Documentation ¶
Index ¶
- Constants
- func GetAdmissionResponseForErr(err error) *admv1.AdmissionResponse
- func NewEndpointQuerier(networkPolicyController *NetworkPolicyController) *endpointQuerier
- type Endpoint
- type EndpointQuerier
- type EndpointQueryResponse
- type NetworkPolicyController
- func (n *NetworkPolicyController) GetAddressGroupNum() int
- func (n *NetworkPolicyController) GetAppliedToGroupNum() int
- func (n *NetworkPolicyController) GetConnectedAgentNum() int
- func (n *NetworkPolicyController) GetNetworkPolicyNum() int
- func (n *NetworkPolicyController) InitializeTiers()
- func (n *NetworkPolicyController) Run(stopCh <-chan struct{})
- type NetworkPolicyValidator
- type Policy
- type PolicyRef
- type Rule
Constants ¶
const ( // TierIndex is used to index ClusterNetworkPolicies by Tier names. TierIndex = "tier" // PriorityIndex is used to index Tiers by their priorities. PriorityIndex = "priority" )
Variables ¶
This section is empty.
Functions ¶
func GetAdmissionResponseForErr ¶ added in v0.10.0
func GetAdmissionResponseForErr(err error) *admv1.AdmissionResponse
GetAdmissionResponseForErr returns an object of type AdmissionResponse with the submitted error message.
func NewEndpointQuerier ¶ added in v0.10.0
func NewEndpointQuerier(networkPolicyController *NetworkPolicyController) *endpointQuerier
NewEndpointQuerier returns a new *endpointQuerier.
Types ¶
type EndpointQuerier ¶ added in v0.10.0
type EndpointQuerier interface { // QueryNetworkPolicies returns the list of NetworkPolicies which apply to the provided Pod, // along with the list NetworkPolicies which select the provided Pod in one of their policy // rules (ingress or egress). QueryNetworkPolicies(namespace string, podName string) (*EndpointQueryResponse, error) }
EndpointQuerier handles requests for antctl query
type EndpointQueryResponse ¶ added in v0.10.0
type EndpointQueryResponse struct {
Endpoints []Endpoint `json:"endpoints,omitempty"`
}
EndpointQueryResponse is the reply struct for anctl endpoint queries
type NetworkPolicyController ¶
type NetworkPolicyController struct {
// contains filtered or unexported fields
}
NetworkPolicyController is responsible for synchronizing the Namespaces and Pods affected by a Network Policy.
func NewNetworkPolicyController ¶
func NewNetworkPolicyController(kubeClient clientset.Interface, crdClient versioned.Interface, podInformer coreinformers.PodInformer, namespaceInformer coreinformers.NamespaceInformer, externalEntityInformer corev1a1informers.ExternalEntityInformer, networkPolicyInformer networkinginformers.NetworkPolicyInformer, cnpInformer secinformers.ClusterNetworkPolicyInformer, anpInformer secinformers.NetworkPolicyInformer, tierInformer secinformers.TierInformer, addressGroupStore storage.Interface, appliedToGroupStore storage.Interface, internalNetworkPolicyStore storage.Interface) *NetworkPolicyController
NewNetworkPolicyController returns a new *NetworkPolicyController.
func (*NetworkPolicyController) GetAddressGroupNum ¶ added in v0.3.0
func (n *NetworkPolicyController) GetAddressGroupNum() int
func (*NetworkPolicyController) GetAppliedToGroupNum ¶ added in v0.3.0
func (n *NetworkPolicyController) GetAppliedToGroupNum() int
func (*NetworkPolicyController) GetConnectedAgentNum ¶ added in v0.3.0
func (n *NetworkPolicyController) GetConnectedAgentNum() int
GetConnectedAgentNum gets the number of Agents which are connected to this Controller. Since Agent will watch all the three stores (internalNetworkPolicyStore, appliedToGroupStore, addressGroupStore), the number of watchers of one of these three stores is equal to the number of connected Agents. Here, we uses the number of watchers of internalNetworkPolicyStore to represent the number of connected Agents.
func (*NetworkPolicyController) GetNetworkPolicyNum ¶ added in v0.3.0
func (n *NetworkPolicyController) GetNetworkPolicyNum() int
func (*NetworkPolicyController) InitializeTiers ¶ added in v0.10.0
func (n *NetworkPolicyController) InitializeTiers()
InitializeTiers initializes the default Tiers created by Antrea on init. It will first attempt to retrieve the Tier by it's name from K8s and if missing, create the CR. InitializeTiers will be called as part of a Post-Start hook of antrea-controller's APIServer.
func (*NetworkPolicyController) Run ¶
func (n *NetworkPolicyController) Run(stopCh <-chan struct{})
Run begins watching and syncing of a NetworkPolicyController.
type NetworkPolicyValidator ¶ added in v0.10.0
type NetworkPolicyValidator struct {
// contains filtered or unexported fields
}
func NewNetworkPolicyValidator ¶ added in v0.10.0
func NewNetworkPolicyValidator(networkPolicyController *NetworkPolicyController) *NetworkPolicyValidator
NewNetworkPolicyValidator returns a new *NetworkPolicyValidator.
func (*NetworkPolicyValidator) Validate ¶ added in v0.10.0
func (v *NetworkPolicyValidator) Validate(ar *admv1.AdmissionReview) *admv1.AdmissionResponse
Validate function validates a Tier or Antrea Policy object