Documentation ¶
Index ¶
- Constants
- type CompletedRule
- type Controller
- func (c *Controller) GetAddressGroupNum() int
- func (c *Controller) GetAddressGroups() []v1beta1.AddressGroup
- func (c *Controller) GetAppliedNetworkPolicies(pod, namespace string) []v1beta1.NetworkPolicy
- func (c *Controller) GetAppliedToGroupNum() int
- func (c *Controller) GetAppliedToGroups() []v1beta1.AppliedToGroup
- func (c *Controller) GetControllerConnectionStatus() bool
- func (c *Controller) GetNetworkPolicies(namespace string) []v1beta1.NetworkPolicy
- func (c *Controller) GetNetworkPolicy(npName, npNamespace string) *v1beta1.NetworkPolicy
- func (c *Controller) GetNetworkPolicyNum() int
- func (c *Controller) Run(stopCh <-chan struct{}) error
- type Reconciler
Constants ¶
const ( PriorityBottomCNP = uint16(100) InitialPriorityOffset = uint16(130) InitialPriorityZones = 100 DefaultTierStart = uint16(13100) )
const (
RuleIDLength = 16
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CompletedRule ¶
type CompletedRule struct { // Source Pods of this rule, can't coexist with ToAddresses. FromAddresses v1beta1.GroupMemberPodSet // Destination Pods of this rule, can't coexist with FromAddresses. ToAddresses v1beta1.GroupMemberPodSet // Target Pods of this rule. Pods v1beta1.GroupMemberPodSet // contains filtered or unexported fields }
CompletedRule contains IPAddresses and Pods flattened from AddressGroups and AppliedToGroups. It's the struct used by reconciler.
func (*CompletedRule) String ¶ added in v0.2.0
func (r *CompletedRule) String() string
String returns the string representation of the CompletedRule.
type Controller ¶
type Controller struct {
// contains filtered or unexported fields
}
Controller is responsible for watching Antrea AddressGroups, AppliedToGroups, and NetworkPolicies, feeding them to ruleCache, getting dirty rules from ruleCache, invoking reconciler to reconcile them.
a.Feed AddressGroups,AppliedToGroups and NetworkPolicies |-----------| <-------- |----------- | c. Reconcile dirty rules |----------- | | ruleCache | | Controller | ------------> | reconciler | | ----------| --------> |----------- | |----------- | b. Notify dirty rules
func NewNetworkPolicyController ¶
func NewNetworkPolicyController(antreaClientGetter agent.AntreaClientProvider, ofClient openflow.Client, ifaceStore interfacestore.InterfaceStore, nodeName string, podUpdates <-chan v1beta1.PodReference) *Controller
NewNetworkPolicyController returns a new *Controller.
func (*Controller) GetAddressGroupNum ¶ added in v0.3.0
func (c *Controller) GetAddressGroupNum() int
func (*Controller) GetAddressGroups ¶ added in v0.5.0
func (c *Controller) GetAddressGroups() []v1beta1.AddressGroup
func (*Controller) GetAppliedNetworkPolicies ¶ added in v0.6.0
func (c *Controller) GetAppliedNetworkPolicies(pod, namespace string) []v1beta1.NetworkPolicy
GetAppliedToNetworkPolicies returns the NetworkPolicies applied to the Pod.
func (*Controller) GetAppliedToGroupNum ¶ added in v0.3.0
func (c *Controller) GetAppliedToGroupNum() int
func (*Controller) GetAppliedToGroups ¶ added in v0.5.0
func (c *Controller) GetAppliedToGroups() []v1beta1.AppliedToGroup
func (*Controller) GetControllerConnectionStatus ¶ added in v0.3.0
func (c *Controller) GetControllerConnectionStatus() bool
func (*Controller) GetNetworkPolicies ¶ added in v0.5.0
func (c *Controller) GetNetworkPolicies(namespace string) []v1beta1.NetworkPolicy
GetNetworkPolicies returns the requested NetworkPolicies. If namespace is provided, only NetworkPolicies in the Namespace are returned. If namespace is not provided, NetworkPolicies in all the Namespace are returned.
func (*Controller) GetNetworkPolicy ¶ added in v0.6.0
func (c *Controller) GetNetworkPolicy(npName, npNamespace string) *v1beta1.NetworkPolicy
GetNetworkPolicy looks up and returns the cached NetworkPolicy. nil is returned if the specified NetworkPolicy is not found.
func (*Controller) GetNetworkPolicyNum ¶ added in v0.3.0
func (c *Controller) GetNetworkPolicyNum() int
func (*Controller) Run ¶
func (c *Controller) Run(stopCh <-chan struct{}) error
Run begins watching and processing Antrea AddressGroups, AppliedToGroups and NetworkPolicies, and spawns workers that reconciles NetworkPolicy rules. Run will not return until stopCh is closed.
type Reconciler ¶
type Reconciler interface { // Reconcile reconciles the desired state of the provided CompletedRule // with the actual state of Openflow entries. Reconcile(rule *CompletedRule) error // Forget cleanups the actual state of Openflow entries of the specified ruleID. Forget(ruleID string) error }
Reconciler is an interface that knows how to reconcile the desired state of CompletedRule with the actual state of Openflow entries.