Documentation
¶
Index ¶
- Constants
- Variables
- func GetACLActionForANPRule(action anpapi.AdminNetworkPolicyRuleAction) string
- func GetACLActionForBANPRule(action anpapi.BaselineAdminNetworkPolicyRuleAction) string
- func GetANPPeerAddrSetDbIDs(name, gressPrefix, gressIndex, controller string, isBanp bool) *libovsdbops.DbObjectIDs
- func GetANPPortGroupDbIDs(anpName string, isBanp bool, controller string) *libovsdbops.DbObjectIDs
- type Controller
Constants ¶
const ( ANPFlowStartPriority = 30000 ANPMaxRulesPerObject = 100 BANPFlowPriority = 1750 // down to 1651 (both inclusive, note that these ACLs will be in tier3) )
NOTE: Iteration v1 of ANP will only support upto 100 ANPs We will use priority range from 30000 (0) to 20000 (99) ACLs (both inclusive, note that these ACLs will be in tier1) In order to support more in the future, we will need to fix priority range in OVS See https://bugzilla.redhat.com/show_bug.cgi?id=2175752 for more details. NOTE: A cluster can have only BANP at a given time as defined by upstream KEP.
Variables ¶
var ANPWithDuplicatePriorityEvent = "ANPWithDuplicatePriority"
var ANPWithUnsupportedPriorityEvent = "ANPWithUnsupportedPriority"
var ErrorANPPriorityUnsupported = errors.New("OVNK only supports priority ranges 0-99")
Functions ¶
func GetACLActionForANPRule ¶
func GetACLActionForANPRule(action anpapi.AdminNetworkPolicyRuleAction) string
GetACLActionForANPRule returns the corresponding OVN ACL action for a given ANP rule action
func GetACLActionForBANPRule ¶
func GetACLActionForBANPRule(action anpapi.BaselineAdminNetworkPolicyRuleAction) string
GetACLActionForBANPRule returns the corresponding OVN ACL action for a given BANP rule action
func GetANPPeerAddrSetDbIDs ¶
func GetANPPeerAddrSetDbIDs(name, gressPrefix, gressIndex, controller string, isBanp bool) *libovsdbops.DbObjectIDs
GetANPPeerAddrSetDbIDs will return the dbObjectIDs for a given rule's address-set
func GetANPPortGroupDbIDs ¶
func GetANPPortGroupDbIDs(anpName string, isBanp bool, controller string) *libovsdbops.DbObjectIDs
Types ¶
type Controller ¶
Controller holds the fields required for ANP controller taken from k8s controller guidelines
func NewController ¶
func NewController( controllerName string, nbClient libovsdbclient.Client, anpClient anpclientset.Interface, anpInformer anpinformer.AdminNetworkPolicyInformer, banpInformer anpinformer.BaselineAdminNetworkPolicyInformer, namespaceInformer corev1informers.NamespaceInformer, podInformer corev1informers.PodInformer, nodeInformer corev1informers.NodeInformer, addressSetFactory addressset.AddressSetFactory, isPodScheduledinLocalZone func(*v1.Pod) bool, zone string, recorder record.EventRecorder, observManager *observability.Manager) (*Controller, error)
NewController returns a new *Controller.
func (*Controller) Collect ¶
func (c *Controller) Collect(ch chan<- prometheus.Metric)
Collect first triggers the fetchANPRuleCountMetric. Then it creates constant metrics for each host on the fly based on the returned data.
Note that Collect could be called concurrently, so we depend on fetchANPRuleCountMetric to be concurrency-safe.
func (*Controller) Describe ¶
func (c *Controller) Describe(ch chan<- *prometheus.Desc)
Describe is implemented with DescribeByCollect. That's possible because the Collect method will always return the same two metrics with the same two descriptors.
func (*Controller) GetSamplingConfig ¶
func (c *Controller) GetSamplingConfig() *libovsdbops.SamplingConfig
func (*Controller) Run ¶
func (c *Controller) Run(threadiness int, stopCh <-chan struct{})
Run will not return until stopCh is closed. workers determines how many objects (pods, namespaces, anps, banps) will be handled in parallel.
Source Files