Documentation
¶
Overview ¶
Package types contains common types in the antrea-controller.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateNormalizedName ¶ added in v1.6.0
func GenerateNormalizedName(namespace string, podSelector, nsSelector, eeSelector labels.Selector, nodeSelector labels.Selector) string
GenerateNormalizedName generates a string, based on the selectors, in the following format: "namespace=NamespaceName And podSelector=normalizedPodSelector". Note: Namespace and nsSelector may or may not be set depending on the selector. However, they cannot be set simultaneously.
Types ¶
type AddressGroup ¶
type AddressGroup struct {
SpanMeta
// UID is generated from the hash value of GroupSelector.NormalizedName.
// In case the AddressGroup is created for a ClusterGroup, the UID is
// that of the corresponding ClusterGroup.
UID types.UID
// Name of this group, currently it's same as UID.
Name string
// Selector describes how the group selects pods to get their addresses.
Selector GroupSelector
// GroupMembers is a set of GroupMembers selected by this group.
// It will be converted to a slice of GroupMember for transferring according
// to client's selection.
GroupMembers controlplane.GroupMemberSet
}
AddressGroup describes a set of addresses used as source or destination of Network Policy rules.
type AppliedToGroup ¶
type AppliedToGroup struct {
SpanMeta
// If the AppliedToGroup is created from GroupSelector, UID is generated from the hash value of GroupSelector.NormalizedName.
// If the AppliedToGroup is created for a ClusterGroup, the UID is that of the corresponding ClusterGroup.
// If the AppliedToGroup is created for a Service, the UID is generated from the hash value of NamespacedName of the Service.
UID types.UID
// Name of this group, currently it's same as UID.
Name string
// Selector describes how the group selects pods.
// Selector can't be used with Service.
Selector *GroupSelector
// Service refers to the Service this group selects. Only a NodePort type Service
// can be referred by this field.
// Service can't be used with Selector.
Service *controlplane.ServiceReference
// GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node,
// either GroupMembers or ExternalEntity on the external node.
// It will be converted to a slice of GroupMember for transferring according
// to client's selection.
GroupMemberByNode map[string]controlplane.GroupMemberSet
// SyncError is the Error encountered when syncing this AppliedToGroup.
SyncError error
}
AppliedToGroup describes a set of GroupMembers or a Service to apply Network Policies to.
type EgressGroup ¶
type EgressGroup struct {
SpanMeta
// UID of this EgressGroup, it's same as the UID of the Egress.
UID types.UID
// Name of this EgressGroup, it's same as the name of the Egress.
Name string
// GroupMemberByNode is a mapping from nodeName to a set of GroupMembers on the Node.
// It will be converted to a slice of GroupMember for transferring according to client's selection.
GroupMemberByNode map[string]controlplane.GroupMemberSet
}
EgressGroup describes a set of GroupMembers to apply Egress to. TODO: Unify it with NetworkPolicy AppliedToGroup.
type Group ¶
type Group struct {
// UID is a unique identifier of this internal Group. It is same as that of the ClusterGroup
// resource UID.
UID types.UID
// Reference of the ClusterGroup/Group for which this internal Group is created.
SourceReference *controlplane.GroupReference
// MembersComputed knows whether the controller has computed the comprehensive members
// of the Group. It is updated during the syncInternalGroup process.
MembersComputed v1.ConditionStatus
// Selector describes how the internal group selects Pods to get their addresses.
// Selector is nil if Group is defined with ipBlock, or if it has ServiceReference
// and has not been processed by the controller yet / Service cannot be found.
Selector *GroupSelector
IPBlocks []controlplane.IPBlock
// ServiceReference is reference to a v1.Service, which this Group keeps in sync
// and updates Selector based on the Service's selector.
ServiceReference *controlplane.ServiceReference
// ChildGroups is the list of Group names that belong to this Group.
ChildGroups []string
}
Group describes a set of GroupMembers which can be referenced in Antrea-native NetworkPolicies. These Groups can then be converted to AppliedToGroup or AddressGroup. Each internal Group corresponds to a single ClusterGroup, i.e. unlike AppliedTo/AddressGroups created for standalone selectors, these internal Groups are not shared by ClusterGroups created with same selectors.
type GroupSelector ¶
type GroupSelector struct {
// The normalized name is calculated from Namespace, PodSelector, ExternalEntitySelector and NamespaceSelector.
// If multiple policies have same standalone selectors, they should share this group by comparing NormalizedName.
