external_traffic

Documentation

Index

• Constants
• type EndpointsReconciler
  • func NewEndpointsReconciler(client client.Client, scheme *runtime.Scheme, enabled bool, ...) *EndpointsReconciler
  • func (r *EndpointsReconciler) InitIngressReferencedServicesIndex(mgr ctrl.Manager) error
  • func (r *EndpointsReconciler) InjectRecorder(recorder record.EventRecorder)
  • func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
  • func (r *EndpointsReconciler) ReconcileServiceForOtterizeNetpol(ctx context.Context, endpoints *corev1.Endpoints, otterizeServiceName string, ...) (ctrl.Result, error)
  • func (r *EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error
• type IngressReconciler
  • func NewIngressReconciler(client client.Client, scheme *runtime.Scheme, ...) *IngressReconciler
  • func (r *IngressReconciler) InitNetworkPoliciesByIngressNameIndex(mgr ctrl.Manager) error
  • func (r *IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
  • func (r *IngressReconciler) SetupWithManager(mgr ctrl.Manager) error
• type NetworkPolicyCreator
  • func NewNetworkPolicyCreator(client client.Client, scheme *runtime.Scheme, enabled bool, ...) *NetworkPolicyCreator

Constants

const (
	ReasonEnforcementGloballyDisabled         = "EnforcementGloballyDisabled"
	ReasonCreatingExternalTrafficPolicyFailed = "CreatingExternalTrafficPolicyFailed"
	ReasonCreatedExternalTrafficPolicy        = "CreatedExternalTrafficPolicy"
	ReasonGettingExternalTrafficPolicyFailed  = "GettingExternalTrafficPolicyFailed"
	ReasonRemovingExternalTrafficPolicy       = "RemovingExternalTrafficPolicy"
	ReasonRemovingExternalTrafficPolicyFailed = "RemovingExternalTrafficPolicyFailed"
	ReasonRemovedExternalTrafficPolicy        = "RemovedExternalTrafficPolicy"
)

const OtterizeExternalNetworkPolicyNameTemplate = "external-access-to-%s"

Types

type EndpointsReconciler

type EndpointsReconciler struct {
	client.Client
	Scheme *runtime.Scheme

	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewEndpointsReconciler

func NewEndpointsReconciler(client client.Client, scheme *runtime.Scheme, enabled bool, enforcementEnabledGlobally bool) *EndpointsReconciler

func (*EndpointsReconciler) InitIngressReferencedServicesIndex

func (r *EndpointsReconciler) InitIngressReferencedServicesIndex(mgr ctrl.Manager) error

func (*EndpointsReconciler) InjectRecorder

func (r *EndpointsReconciler) InjectRecorder(recorder record.EventRecorder)

func (*EndpointsReconciler) Reconcile

func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles three cases: (1) It watches Endpoints, which means it gets updates when Services are updated, or the pods backing them are updated.

    When that happens, and the Service is of type LoadBalancer, NodePort, or is referenced by an Ingress,
	   it checks if the backing pods are affected by Otterize Intents Network Policies.
	   If so, and the reconciler is enabled, it will create network policies to allow external traffic to those pods.
	   If the Endpoints (= Services) update port, it will update the port specified in the corresponding network policy.
	   If the Endpoints no longer refer to pods affected by Intents, then the network policy will be deleted.
	   If the Service is deleted completely, then the corresponding network policy will be deleted, since it is owned
	   by the service.

(2) It receives reconcile requests from the IngressReconciler, when Ingresses are created, updated or deleted. (3) It receives reconcile requests from the Intents NetworkPolicyReconciler, when Network Policies that apply intents

are created, updated or deleted. This means that if you create, update or delete intents, the corresponding
external traffic policy will be created (if there were no other intents affecting the service before then) or
deleted (if no intents network policies refer to the pods backing the service any longer).

func (*EndpointsReconciler) ReconcileServiceForOtterizeNetpol

func (r *EndpointsReconciler) ReconcileServiceForOtterizeNetpol(ctx context.Context, endpoints *corev1.Endpoints, otterizeServiceName string, ingressList *v1.IngressList, netpol *v1.NetworkPolicy) (ctrl.Result, error)

func (*EndpointsReconciler) SetupWithManager

func (r *EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error

type IngressReconciler

type IngressReconciler struct {
	client.Client
	Scheme *runtime.Scheme

	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewIngressReconciler

func NewIngressReconciler(client client.Client, scheme *runtime.Scheme, endpointsReconciler *EndpointsReconciler) *IngressReconciler

func (*IngressReconciler) InitNetworkPoliciesByIngressNameIndex

func (r *IngressReconciler) InitNetworkPoliciesByIngressNameIndex(mgr ctrl.Manager) error

func (*IngressReconciler) Reconcile

func (r *IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles ingress creation, update and delete. In all of these cases, it resolves which services the ingress refers to, and sends a Reconcile request to the EndpointsReconciler. The EndpointsReconciler is responsible for determining which services and ingresses are related to an Endpoints resource and managing the network policies accordingly.

func (*IngressReconciler) SetupWithManager

func (r *IngressReconciler) SetupWithManager(mgr ctrl.Manager) error

type NetworkPolicyCreator

type NetworkPolicyCreator struct {
	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewNetworkPolicyCreator

func NewNetworkPolicyCreator(client client.Client, scheme *runtime.Scheme, enabled bool, enforcementEnabledGlobally bool) *NetworkPolicyCreator