networkpolicy

package
v0.9.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2020 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PriorityBottomCNP     = uint16(100)
	PriorityTopCNP        = uint16(65000)
	InitialPriorityOffset = uint16(640)
	InitialPriorityZones  = 100
)
View Source 
const (
	RuleIDLength = 16
)

Variables

This section is empty.

Functions

func InitialOFPrioritySingleTierPerTable added in v0.9.0 

func InitialOFPrioritySingleTierPerTable(p types.Priority) uint16

InitialOFPrioritySingleTierPerTable is an InitialOFPriorityGetter that can be used by OVS tables that handles only one Antrea NetworkPolicy Tier. It roughly divides the table into 100 zones and computes the initial OpenFlow priority based on rule priority.

Types

type CompletedRule 

type CompletedRule struct {

	// Source Pods of this rule, can't coexist with ToAddresses.
	FromAddresses v1beta1.GroupMemberPodSet
	// Destination Pods of this rule, can't coexist with FromAddresses.
	ToAddresses v1beta1.GroupMemberPodSet
	// Target Pods of this rule.
	Pods v1beta1.GroupMemberPodSet
	// contains filtered or unexported fields
}

CompletedRule contains IPAddresses and Pods flattened from AddressGroups and AppliedToGroups. It's the struct used by reconciler.

func (*CompletedRule) String added in v0.2.0 

func (r *CompletedRule) String() string

String returns the string representation of the CompletedRule.

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Controller is responsible for watching Antrea AddressGroups, AppliedToGroups, and NetworkPolicies, feeding them to ruleCache, getting dirty rules from ruleCache, invoking reconciler to reconcile them. 

        a.Feed AddressGroups,AppliedToGroups
             and NetworkPolicies
|-----------|    <--------    |----------- |  c. Reconcile dirty rules |----------- |
| ruleCache |                 | Controller |     ------------>         | reconciler |
| ----------|    -------->    |----------- |                           |----------- |
            b. Notify dirty rules

func NewNetworkPolicyController 

func NewNetworkPolicyController(antreaClientGetter agent.AntreaClientProvider,
	ofClient openflow.Client,
	ifaceStore interfacestore.InterfaceStore,
	nodeName string,
	podUpdates <-chan v1beta1.PodReference) *Controller

NewNetworkPolicyController returns a new *Controller.

func (*Controller) GetAddressGroupNum added in v0.3.0 

func (c *Controller) GetAddressGroupNum() int

func (*Controller) GetAddressGroups added in v0.5.0 

func (c *Controller) GetAddressGroups() []v1beta1.AddressGroup

func (*Controller) GetAppliedNetworkPolicies added in v0.6.0 

func (c *Controller) GetAppliedNetworkPolicies(pod, namespace string) []v1beta1.NetworkPolicy

GetAppliedToNetworkPolicies returns the NetworkPolicies applied to the Pod.

func (*Controller) GetAppliedToGroupNum added in v0.3.0 

func (c *Controller) GetAppliedToGroupNum() int

func (*Controller) GetAppliedToGroups added in v0.5.0 

func (c *Controller) GetAppliedToGroups() []v1beta1.AppliedToGroup

func (*Controller) GetControllerConnectionStatus added in v0.3.0 

func (c *Controller) GetControllerConnectionStatus() bool

func (*Controller) GetNetworkPolicies added in v0.5.0 

func (c *Controller) GetNetworkPolicies(namespace string) []v1beta1.NetworkPolicy

GetNetworkPolicies returns the requested NetworkPolicies. If namespace is provided, only NetworkPolicies in the Namespace are returned. If namespace is not provided, NetworkPolicies in all the Namespace are returned.

func (*Controller) GetNetworkPolicy added in v0.6.0 

func (c *Controller) GetNetworkPolicy(npName, npNamespace string) *v1beta1.NetworkPolicy

GetNetworkPolicy looks up and returns the cached NetworkPolicy. nil is returned if the specified NetworkPolicy is not found.

func (*Controller) GetNetworkPolicyNum added in v0.3.0 

func (c *Controller) GetNetworkPolicyNum() int

func (*Controller) Run 

func (c *Controller) Run(stopCh <-chan struct{})

Run begins watching and processing Antrea AddressGroups, AppliedToGroups and NetworkPolicies, and spawns workers that reconciles NetworkPolicy rules. Run will not return until stopCh is closed.

type InitialOFPriorityGetter added in v0.9.0 

type InitialOFPriorityGetter func(p types.Priority) uint16

InitialOFPriorityGetter is a function that will map types.Priority to a specific initial OpenFlow priority in a table. It is used to space out the priorities in the OVS table and provide an initial "guess" on the OpenFlow priority that can be assigned to the input Priority. If that OpenFlow priority is not available, getInsertionPoint of priorityAssigner will then search for the appropriate OpenFlow priority to insert the input Priority.

type Reconciler 

type Reconciler interface {
	// Reconcile reconciles the desired state of the provided CompletedRule
	// with the actual state of Openflow entries.
	Reconcile(rule *CompletedRule) error

	// BatchReconcile reconciles the desired state of the provided CompletedRules
	// with the actual state of Openflow entries in batch. It should only be invoked
	// if all rules are newly added without last realized status.
	BatchReconcile(rules []*CompletedRule) error

	// Forget cleanups the actual state of Openflow entries of the specified ruleID.
	Forget(ruleID string) error
}

Reconciler is an interface that knows how to reconcile the desired state of CompletedRule with the actual state of Openflow entries.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.