyReconciler struct {
	client.Client
	// contains filtered or unexported fields
}

ClusterwideNetworkPolicyReconciler reconciles a ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=events,verbs=create;patch

func NewClusterwideNetworkPolicyReconciler ¶ added in v1.2.0

func NewClusterwideNetworkPolicyReconciler(mgr ctrl.Manager) *ClusterwideNetworkPolicyReconciler

func (*ClusterwideNetworkPolicyReconciler) Reconcile ¶

func (r *ClusterwideNetworkPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile ClusterwideNetworkPolicy and creates nftables rules accordingly +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies/status,verbs=get;update;patch

func (*ClusterwideNetworkPolicyReconciler) SetupWithManager ¶

func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to run in schedule

type ClusterwideNetworkPolicyValidationReconciler ¶ added in v1.2.0

type ClusterwideNetworkPolicyValidationReconciler struct {
	client.Client
	Log    logr.Logger
	Scheme *runtime.Scheme
	// contains filtered or unexported fields
}

ClusterwideNetworkPolicyValidationReconciler validates a ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=events,verbs=create;patch

func (*ClusterwideNetworkPolicyValidationReconciler) Reconcile ¶ added in v1.2.0

func (r *ClusterwideNetworkPolicyValidationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Validates ClusterwideNetworkPolicy object +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=clusterwidenetworkpolicies/status,verbs=get;update;patch

func (*ClusterwideNetworkPolicyValidationReconciler) SetupWithManager ¶ added in v1.2.0

func (r *ClusterwideNetworkPolicyValidationReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to watch for ClusterwideNetworkPolicy CRD

type CreateFirewall ¶ added in v1.2.0

type CreateFirewall = func(
	firewall firewallv1.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache nftables.FQDNCache,
	log logr.Logger,
) FirewallInterface

type DroptailerReconciler ¶

type DroptailerReconciler struct {
	client.Client
	Log       logr.Logger
	Scheme    *runtime.Scheme
	HostsFile string
	// contains filtered or unexported fields
}

DroptailerReconciler reconciles a Droptailer object

func (*DroptailerReconciler) Reconcile ¶

func (r *DroptailerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile droptailer with certificate and droptailer-server ip from pod inspection +kubebuilder:rbac:groups=metal-stack.io,resources=Droptailers,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=Droptailers/status,verbs=get;update;patch

func (*DroptailerReconciler) SetupWithManager ¶

func (r *DroptailerReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configure this controller with required defaults

type FirewallInterface ¶ added in v1.2.0

type FirewallInterface interface {
	Reconcile() (bool, error)
	ReconcileNetconfTables() error
	Flush() error
}

func NewFirewall ¶ added in v1.2.0

func NewFirewall(
	firewall firewallv1.Firewall,
	cwnps *firewallv1.ClusterwideNetworkPolicyList,
	svcs *corev1.ServiceList,
	cache nftables.FQDNCache,
	log logr.Logger,
) FirewallInterface

type FirewallReconciler ¶

type FirewallReconciler struct {
	client.Client

	Log                  logr.Logger
	Scheme               *runtime.Scheme
	EnableIDS            bool
	EnableSignatureCheck bool
	CAPubKey             *rsa.PublicKey
	// contains filtered or unexported fields
}

FirewallReconciler reconciles a Firewall object

func (*FirewallReconciler) Reconcile ¶

func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile reconciles a firewall by: - reading Services of type Loadbalancer - rendering nftables rules - updating the firewall object with nftable rule statistics grouped by action +kubebuilder:rbac:groups=metal-stack.io,resources=firewalls,verbs=get;list;watch;create;update;patch;delete +kubebuilder:rbac:groups=metal-stack.io,resources=firewalls/status,verbs=get;update;patch

func (*FirewallReconciler) SetupWithManager ¶

func (r *FirewallReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager configures this controller to watch for the CRDs in a specific namespace

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
crd
mocks Package mocks is a generated GoMock package.	Package mocks is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL