npc

package
v2.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TableFilter = "filter"

	MainChain    = "WEAVE-NPC"
	DefaultChain = "WEAVE-NPC-DEFAULT"
	IngressChain = "WEAVE-NPC-INGRESS"

	IpsetNamePrefix = "weave-"

	LocalIpset = IpsetNamePrefix + "local-pods"
)
View Source
const (
	// This array:
	// * Must include only printable UTF8 characters that are represented with a single byte (http://www.utf8-chartable.de/)
	// * Must be at least of length 85 (`len("weave-") + l(2^160)/l(85)` equals 31, the maximum ipset name length)
	// * Must not include commas as those are treated specially by `ipset add` when adding a named set to a list:set
	// * Should not include space for readability
	// * Should not include invalid chars for XML `<>&"'`
	// * Should not include single quote or backslash to be nice to shell users
	ShortNameSymbols = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789(){}[]+=_$%^!*|/?.;:@#~"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type IngressIsolationPolicy

type IngressIsolationPolicy string
const (
	// Deny all ingress traffic to pods in this namespace. Ingress means
	// any incoming traffic to pods, whether that be from other pods within this namespace
	// or any source outside of this namespace.
	DefaultDeny IngressIsolationPolicy = "DefaultDeny"
)

type NamespaceIngressPolicy

type NamespaceIngressPolicy struct {
	// The isolation policy to apply to pods in this namespace.
	// Currently this field only supports "DefaultDeny", but could
	// be extended to support other policies in the future.  When set to DefaultDeny,
	// pods in this namespace are denied ingress traffic by default.  When not defined,
	// the cluster default ingress isolation policy is applied (currently allow all).
	Isolation *IngressIsolationPolicy `json:"isolation,omitempty"`
}

Configuration for ingress to pods within this namespace. For now, this only supports specifying an isolation policy.

type NamespaceNetworkPolicy

type NamespaceNetworkPolicy struct {
	// Ingress configuration for this namespace.  This config is
	// applied to all pods within this namespace. For now, only
	// ingress is supported.  This field is optional - if not
	// defined, then the cluster default for ingress is applied.
	Ingress *NamespaceIngressPolicy `json:"ingress,omitempty"`
}

type NamespaceSpec

type NamespaceSpec struct {
	// This is a pointer so that it can be left undefined.
	NetworkPolicy *NamespaceNetworkPolicy `json:"networkPolicy,omitempty"`
}

Standard NamespaceSpec object, modified to include a new NamespaceNetworkPolicy field.

type NetworkPolicyController

type NetworkPolicyController interface {
	AddNamespace(ns *coreapi.Namespace) error
	UpdateNamespace(oldObj, newObj *coreapi.Namespace) error
	DeleteNamespace(ns *coreapi.Namespace) error

	AddPod(obj *coreapi.Pod) error
	UpdatePod(oldObj, newObj *coreapi.Pod) error
	DeletePod(obj *coreapi.Pod) error

	AddNetworkPolicy(obj interface{}) error
	UpdateNetworkPolicy(oldObj, newObj interface{}) error
	DeleteNetworkPolicy(obj interface{}) error
}

func New

func New(nodeName string, legacy bool, ipt iptables.Interface, ips ipset.Interface) NetworkPolicyController

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL