networkpolicy

package
v0.10.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 30, 2020 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// TierIndex is used to index ClusterNetworkPolicies by Tier names.
	TierIndex = "tier"
	// PriorityIndex is used to index Tiers by their priorities.
	PriorityIndex = "priority"
)

Variables

This section is empty.

Functions

func GetAdmissionResponseForErr added in v0.10.0

func GetAdmissionResponseForErr(err error) *admv1.AdmissionResponse

GetAdmissionResponseForErr returns an object of type AdmissionResponse with the submitted error message.

func NewEndpointQuerier added in v0.10.0

func NewEndpointQuerier(networkPolicyController *NetworkPolicyController) *endpointQuerier

NewEndpointQuerier returns a new *endpointQuerier.

Types

type Endpoint added in v0.10.0

type Endpoint struct {
	Namespace string   `json:"namespace,omitempty"`
	Name      string   `json:"name,omitempty"`
	Policies  []Policy `json:"policies,omitempty"`
	Rules     []Rule   `json:"rules,omitempty"`
}

type EndpointQuerier added in v0.10.0

type EndpointQuerier interface {
	// QueryNetworkPolicies returns the list of NetworkPolicies which apply to the provided Pod,
	// along with the list NetworkPolicies which select the provided Pod in one of their policy
	// rules (ingress or egress).
	QueryNetworkPolicies(namespace string, podName string) (*EndpointQueryResponse, error)
}

EndpointQuerier handles requests for antctl query

type EndpointQueryResponse added in v0.10.0

type EndpointQueryResponse struct {
	Endpoints []Endpoint `json:"endpoints,omitempty"`
}

EndpointQueryResponse is the reply struct for anctl endpoint queries

type NetworkPolicyController

type NetworkPolicyController struct {
	// contains filtered or unexported fields
}

NetworkPolicyController is responsible for synchronizing the Namespaces and Pods affected by a Network Policy.

func NewNetworkPolicyController

func NewNetworkPolicyController(kubeClient clientset.Interface,
	crdClient versioned.Interface,
	podInformer coreinformers.PodInformer,
	namespaceInformer coreinformers.NamespaceInformer,
	externalEntityInformer corev1a1informers.ExternalEntityInformer,
	networkPolicyInformer networkinginformers.NetworkPolicyInformer,
	cnpInformer secinformers.ClusterNetworkPolicyInformer,
	anpInformer secinformers.NetworkPolicyInformer,
	tierInformer secinformers.TierInformer,
	addressGroupStore storage.Interface,
	appliedToGroupStore storage.Interface,
	internalNetworkPolicyStore storage.Interface) *NetworkPolicyController

NewNetworkPolicyController returns a new *NetworkPolicyController.

func (*NetworkPolicyController) GetAddressGroupNum added in v0.3.0

func (n *NetworkPolicyController) GetAddressGroupNum() int

func (*NetworkPolicyController) GetAppliedToGroupNum added in v0.3.0

func (n *NetworkPolicyController) GetAppliedToGroupNum() int

func (*NetworkPolicyController) GetConnectedAgentNum added in v0.3.0

func (n *NetworkPolicyController) GetConnectedAgentNum() int

GetConnectedAgentNum gets the number of Agents which are connected to this Controller. Since Agent will watch all the three stores (internalNetworkPolicyStore, appliedToGroupStore, addressGroupStore), the number of watchers of one of these three stores is equal to the number of connected Agents. Here, we uses the number of watchers of internalNetworkPolicyStore to represent the number of connected Agents.

func (*NetworkPolicyController) GetNetworkPolicyNum added in v0.3.0

func (n *NetworkPolicyController) GetNetworkPolicyNum() int

func (*NetworkPolicyController) InitializeTiers added in v0.10.0

func (n *NetworkPolicyController) InitializeTiers()

InitializeTiers initializes the default Tiers created by Antrea on init. It will first attempt to retrieve the Tier by it's name from K8s and if missing, create the CR. InitializeTiers will be called as part of a Post-Start hook of antrea-controller's APIServer.

func (*NetworkPolicyController) Run

func (n *NetworkPolicyController) Run(stopCh <-chan struct{})

Run begins watching and syncing of a NetworkPolicyController.

type NetworkPolicyValidator added in v0.10.0

type NetworkPolicyValidator struct {
	// contains filtered or unexported fields
}

func NewNetworkPolicyValidator added in v0.10.0

func NewNetworkPolicyValidator(networkPolicyController *NetworkPolicyController) *NetworkPolicyValidator

NewNetworkPolicyValidator returns a new *NetworkPolicyValidator.

func (*NetworkPolicyValidator) Validate added in v0.10.0

Validate function validates a Tier or Antrea Policy object

type Policy added in v0.10.0

type Policy struct {
	PolicyRef
}

type PolicyRef added in v0.10.0

type PolicyRef struct {
	Namespace string    `json:"namespace,omitempty"`
	Name      string    `json:"name,omitempty"`
	UID       types.UID `json:"uid,omitempty"`
}

type Rule added in v0.10.0

type Rule struct {
	PolicyRef
	Direction cpv1beta1.Direction `json:"direction,omitempty"`
	RuleIndex int                 `json:"ruleindex,omitempty"`
}

Directories

Path Synopsis
Package testing is a generated GoMock package.
Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL