Documentation ¶
Index ¶
Constants ¶
View Source
const ( TableFilter = "filter" MainChain = "WEAVE-NPC" DefaultChain = "WEAVE-NPC-DEFAULT" IngressChain = "WEAVE-NPC-INGRESS" EgressChain = "WEAVE-NPC-EGRESS" EgressDefaultChain = "WEAVE-NPC-EGRESS-DEFAULT" EgressCustomChain = "WEAVE-NPC-EGRESS-CUSTOM" EgressMarkChain = "WEAVE-NPC-EGRESS-ACCEPT" EgressMark = "0x40000/0x40000" IpsetNamePrefix = "weave-" LocalIpset = IpsetNamePrefix + "local-pods" )
View Source
const ( // This array: // * Must include only printable UTF8 characters that are represented with a single byte (http://www.utf8-chartable.de/) // * Must be at least of length 85 (`len("weave-") + l(2^160)/l(85)` equals 31, the maximum ipset name length) // * Must not include commas as those are treated specially by `ipset add` when adding a named set to a list:set // * Should not include space for readability // * Should not include invalid chars for XML `<>&"'` // * Should not include single quote or backslash to be nice to shell users ShortNameSymbols = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789(){}[]+=_$%^!*|/?.;:@#~" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IngressIsolationPolicy ¶
type IngressIsolationPolicy string
const ( // Deny all ingress traffic to pods in this namespace. Ingress means // any incoming traffic to pods, whether that be from other pods within this namespace // or any source outside of this namespace. DefaultDeny IngressIsolationPolicy = "DefaultDeny" )
type NamespaceIngressPolicy ¶
type NamespaceIngressPolicy struct { // The isolation policy to apply to pods in this namespace. // Currently this field only supports "DefaultDeny", but could // be extended to support other policies in the future. When set to DefaultDeny, // pods in this namespace are denied ingress traffic by default. When not defined, // the cluster default ingress isolation policy is applied (currently allow all). Isolation *IngressIsolationPolicy `json:"isolation,omitempty"` }
Configuration for ingress to pods within this namespace. For now, this only supports specifying an isolation policy.
type NamespaceNetworkPolicy ¶
type NamespaceNetworkPolicy struct { // Ingress configuration for this namespace. This config is // applied to all pods within this namespace. For now, only // ingress is supported. This field is optional - if not // defined, then the cluster default for ingress is applied. Ingress *NamespaceIngressPolicy `json:"ingress,omitempty"` }
type NamespaceSpec ¶
type NamespaceSpec struct { // This is a pointer so that it can be left undefined. NetworkPolicy *NamespaceNetworkPolicy `json:"networkPolicy,omitempty"` }
Standard NamespaceSpec object, modified to include a new NamespaceNetworkPolicy field.
type NetworkPolicyController ¶
type NetworkPolicyController interface { AddNamespace(ns *coreapi.Namespace) error UpdateNamespace(oldObj, newObj *coreapi.Namespace) error DeleteNamespace(ns *coreapi.Namespace) error AddPod(obj *coreapi.Pod) error UpdatePod(oldObj, newObj *coreapi.Pod) error DeletePod(obj *coreapi.Pod) error AddNetworkPolicy(obj interface{}) error UpdateNetworkPolicy(oldObj, newObj interface{}) error DeleteNetworkPolicy(obj interface{}) error }
func New ¶
func New(nodeName string, ipt iptables.Interface, ips ipset.Interface, clientset kubernetes.Interface) NetworkPolicyController
Source Files ¶
Click to show internal directories.
Click to hide internal directories.