Documentation ¶
Index ¶
- type Config
- func (s *Config) ACLProvider() provider.IptablesProvider
- func (s *Config) CleanUp() error
- func (s *Config) Run(ctx context.Context) error
- func (s *Config) SetTargetNetworks(networks []string) error
- func (s *Config) Supervise(contextID string, pu *policy.PUInfo) error
- func (s *Config) Unsupervise(contextID string) error
- type Implementor
- type Supervisor
- type TestSupervisor
- type TestSupervisorInst
- func (m *TestSupervisorInst) AddExcludedIPs(ips []string) error
- func (m *TestSupervisorInst) MockAddExcludedIPs(t *testing.T, impl func(ip []string) error)
- func (m *TestSupervisorInst) MockSetTargetNetworks(t *testing.T, impl func(networks []string) error)
- func (m *TestSupervisorInst) MockStart(t *testing.T, impl func() error)
- func (m *TestSupervisorInst) MockStop(t *testing.T, impl func() error)
- func (m *TestSupervisorInst) MockSupervise(t *testing.T, impl func(contextID string, puInfo *policy.PUInfo) error)
- func (m *TestSupervisorInst) MockUnsupervise(t *testing.T, impl func(contextID string) error)
- func (m *TestSupervisorInst) SetTargetNetworks(networks []string) error
- func (m *TestSupervisorInst) Start() error
- func (m *TestSupervisorInst) Stop() error
- func (m *TestSupervisorInst) Supervise(contextID string, puInfo *policy.PUInfo) error
- func (m *TestSupervisorInst) Unsupervise(contextID string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
Config is the structure holding all information about the supervisor
func NewSupervisor ¶
func NewSupervisor(collector collector.EventCollector, enforcerInstance enforcer.Enforcer, mode constants.ModeType, networks []string, p packetprocessor.PacketProcessor) (*Config, error)
NewSupervisor will create a new connection supervisor that uses IPTables to redirect specific packets to userspace. It instantiates multiple data stores to maintain efficient mappings between contextID, policy and IP addresses. This simplifies the lookup operations at the expense of memory.
func (*Config) ACLProvider ¶
func (s *Config) ACLProvider() provider.IptablesProvider
ACLProvider returns the ACL provider used by the supervisor that can be shared with other entities.
func (*Config) SetTargetNetworks ¶
SetTargetNetworks sets the target networks of the supervisor
func (*Config) Supervise ¶
Supervise creates a mapping between an IP address and the corresponding labels. it invokes the various handlers that process the parameter policy.
func (*Config) Unsupervise ¶
Unsupervise removes the mapping from cache and cleans up the iptable rules. ALL remove operations will print errors by they don't return error. We want to force as much cleanup as possible to avoid stale state
type Implementor ¶
type Implementor interface { // ConfigureRules configures the rules in the ACLs and datapath ConfigureRules(version int, contextID string, containerInfo *policy.PUInfo) error // UpdateRules updates the rules with a new version UpdateRules(version int, contextID string, containerInfo *policy.PUInfo, oldContainerInfo *policy.PUInfo) error // DeleteRules DeleteRules(version int, context string, tcpPorts, udpPorts string, mark string, uid string, proxyPort string, isHostMode bool) error // SetTargetNetworks sets the target networks of the supervisor SetTargetNetworks([]string, []string) error // Start initializes any defaults Run(ctx context.Context) error // CleanUp requests the implementor to clean up all ACLs CleanUp() error // ACLProvider returns the ACL provider used by the implementor ACLProvider() provider.IptablesProvider }
Implementor is the interface of the implementation based on iptables, ipsets, remote etc
type Supervisor ¶
type Supervisor interface { // Supervise adds a new supervised processing unit. Supervise(contextID string, puInfo *policy.PUInfo) error // Unsupervise unsupervises the given PU Unsupervise(contextID string) error // Start starts the Supervisor. Run(ctx context.Context) error // SetTargetNetworks sets the target networks of the supervisor SetTargetNetworks([]string) error // CleanUp requests the supervisor to clean up all ACLs CleanUp() error }
A Supervisor is implementing the node control plane that captures the packets.
type TestSupervisor ¶
type TestSupervisor interface { Supervisor MockSupervise(t *testing.T, impl func(contextID string, puInfo *policy.PUInfo) error) MockUnsupervise(t *testing.T, impl func(contextID string) error) MockStart(t *testing.T, impl func() error) MockStop(t *testing.T, impl func() error) MockAddExcludedIPs(t *testing.T, impl func(ips []string) error) MockSetTargetNetworks(t *testing.T, impl func(networks []string) error) }
TestSupervisor is a test implementation for IptablesProvider
type TestSupervisorInst ¶
type TestSupervisorInst struct {
// contains filtered or unexported fields
}
A TestSupervisorInst is an empty TransactionalManipulator that can be easily mocked.
func NewTestSupervisor ¶
func NewTestSupervisor() *TestSupervisorInst
NewTestSupervisor returns a new TestManipulator.
func (*TestSupervisorInst) AddExcludedIPs ¶
func (m *TestSupervisorInst) AddExcludedIPs(ips []string) error
AddExcludedIPs is a test implementation of the AddExcludedIPs interface
func (*TestSupervisorInst) MockAddExcludedIPs ¶
func (m *TestSupervisorInst) MockAddExcludedIPs(t *testing.T, impl func(ip []string) error)
MockAddExcludedIPs mocks AddExcludedIPs
func (*TestSupervisorInst) MockSetTargetNetworks ¶
func (m *TestSupervisorInst) MockSetTargetNetworks(t *testing.T, impl func(networks []string) error)
MockSetTargetNetworks mocks the SetTargetNetworks method
func (*TestSupervisorInst) MockStart ¶
func (m *TestSupervisorInst) MockStart(t *testing.T, impl func() error)
MockStart mocks the Start method
func (*TestSupervisorInst) MockStop ¶
func (m *TestSupervisorInst) MockStop(t *testing.T, impl func() error)
MockStop mocks the Stop method
func (*TestSupervisorInst) MockSupervise ¶
func (m *TestSupervisorInst) MockSupervise(t *testing.T, impl func(contextID string, puInfo *policy.PUInfo) error)
MockSupervise mocks the Supervise method
func (*TestSupervisorInst) MockUnsupervise ¶
func (m *TestSupervisorInst) MockUnsupervise(t *testing.T, impl func(contextID string) error)
MockUnsupervise mocks the unsupervise method
func (*TestSupervisorInst) SetTargetNetworks ¶
func (m *TestSupervisorInst) SetTargetNetworks(networks []string) error
SetTargetNetworks is a test implementation of the SetTargetNetworks interface method
func (*TestSupervisorInst) Start ¶
func (m *TestSupervisorInst) Start() error
Start is a test implementation of the Start interface method
func (*TestSupervisorInst) Stop ¶
func (m *TestSupervisorInst) Stop() error
Stop is a test implementation of the Stop interface method
func (*TestSupervisorInst) Supervise ¶
func (m *TestSupervisorInst) Supervise(contextID string, puInfo *policy.PUInfo) error
Supervise is a test implementation of the Supervise interface
func (*TestSupervisorInst) Unsupervise ¶
func (m *TestSupervisorInst) Unsupervise(contextID string) error
Unsupervise is a test implementation of the Unsupervise interface
Directories ¶
Path | Synopsis |
---|---|
Package mocksupervisor is a generated GoMock package.
|
Package mocksupervisor is a generated GoMock package. |
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
|
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call. |