adminnetworkpolicy

package
v0.0.0-...-5df01a4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2025 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ANPFlowStartPriority = 30000
	ANPMaxRulesPerObject = 100

	BANPFlowPriority = 1750 // down to 1651 (both inclusive, note that these ACLs will be in tier3)
)

NOTE: Iteration v1 of ANP will only support upto 100 ANPs We will use priority range from 30000 (0) to 20000 (99) ACLs (both inclusive, note that these ACLs will be in tier1) In order to support more in the future, we will need to fix priority range in OVS See https://bugzilla.redhat.com/show_bug.cgi?id=2175752 for more details. NOTE: A cluster can have only BANP at a given time as defined by upstream KEP.

Variables

View Source
var ANPWithDuplicatePriorityEvent = "ANPWithDuplicatePriority"
View Source
var ANPWithUnsupportedPriorityEvent = "ANPWithUnsupportedPriority"
View Source
var ErrorANPPriorityUnsupported = errors.New("OVNK only supports priority ranges 0-99")

Functions

func GetACLActionForANPRule

func GetACLActionForANPRule(action anpapi.AdminNetworkPolicyRuleAction) string

GetACLActionForANPRule returns the corresponding OVN ACL action for a given ANP rule action

func GetACLActionForBANPRule

func GetACLActionForBANPRule(action anpapi.BaselineAdminNetworkPolicyRuleAction) string

GetACLActionForBANPRule returns the corresponding OVN ACL action for a given BANP rule action

func GetANPPeerAddrSetDbIDs

func GetANPPeerAddrSetDbIDs(name, gressPrefix, gressIndex, controller string, isBanp bool) *libovsdbops.DbObjectIDs

GetANPPeerAddrSetDbIDs will return the dbObjectIDs for a given rule's address-set

func GetANPPortGroupDbIDs

func GetANPPortGroupDbIDs(anpName string, isBanp bool, controller string) *libovsdbops.DbObjectIDs

Types

type Controller

type Controller struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Controller holds the fields required for ANP controller taken from k8s controller guidelines

func NewController

func NewController(
	controllerName string,
	nbClient libovsdbclient.Client,
	anpClient anpclientset.Interface,
	anpInformer anpinformer.AdminNetworkPolicyInformer,
	banpInformer anpinformer.BaselineAdminNetworkPolicyInformer,
	namespaceInformer corev1informers.NamespaceInformer,
	podInformer corev1informers.PodInformer,
	nodeInformer corev1informers.NodeInformer,
	addressSetFactory addressset.AddressSetFactory,
	isPodScheduledinLocalZone func(*v1.Pod) bool,
	zone string,
	recorder record.EventRecorder,
	observManager *observability.Manager) (*Controller, error)

NewController returns a new *Controller.

func (*Controller) Collect

func (c *Controller) Collect(ch chan<- prometheus.Metric)

Collect first triggers the fetchANPRuleCountMetric. Then it creates constant metrics for each host on the fly based on the returned data.

Note that Collect could be called concurrently, so we depend on fetchANPRuleCountMetric to be concurrency-safe.

func (*Controller) Describe

func (c *Controller) Describe(ch chan<- *prometheus.Desc)

Describe is implemented with DescribeByCollect. That's possible because the Collect method will always return the same two metrics with the same two descriptors.

func (*Controller) GetSamplingConfig

func (c *Controller) GetSamplingConfig() *libovsdbops.SamplingConfig

func (*Controller) Run

func (c *Controller) Run(threadiness int, stopCh <-chan struct{})

Run will not return until stopCh is closed. workers determines how many objects (pods, namespaces, anps, banps) will be handled in parallel.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL