policy

package
v3.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2024 License: Apache-2.0, Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FelixPluginSrcPath = "/bin/felix-api-proxy"
	FelixPluginDstPath = "/var/lib/calico/felix-plugins/felix-api-proxy"
)

Variables

This section is empty.

Functions

func InstallFelixPlugin 

func InstallFelixPlugin() (err error)

Types

type HostEndpoint 

type HostEndpoint struct {
	UplinkSwIfIndexes []uint32
	TapSwIfIndexes    []uint32
	TunnelSwIfIndexes []uint32
	Profiles          []string
	Tiers             []Tier
	ForwardTiers      []Tier

	InterfaceName string
	// contains filtered or unexported fields
}

func (*HostEndpoint) Create 

func (h *HostEndpoint) Create(vpp *vpplink.VppLink, state *PolicyState) (err error)

func (*HostEndpoint) Delete 

func (h *HostEndpoint) Delete(vpp *vpplink.VppLink, state *PolicyState) (err error)

func (*HostEndpoint) String 

func (he *HostEndpoint) String() string

func (*HostEndpoint) Update 

func (h *HostEndpoint) Update(vpp *vpplink.VppLink, new *HostEndpoint, state *PolicyState) (err error)

type HostEndpointID 

type HostEndpointID struct {
	EndpointID string
}

func (HostEndpointID) String 

func (eid HostEndpointID) String() string

type IPSet 

type IPSet struct {
	VppID     uint32
	Type      types.IpsetType
	IPPorts   map[string]types.IPPort
	Addresses map[string]net.IP
	Networks  map[string]*net.IPNet
}

func NewIPSet 

func NewIPSet() *IPSet

func (*IPSet) AddMembers 

func (i *IPSet) AddMembers(members []string, apply bool, vpp *vpplink.VppLink) (err error)

func (*IPSet) Create 

func (i *IPSet) Create(vpp *vpplink.VppLink) (err error)

func (*IPSet) Delete 

func (i *IPSet) Delete(vpp *vpplink.VppLink) (err error)

func (*IPSet) RemoveMembers 

func (i *IPSet) RemoveMembers(members []string, apply bool, vpp *vpplink.VppLink) (err error)

func (*IPSet) String 

func (i *IPSet) String() string

type NodeWatcherRestartError added in v3.25.1 

type NodeWatcherRestartError struct{}

func (NodeWatcherRestartError) Error added in v3.25.1 

func (e NodeWatcherRestartError) Error() string

type Policy 

type Policy struct {
	*types.Policy
	VppID         uint32
	InboundRules  []*Rule
	OutboundRules []*Rule
}

Policy represents both Policies and Profiles in the calico API

func (*Policy) Create 

func (p *Policy) Create(vpp *vpplink.VppLink, state *PolicyState) (err error)

func (*Policy) DeepCopy 

func (p *Policy) DeepCopy() *Policy

func (*Policy) Delete 

func (p *Policy) Delete(vpp *vpplink.VppLink, state *PolicyState) (err error)

func (*Policy) String 

func (p *Policy) String() string

func (*Policy) Update 

func (p *Policy) Update(vpp *vpplink.VppLink, new *Policy, state *PolicyState) (err error)

Apply any changes to VPP and update this policy to new

type PolicyID 

type PolicyID struct {
	Tier    string
	Name    string
	Network string
}

type PolicyState 

type PolicyState struct {
	IPSets            map[string]*IPSet
	Policies          map[PolicyID]*Policy
	Profiles          map[string]*Policy
	WorkloadEndpoints map[WorkloadEndpointID]*WorkloadEndpoint
	HostEndpoints     map[HostEndpointID]*HostEndpoint
}

func NewPolicyState 

func NewPolicyState() *PolicyState

type Rule 

type Rule struct {
	*types.Rule

	RuleID string
	VppID  uint32

	DstIPPortIPSetNames    []string
	DstNotIPPortIPSetNames []string
	SrcIPPortIPSetNames    []string
	SrcNotIPPortIPSetNames []string

	DstIPSetNames    []string
	DstNotIPSetNames []string
	SrcIPSetNames    []string
	SrcNotIPSetNames []string

	DstIPPortSetNames []string

	Annotations map[string]string
}

func (*Rule) Create 

func (r *Rule) Create(vpp *vpplink.VppLink, state *PolicyState) (err error)

func (*Rule) DeepCopy 

func (r *Rule) DeepCopy() *Rule

func (*Rule) Delete 

func (r *Rule) Delete(vpp *vpplink.VppLink) (err error)

func (*Rule) String 

func (r *Rule) String() string

type Server 

type Server struct {

	/* always allow traffic coming from host to the pods (for healthchecks and so on) */
	// AllowFromHostPolicy persists the policy allowing host --> pod communications.
	// See CreateAllowFromHostPolicy definition
	AllowFromHostPolicy *Policy

	FelixConfigChan chan interface{}

	GotOurNodeBGPchan chan interface{}
	// contains filtered or unexported fields
}

Server holds all the data required to configure the policies defined by felix in VPP

func NewPolicyServer 

func NewPolicyServer(vpp *vpplink.VppLink, log *logrus.Entry) (*Server, error)

NewServer creates a policy server

func (*Server) GetPrefixIPPool added in v3.25.1 

func (s *Server) GetPrefixIPPool(prefix *net.IPNet) *proto.IPAMPool

match checks whether we have an IP pool which contains the given prefix. If we have, it returns the pool.

func (*Server) IPNetNeedsSNAT added in v3.25.1 

func (s *Server) IPNetNeedsSNAT(prefix *net.IPNet) bool

func (*Server) IpamPoolCopy added in v3.25.1 

func (s *Server) IpamPoolCopy(update *proto.IPAMPoolUpdate) *proto.IPAMPool

func (*Server) MessageReader 

func (s *Server) MessageReader(conn net.Conn) <-chan interface{}

func (*Server) RecvMessage 

func (s *Server) RecvMessage(conn net.Conn) (msg interface{}, err error)

func (*Server) SendMessage 

func (s *Server) SendMessage(conn net.Conn, msg interface{}) (err error)

func (*Server) ServePolicy 

func (s *Server) ServePolicy(t *tomb.Tomb) error

Serve runs the policy server

func (*Server) WorkloadRemoved 

func (s *Server) WorkloadRemoved(id *WorkloadEndpointID, containerIPs []*net.IPNet)

WorkloadRemoved is called by the CNI server when the interface of a pod is deleted

type SyncState 

type SyncState int
const (
	StateDisconnected SyncState = iota
	StateConnected
	StateSyncing
	StateInSync
)

type Tier 

type Tier struct {
	Name            string
	IngressPolicies []string
	EgressPolicies  []string
}

func (*Tier) String 

func (tr *Tier) String() string

type WorkloadEndpoint 

type WorkloadEndpoint struct {
	SwIfIndex []uint32
	Profiles  []string
	Tiers     []Tier
	// contains filtered or unexported fields
}

func (*WorkloadEndpoint) Create 

func (w *WorkloadEndpoint) Create(vpp *vpplink.VppLink, swIfIndexes []uint32, state *PolicyState, network string) (err error)

func (*WorkloadEndpoint) Delete 

func (w *WorkloadEndpoint) Delete(vpp *vpplink.VppLink) (err error)

func (*WorkloadEndpoint) String 

func (we *WorkloadEndpoint) String() string

func (*WorkloadEndpoint) Update 

func (w *WorkloadEndpoint) Update(vpp *vpplink.VppLink, new *WorkloadEndpoint, state *PolicyState, network string) (err error)

type WorkloadEndpointID 

type WorkloadEndpointID struct {
	OrchestratorID string
	WorkloadID     string
	EndpointID     string
	Network        string
}

func (*WorkloadEndpointID) String 

func (wi *WorkloadEndpointID) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.