Documentation ¶
Index ¶
- Constants
- type ACLPolicy
- type Direction
- type NPMNetworkPolicy
- type PolicyManager
- func (pMgr *PolicyManager) AddPolicy(policy *NPMNetworkPolicy, endpointList []string) error
- func (pMgr *PolicyManager) GetPolicy(name string) (*NPMNetworkPolicy, bool)
- func (pMgr *PolicyManager) PolicyExists(name string) bool
- func (pMgr *PolicyManager) RemovePolicy(name string, endpointList []string) error
- type PolicyMap
- type Ports
- type Protocol
- type SetInfo
- type Verdict
Constants ¶
View Source
const ( // Ingress when packet is entering a container Ingress Direction = "IN" // Egress when packet is leaving a container Egress Direction = "OUT" // Both applies to both directions Both Direction = "BOTH" // Allowed is accept in linux Allowed Verdict = "ALLOW" // Dropped is denying a flow Dropped Verdict = "DROP" // TCP Protocol TCP Protocol = "tcp" // UDP Protocol UDP Protocol = "udp" // SCTP Protocol SCTP Protocol = "sctp" // ICMP Protocol ICMP Protocol = "icmp" // AnyProtocol can be used for all other protocols AnyProtocol Protocol = "any" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACLPolicy ¶
type ACLPolicy struct { // PolicyID is the rules name with a given network policy PolicyID string // Comment is the string attached to rule to identity its representation Comment string // SrcList source IPSets condition setinfos SrcList []SetInfo // DstList destination IPSets condition setinfos DstList []SetInfo // Target defines a target in iptables for linux. i,e, Mark, Accept, Drop // in windows, this is either ALLOW or DENY Target Verdict // Direction defines the flow of traffic Direction Direction // SrcPorts holds the source port information SrcPorts []Ports // DstPorts holds the destination port information DstPorts []Ports // Protocol is the value of traffic protocol Protocol Protocol }
ACLPolicy equivalent to a single iptable rule in linux or a single HNS rule in windows
type NPMNetworkPolicy ¶
type NPMNetworkPolicy struct { Name string // PodSelectorIPSets holds all the IPSets generated from Pod Selector PodSelectorIPSets []*ipsets.TranslatedIPSet // RuleIPSets holds all IPSets generated from policy's rules // and not from pod selector IPSets // RuleIPSets []*ipsets.TranslatedIPSet ACLs []*ACLPolicy // podIP is key and endpoint ID as value // Will be populated by dataplane and policy manager PodEndpoints map[string]string RawNP *networkingv1.NetworkPolicy }
type PolicyManager ¶
type PolicyManager struct {
// contains filtered or unexported fields
}
func NewPolicyManager ¶
func NewPolicyManager(ioShim *common.IOShim) *PolicyManager
func (*PolicyManager) AddPolicy ¶ added in v1.4.13
func (pMgr *PolicyManager) AddPolicy(policy *NPMNetworkPolicy, endpointList []string) error
func (*PolicyManager) GetPolicy ¶
func (pMgr *PolicyManager) GetPolicy(name string) (*NPMNetworkPolicy, bool)
func (*PolicyManager) PolicyExists ¶
func (pMgr *PolicyManager) PolicyExists(name string) bool
func (*PolicyManager) RemovePolicy ¶
func (pMgr *PolicyManager) RemovePolicy(name string, endpointList []string) error
type SetInfo ¶
type SetInfo struct { IPSet *ipsets.IPSetMetadata Included bool MatchType string // match type can be “src”, “src,dst” or “dst,dst” etc }
SetInfo helps capture additional details in a matchSet example match set in linux:
! azure-npm-123 src,src
"!" this indicates a negative match of an IPset for src,src Included flag captures the negative or positive match MatchType captures match flags
Click to show internal directories.
Click to hide internal directories.