policy

package
v0.0.0-...-262f7ed Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2020 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Overview

* Tencent is pleased to support the open source community by making TKEStack available. * * Copyright (C) 2012-2019 Tencent. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not use * this file except in compliance with the License. You may obtain a copy of the * License at * * https://opensource.org/licenses/Apache-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License.

* Tencent is pleased to support the open source community by making TKEStack available. * * Copyright (C) 2012-2019 Tencent. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not use * this file except in compliance with the License. You may obtain a copy of the * License at * * https://opensource.org/licenses/Apache-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

View Source
var (
	NamePrefix = "GLX"
)

Functions

This section is empty.

Types

type PolicyManager

type PolicyManager struct {
	sync.Mutex
	// contains filtered or unexported fields
}

iptable egress chain topology is like

FORWARD            GLX-POD-XXXX - GLX-PLCY-XXXX
      \           /            \ /
       GLX-EGRESS              /\
      /           \           /  \
INPUT             GLX-POD-XXXX - GLX-PLCY-XXXX

func NewPolicyManager

func NewPolicyManager(
	client kubernetes.Interface,
	networkPolicyInformer networkingformers.NetworkPolicyInformer,
	quitChan <-chan struct{}) *PolicyManager

func (*PolicyManager) AddPod

func (p *PolicyManager) AddPod(pod *corev1.Pod) error

func (*PolicyManager) AddPolicy

func (p *PolicyManager) AddPolicy(policy *networkv1.NetworkPolicy) error

func (*PolicyManager) DeletePod

func (p *PolicyManager) DeletePod(pod *corev1.Pod) error

func (*PolicyManager) DeletePolicy

func (p *PolicyManager) DeletePolicy(policy *networkv1.NetworkPolicy) error

func (*PolicyManager) Run

func (p *PolicyManager) Run()

func (*PolicyManager) SyncPodChains

func (p *PolicyManager) SyncPodChains(pod *corev1.Pod) error

#lizard forgives SyncPodChains ensures GLX-INGRESS/GLX-EGRESS/GLX-POD-XXXX iptable chains are expected

func (*PolicyManager) SyncPodIPInIPSet

func (p *PolicyManager) SyncPodIPInIPSet(pod *corev1.Pod, add bool)

SyncPodIPInIPSet ensures pod ip is expected in each policy's ipset. ipset is already created because we have these policies in memory

func (*PolicyManager) UpdatePod

func (p *PolicyManager) UpdatePod(oldPod, newPod *corev1.Pod) error

func (*PolicyManager) UpdatePolicy

func (p *PolicyManager) UpdatePolicy(oldPolicy, newPolicy *networkv1.NetworkPolicy) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL