networkpolicy

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2020 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PolicyBottomPriority     = uint16(100)
	PolicyTopPriority        = uint16(65000)
	PriorityOffsetSingleTier = float64(640)
	TierOffsetSingleTier     = uint16(0)
	PriorityOffsetMultiTier  = float64(20)
	TierOffsetMultiTier      = uint16(250)
)
View Source 
const (
	RuleIDLength = 16
)

Variables

This section is empty.

Functions

func InitialOFPriority added in v0.10.0 

func InitialOFPriority(p types.Priority, isSingleTier bool) uint16

InitialOFPriority is an InitialOFPriorityGetter that can be used by OVS tables handling both single and multiple Antrea NetworkPolicy Tiers. It computes the initial OpenFlow priority by offsetting the tier priority, policy priority and rule priority with pre determined coefficients.

Types

type CompletedRule 

type CompletedRule struct {

	// Source GroupMembers of this rule, can't coexist with ToAddresses.
	FromAddresses v1beta1.GroupMemberSet
	// Destination GroupMembers of this rule, can't coexist with FromAddresses.
	ToAddresses v1beta1.GroupMemberSet
	// Target Pods of this rule.
	Pods v1beta1.GroupMemberPodSet
	// contains filtered or unexported fields
}

CompletedRule contains IPAddresses and Pods flattened from AddressGroups and AppliedToGroups. It's the struct used by reconciler.

func (*CompletedRule) String added in v0.2.0 

func (r *CompletedRule) String() string

String returns the string representation of the CompletedRule.

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Controller is responsible for watching Antrea AddressGroups, AppliedToGroups, and NetworkPolicies, feeding them to ruleCache, getting dirty rules from ruleCache, invoking reconciler to reconcile them. 

        a.Feed AddressGroups,AppliedToGroups
             and NetworkPolicies
|-----------|    <--------    |----------- |  c. Reconcile dirty rules |----------- |
| ruleCache |                 | Controller |     ------------>         | reconciler |
| ----------|    -------->    |----------- |                           |----------- |
            b. Notify dirty rules

func NewNetworkPolicyController 

func NewNetworkPolicyController(antreaClientGetter agent.AntreaClientProvider,
	ofClient openflow.Client,
	ifaceStore interfacestore.InterfaceStore,
	nodeName string,
	podUpdates <-chan v1beta1.PodReference) *Controller

NewNetworkPolicyController returns a new *Controller.

func (*Controller) GetAddressGroupNum added in v0.3.0 

func (c *Controller) GetAddressGroupNum() int

func (*Controller) GetAddressGroups added in v0.5.0 

func (c *Controller) GetAddressGroups() []v1beta1.AddressGroup

func (*Controller) GetAppliedNetworkPolicies added in v0.6.0 

func (c *Controller) GetAppliedNetworkPolicies(pod, namespace string) []v1beta1.NetworkPolicy

GetAppliedToNetworkPolicies returns the NetworkPolicies applied to the Pod.

func (*Controller) GetAppliedToGroupNum added in v0.3.0 

func (c *Controller) GetAppliedToGroupNum() int

func (*Controller) GetAppliedToGroups added in v0.5.0 

func (c *Controller) GetAppliedToGroups() []v1beta1.AppliedToGroup

func (*Controller) GetControllerConnectionStatus added in v0.3.0 

func (c *Controller) GetControllerConnectionStatus() bool

func (*Controller) GetNetworkPolicies added in v0.5.0 

func (c *Controller) GetNetworkPolicies(namespace string) []v1beta1.NetworkPolicy

GetNetworkPolicies returns the requested NetworkPolicies. If namespace is provided, only NetworkPolicies in the Namespace are returned. If namespace is not provided, NetworkPolicies in all the Namespace are returned.

func (*Controller) GetNetworkPolicy added in v0.6.0 

func (c *Controller) GetNetworkPolicy(npName, npNamespace string) *v1beta1.NetworkPolicy

GetNetworkPolicy looks up and returns the cached NetworkPolicy. nil is returned if the specified NetworkPolicy is not found.

func (*Controller) GetNetworkPolicyNum added in v0.3.0 

func (c *Controller) GetNetworkPolicyNum() int

func (*Controller) Run 

func (c *Controller) Run(stopCh <-chan struct{})

Run begins watching and processing Antrea AddressGroups, AppliedToGroups and NetworkPolicies, and spawns workers that reconciles NetworkPolicy rules. Run will not return until stopCh is closed.

type InitialOFPriorityGetter added in v0.9.0 

type InitialOFPriorityGetter func(p types.Priority, isSingleTier bool) uint16

InitialOFPriorityGetter is a heuristics function that will map types.Priority to a specific initial OpenFlow priority in a table. It is used to space out the priorities in the OVS table and provide an initial guess on the OpenFlow priority that can be assigned to the input Priority. If that OpenFlow priority is not available, or if the surrounding priorities are out of place, getInsertionPoint() will then search for the appropriate OpenFlow priority to insert the input Priority.

type Reconciler 

type Reconciler interface {
	// Reconcile reconciles the desired state of the provided CompletedRule
	// with the actual state of Openflow entries.
	Reconcile(rule *CompletedRule) error

	// BatchReconcile reconciles the desired state of the provided CompletedRules
	// with the actual state of Openflow entries in batch. It should only be invoked
	// if all rules are newly added without last realized status.
	BatchReconcile(rules []*CompletedRule) error

	// Forget cleanups the actual state of Openflow entries of the specified ruleID.
	Forget(ruleID string) error
}

Reconciler is an interface that knows how to reconcile the desired state of CompletedRule with the actual state of Openflow entries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.