Documentation ¶
Index ¶
- Constants
- Variables
- func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})
- func GenerateCloudDescription(namespacedName string, appliedToGroup string) (string, error)
- func GetControllerAddressGroupPrefix() string
- func GetControllerAppliedToPrefix() string
- func IsNepheControllerCreatedSG(cloudSgName string) (string, bool, bool)
- func SetCloudResourcePrefix(CloudResourcePrefix string)
- type CloudResource
- type CloudResourceID
- type CloudResourceType
- type CloudRule
- type CloudRuleDescription
- type CloudSecurityGroupAPI
- type EgressRule
- type IngressRule
- type Rule
- type SynchronizationContent
Constants ¶
View Source
const ( // Used to create a rule description. Name = "Name" Namespace = "Namespace" AppliedToGroup = "AppliedToGroup" )
Variables ¶
View Source
var ( ControllerPrefix string ControllerAddressGroupPrefix string ControllerAppliedToPrefix string )
View Source
var ( CloudResourceTypeVM = CloudResourceType(reflect.TypeOf(crdv1alpha1.VirtualMachine{}).Name()) CloudResourceTypeNIC = CloudResourceType(reflect.TypeOf(crdv1alpha1.NetworkInterface{}).Name()) )
View Source
var ProtocolNameNumMap = map[string]int{
"icmp": 1,
"igmp": 2,
"tcp": 6,
"udp": 17,
"icmpv6": 58,
}
Functions ¶
func FindResourcesBasedOnKind ¶
func FindResourcesBasedOnKind(cloudResources []*CloudResource) (map[string]struct{}, map[string]struct{})
func GenerateCloudDescription ¶ added in v0.4.0
GenerateCloudDescription generates a CloudRuleDescription object and converts to string.
func GetControllerAddressGroupPrefix ¶ added in v0.4.0
func GetControllerAddressGroupPrefix() string
func GetControllerAppliedToPrefix ¶ added in v0.4.0
func GetControllerAppliedToPrefix() string
func IsNepheControllerCreatedSG ¶
IsNepheControllerCreatedSG checks an SG is created by nephe and returns if it's an AppliedToGroup/AddressGroup sg and the sg name.
func SetCloudResourcePrefix ¶ added in v0.4.0
func SetCloudResourcePrefix(CloudResourcePrefix string)
Types ¶
type CloudResource ¶
type CloudResource struct { Type CloudResourceType CloudResourceID AccountID string CloudProvider string }
CloudResource uniquely identify a cloud resource.
func (*CloudResource) String ¶
func (c *CloudResource) String() string
type CloudResourceID ¶
func (*CloudResourceID) GetCloudName ¶
func (c *CloudResourceID) GetCloudName(membershipOnly bool) string
func (*CloudResourceID) String ¶
func (c *CloudResourceID) String() string
type CloudResourceType ¶
type CloudResourceType string
CloudResourceType specifies the type of cloud resource.
type CloudRule ¶ added in v0.3.0
type CloudRuleDescription ¶ added in v0.4.0
func ExtractCloudDescription ¶ added in v0.4.0
func ExtractCloudDescription(description *string) (*CloudRuleDescription, bool)
ExtractCloudDescription converts a string to a CloudRuleDescription object.
func (*CloudRuleDescription) String ¶ added in v0.4.0
func (r *CloudRuleDescription) String() string
type CloudSecurityGroupAPI ¶
type CloudSecurityGroupAPI interface { // CreateSecurityGroup request to create SecurityGroup name. // membershipOnly is true if the SecurityGroup is used for membership tracking, not // applying ingress/egress rules. // Caller expects to wait on returned channel for status CreateSecurityGroup(name *CloudResource, membershipOnly bool) <-chan error // UpdateSecurityGroupRules updates SecurityGroup name's ingress/egress rules in entirety. // SecurityGroup name must already been created. SecurityGroups referred to in ingressRules and // egressRules must have been already created. UpdateSecurityGroupRules(name *CloudResource, addRules, rmRules, allRules []*CloudRule) <-chan error // UpdateSecurityGroupMembers updates SecurityGroup name with members. // SecurityGroup name must already have been created. // For appliedSecurityGroup, UpdateSecurityGroupMembers is called only if SG has // rules configured. UpdateSecurityGroupMembers(name *CloudResource, members []*CloudResource, membershipOnly bool) <-chan error // DeleteSecurityGroup deletes SecurityGroup name. // SecurityGroup name must already been created, is empty. DeleteSecurityGroup(name *CloudResource, membershipOnly bool) <-chan error // GetSecurityGroupSyncChan returns a channel that networkPolicy controller waits on to retrieve complete SGs // configured by cloud plug-in. // Usage patterns: // 1. Controller calls it at initialization to obtains the channel. // 2. Controller waits on channel returned in 1, and expects that when channel wakes up it return the entire SGs configured. // 3. Plug-in shall wake up the channel initially after sync up with the cloud; and then periodically. // 4. Controller, upon receive entire SGs set, proceed to reconcile between K8s configuration and cloud configuration. // This API ensures cloud plug-in stays stateless. // - Correct SGs accidentally changed by customers via cloud API/console directly. GetSecurityGroupSyncChan() <-chan SynchronizationContent }
CloudSecurityGroupAPI declares interface to program cloud security groups.
var ( // CloudSecurityGroup is global entry point to configure cloud specific security group. CloudSecurityGroup CloudSecurityGroupAPI )
type EgressRule ¶
type EgressRule struct { ToPort *int ToDstIP []*net.IPNet ToSecurityGroups []*CloudResourceID Protocol *int }
EgressRule specifies one egress rule of cloud SecurityGroup.
type IngressRule ¶
type IngressRule struct { FromPort *int FromSrcIP []*net.IPNet FromSecurityGroups []*CloudResourceID Protocol *int }
IngressRule specifies one ingress rule of cloud SecurityGroup.
type SynchronizationContent ¶
type SynchronizationContent struct { Resource CloudResource MembershipOnly bool Members []CloudResource MembersWithOtherSGAttached []CloudResource IngressRules []IngressRule EgressRules []EgressRule }
SynchronizationContent returns a SecurityGroup content in cloud.
Click to show internal directories.
Click to hide internal directories.