// It's also used to generate Name and UUID of AddressGroup or AppliedToGroup.
// Internal Groups corresponding to the ClusterGroups use the NormalizedName to detect if there is a change in
// the selectors.
NormalizedName string
// If Namespace is set, NamespaceSelector can not be set. It means only GroupMembers in this Namespace will be matched.
Namespace string
// This is a label selector which selects GroupMembers. If Namespace is also set, it selects the GroupMembers in the Namespace.
// If NamespaceSelector is set instead, it selects the GroupMembers in the Namespaces selected by NamespaceSelector.
// If Namespace and NamespaceSelector both are unset, it selects the GroupMembers in all the Namespaces.
PodSelector labels.Selector
// This is a label selector which selects Namespaces. If this field is set, Namespace can not be set.
NamespaceSelector labels.Selector
// This is a label selector which selects ExternalEntities. Within a group, ExternalEntitySelector cannot be
// set concurrently with PodSelector. If Namespace is also set, it selects the ExternalEntities in the Namespace.
// If NamespaceSelector is set instead, it selects ExternalEntities in the Namespaces selected by NamespaceSelector.
// If Namespace and NamespaceSelector both are unset, it selects the ExternalEntities in all the Namespaces.
// TODO: Add validation in API to not allow externalEntitySelector and podSelector in the same group.
ExternalEntitySelector labels.Selector
// This is a label selector which selects certain Node IPs. Within a group NodeSelector cannot be set together with
// other selectors: Namespace/NamespaceSelector/PodSelector/ExternalEntitySelector.
NodeSelector labels.Selector
}
GroupSelector describes how to select GroupMembers.
func NewGroupSelector ¶
func NewGroupSelector(namespace string, podSelector, nsSelector, extEntitySelector, nodeSelector *metav1.LabelSelector) *GroupSelector
NewGroupSelector converts the podSelector, namespaceSelector, externalEntitySelector and nodeSelector and NetworkPolicy Namespace to a networkpolicy.GroupSelector object.
type NetworkPolicy ¶
type NetworkPolicy struct {
SpanMeta
// UID of the internal NetworkPolicy.
UID types.UID
// Name of the internal Network Policy, must be unique across all Network Policy types.
Name string
// Generation of the internal Network Policy. It's inherited from the original Network Policy.
Generation int64
// Reference to the original Network Policy.
SourceRef *controlplane.NetworkPolicyReference
// Priority represents the relative priority of this NetworkPolicy as compared to
// other NetworkPolicies. Priority will be unset (nil) for K8s NetworkPolicy.
Priority *float64
// Rules is a list of rules to be applied to the selected GroupMembers.
Rules []controlplane.NetworkPolicyRule
// AppliedToGroups is a list of names of AppliedToGroups to which this policy applies.
AppliedToGroups []string
// TierPriority represents the priority of the Tier associated with this Network
// Policy.
TierPriority *int32
// AppliedToPerRule tracks if appliedTo is set per rule basis rather than in policy spec.
// Must be false for K8s NetworkPolicy.
AppliedToPerRule bool
// SyncError is the Error encountered when syncing this NetworkPolicy.
SyncError error
}
NetworkPolicy describes what network traffic is allowed for a set of GroupMembers.
func (*NetworkPolicy) GetAddressGroups ¶ added in v1.7.3
func (p *NetworkPolicy) GetAddressGroups() sets.String
GetAddressGroups returns AddressGroups used by this NetworkPolicy.
func (*NetworkPolicy) GetAppliedToGroups ¶ added in v1.7.3
func (p *NetworkPolicy) GetAppliedToGroups() sets.String
GetAppliedToGroups returns AppliedToGroups used by this NetworkPolicy.
type SpanMeta ¶
type SpanMeta struct {
// NodeNames is a set of node names that this object should be sent to.
// nil means it's not calculated yet while empty set means the span is 0 Node.
NodeNames sets.String
}
SpanMeta describes the span information of an object.
type SupportBundleCollection ¶ added in v1.10.0
type SupportBundleCollection struct {
SpanMeta
// UID of the internal SupportBundleCollection.
UID types.UID
// Name of the internal SupportBundleCollection, must be unique across all Support Bundle types
Name string
ExpiredAt metav1.Time
SinceTime string
FileServer v1alpha1.BundleFileServer
Authentication controlplane.BundleServerAuthConfiguration
}
Source Files
Click to show internal directories.
Click to hide internal directories.