networkpolicy

package
v0.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2021 License: Apache-2.0 Imports: 47 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// TierIndex is used to index ClusterNetworkPolicies by Tier names.
	TierIndex = "tier"
	// PriorityIndex is used to index Tiers by their priorities.
	PriorityIndex = "priority"
)

Variables

This section is empty.

Functions

func GetAdmissionResponseForErr added in v0.10.0 

func GetAdmissionResponseForErr(err error) *admv1.AdmissionResponse

GetAdmissionResponseForErr returns an object of type AdmissionResponse with the submitted error message.

func NewEndpointQuerier added in v0.10.0 

func NewEndpointQuerier(networkPolicyController *NetworkPolicyController) *endpointQuerier

NewEndpointQuerier returns a new *endpointQuerier.

Types

type Endpoint added in v0.10.0 

type Endpoint struct {
	Namespace string   `json:"namespace,omitempty"`
	Name      string   `json:"name,omitempty"`
	Policies  []Policy `json:"policies,omitempty"`
	Rules     []Rule   `json:"rules,omitempty"`
}

type EndpointQuerier added in v0.10.0 

type EndpointQuerier interface {
	// QueryNetworkPolicies returns the list of NetworkPolicies which apply to the provided Pod,
	// along with the list NetworkPolicies which select the provided Pod in one of their policy
	// rules (ingress or egress).
	QueryNetworkPolicies(namespace string, podName string) (*EndpointQueryResponse, error)
}

EndpointQuerier handles requests for antctl query

type EndpointQueryResponse added in v0.10.0 

type EndpointQueryResponse struct {
	Endpoints []Endpoint `json:"endpoints,omitempty"`
}

EndpointQueryResponse is the reply struct for anctl endpoint queries

type NetworkPolicyController 

type NetworkPolicyController struct {
	// contains filtered or unexported fields
}

NetworkPolicyController is responsible for synchronizing the Namespaces and Pods affected by a Network Policy.

func NewNetworkPolicyController 

func NewNetworkPolicyController(kubeClient clientset.Interface,
	crdClient versioned.Interface,
	podInformer coreinformers.PodInformer,
	namespaceInformer coreinformers.NamespaceInformer,
	externalEntityInformer corev1a2informers.ExternalEntityInformer,
	networkPolicyInformer networkinginformers.NetworkPolicyInformer,
	cnpInformer secinformers.ClusterNetworkPolicyInformer,
	anpInformer secinformers.NetworkPolicyInformer,
	tierInformer secinformers.TierInformer,
	addressGroupStore storage.Interface,
	appliedToGroupStore storage.Interface,
	internalNetworkPolicyStore storage.Interface) *NetworkPolicyController

NewNetworkPolicyController returns a new *NetworkPolicyController.

func (*NetworkPolicyController) GetAddressGroupNum added in v0.3.0 

func (n *NetworkPolicyController) GetAddressGroupNum() int

func (*NetworkPolicyController) GetAppliedToGroupNum added in v0.3.0 

func (n *NetworkPolicyController) GetAppliedToGroupNum() int

func (*NetworkPolicyController) GetConnectedAgentNum added in v0.3.0 

func (n *NetworkPolicyController) GetConnectedAgentNum() int

GetConnectedAgentNum gets the number of Agents which are connected to this Controller. Since Agent will watch all the three stores (internalNetworkPolicyStore, appliedToGroupStore, addressGroupStore), the number of watchers of one of these three stores is equal to the number of connected Agents. Here, we uses the number of watchers of appliedToGroupStore to represent the number of connected Agents as internalNetworkPolicyStore is also watched by the StatusController of the process itself.

func (*NetworkPolicyController) GetNetworkPolicyNum added in v0.3.0 

func (n *NetworkPolicyController) GetNetworkPolicyNum() int

func (*NetworkPolicyController) InitializeTiers added in v0.10.0 

func (n *NetworkPolicyController) InitializeTiers()

InitializeTiers initializes the default Tiers created by Antrea on init. It will first attempt to retrieve the Tier by it's name from K8s and if missing, create the CR. InitializeTiers will be called as part of a Post-Start hook of antrea-controller's APIServer.

func (*NetworkPolicyController) Run 

func (n *NetworkPolicyController) Run(stopCh <-chan struct{})

Run begins watching and syncing of a NetworkPolicyController.

type NetworkPolicyMutator added in v0.11.0 

type NetworkPolicyMutator struct {
	// contains filtered or unexported fields
}

func NewNetworkPolicyMutator added in v0.11.0 

func NewNetworkPolicyMutator(networkPolicyController *NetworkPolicyController) *NetworkPolicyMutator

NewNetworkPolicyMutator returns a new *NetworkPolicyMutator.

func (*NetworkPolicyMutator) Mutate added in v0.11.0 

func (m *NetworkPolicyMutator) Mutate(ar *admv1.AdmissionReview) *admv1.AdmissionResponse

Mutate function mutates an Antrea-native policy object

type NetworkPolicyValidator added in v0.10.0 

type NetworkPolicyValidator struct {
	// contains filtered or unexported fields
}

func NewNetworkPolicyValidator added in v0.10.0 

func NewNetworkPolicyValidator(networkPolicyController *NetworkPolicyController) *NetworkPolicyValidator

NewNetworkPolicyValidator returns a new *NetworkPolicyValidator.

func (*NetworkPolicyValidator) Validate added in v0.10.0 

func (v *NetworkPolicyValidator) Validate(ar *admv1.AdmissionReview) *admv1.AdmissionResponse

Validate function validates a Tier or Antrea Policy object

type Policy added in v0.10.0 

type Policy struct {
	PolicyRef
}

type PolicyRef added in v0.10.0 

type PolicyRef struct {
	Namespace string    `json:"namespace,omitempty"`
	Name      string    `json:"name,omitempty"`
	UID       types.UID `json:"uid,omitempty"`
}

type Rule added in v0.10.0 

type Rule struct {
	PolicyRef
	Direction cpv1beta.Direction `json:"direction,omitempty"`
	RuleIndex int                `json:"ruleindex,omitempty"`
}

type StatusController added in v0.11.0 

type StatusController struct {
	// contains filtered or unexported fields
}

StatusController is responsible for synchronizing the status of Antrea ClusterNetworkPolicy and Antrea NetworkPolicy.

func NewStatusController added in v0.11.0 

func NewStatusController(antreaClient antreaclientset.Interface, internalNetworkPolicyStore storage.Interface, cnpInformer secinformers.ClusterNetworkPolicyInformer, anpInformer secinformers.NetworkPolicyInformer) *StatusController

func (*StatusController) Run added in v0.11.0 

func (c *StatusController) Run(stopCh <-chan struct{})

Run begins watching and syncing of a StatusController.

func (*StatusController) UpdateStatus added in v0.11.0 

func (c *StatusController) UpdateStatus(status *controlplane.NetworkPolicyStatus) error

Source Files

View all Source files

Directories

Path Synopsis
Package testing is a generated GoMock package.
 Package testing is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.