Documentation ¶
Index ¶
- Constants
- func AddBridgePolicy(client *unversioned.ExtensionsClient, namespace *api.Namespace, ...) error
- func AddIntraPolicy(client *unversioned.ExtensionsClient, namespace *api.Namespace, ...) error
- func EnactPolicies(client *unversioned.ExtensionsClient, namespace *api.Namespace, ...) error
- func IsolateNamespace(client *unversioned.Client, namespace *api.Namespace, config *utils.Config) error
- func ValidateIsolation(client *unversioned.Client, extClient *unversioned.ExtensionsClient, ...) error
- func ValidateList(client *unversioned.Client, extClient *unversioned.ExtensionsClient, ...) (*api.NamespaceList, error)
- func ValidateNamespace(client *unversioned.Client, extClient *unversioned.ExtensionsClient, ...) error
Constants ¶
View Source
const ( // IngressAnnotationKey key for the network policy annotation in a namespace IngressAnnotationKey = "net.beta.kubernetes.io/network-policy" // IngressAnnotationValue is the policy that belongs to the NetworkPolicy key IngressAnnotationValue = `{"ingress": {"isolation": "DefaultDeny"}}` // IntraPolicyName name of the intra-namespace network policy IntraPolicyName = "allow-intra-namespace" )
Variables ¶
This section is empty.
Functions ¶
func AddBridgePolicy ¶
func AddBridgePolicy(client *unversioned.ExtensionsClient, namespace *api.Namespace, config *utils.Config) error
AddBridgePolicy adds the allow-apigee NetworkPolicy to the given namespace
func AddIntraPolicy ¶
func AddIntraPolicy(client *unversioned.ExtensionsClient, namespace *api.Namespace, config *utils.Config) error
AddIntraPolicy adds the intra-namespace network policy to a given namespace
func EnactPolicies ¶
func EnactPolicies(client *unversioned.ExtensionsClient, namespace *api.Namespace, config *utils.Config) error
EnactPolicies creates the necessary network policies in the given namespace
func IsolateNamespace ¶
func IsolateNamespace(client *unversioned.Client, namespace *api.Namespace, config *utils.Config) error
IsolateNamespace adds the necessary label for network isolation
func ValidateIsolation ¶
func ValidateIsolation(client *unversioned.Client, extClient *unversioned.ExtensionsClient, namespace *api.Namespace, config *utils.Config) error
ValidateIsolation ensures that a namespace excluded by the IgnoreSelector labels is not isolated by congress
func ValidateList ¶
func ValidateList(client *unversioned.Client, extClient *unversioned.ExtensionsClient, list *api.NamespaceList, config *utils.Config) (*api.NamespaceList, error)
ValidateList validates that a list of namespaces conform to network isolation standards
func ValidateNamespace ¶
func ValidateNamespace(client *unversioned.Client, extClient *unversioned.ExtensionsClient, namespace *api.Namespace, config *utils.Config) error
ValidateNamespace validates that a single namespace conforms to network isolation standards
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.