adminnetworkpolicy

package

v0.0.0-...-4cbcd0d Latest Latest Go to latest Published: Apr 30, 2024 License: Apache-2.0 Imports: 40 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ovn-org/ovn-kubernetes

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func GetACLActionForANPRule(action anpapi.AdminNetworkPolicyRuleAction) string
func GetACLActionForBANPRule(action anpapi.BaselineAdminNetworkPolicyRuleAction) string
func GetANPPeerAddrSetDbIDs(name, gressPrefix, gressIndex, controller string, isBanp bool) *libovsdbops.DbObjectIDs
func GetANPPortGroupDbIDs(anpName string, isBanp bool, controller string) *libovsdbops.DbObjectIDs
type Controller
- func NewController(controllerName string, nbClient libovsdbclient.Client, ...) (*Controller, error)
- func (c *Controller) Run(threadiness int, stopCh <-chan struct{})

Constants ¶

View Source

const (
	ANPFlowStartPriority = 30000
	ANPMaxRulesPerObject = 100

	BANPFlowPriority = 1750 // down to 1651 (both inclusive, note that these ACLs will be in tier3)
)

NOTE: Iteration v1 of ANP will only support upto 100 ANPs We will use priority range from 30000 (0) to 20000 (99) ACLs (both inclusive, note that these ACLs will be in tier1) In order to support more in the future, we will need to fix priority range in OVS See https://bugzilla.redhat.com/show_bug.cgi?id=2175752 for more details. NOTE: A cluster can have only BANP at a given time as defined by upstream KEP.

Variables ¶

View Source

var ErrorANPPriorityUnsupported = errors.New("OVNK only supports priority ranges 0-99")

View Source

var ErrorANPWithDuplicatePriority = errors.New("exists with the same priority")

Functions ¶

func GetACLActionForANPRule ¶

func GetACLActionForANPRule(action anpapi.AdminNetworkPolicyRuleAction) string

GetACLActionForANPRule returns the corresponding OVN ACL action for a given ANP rule action

func GetACLActionForBANPRule ¶

func GetACLActionForBANPRule(action anpapi.BaselineAdminNetworkPolicyRuleAction) string

GetACLActionForBANPRule returns the corresponding OVN ACL action for a given BANP rule action

func GetANPPeerAddrSetDbIDs ¶

func GetANPPeerAddrSetDbIDs(name, gressPrefix, gressIndex, controller string, isBanp bool) *libovsdbops.DbObjectIDs

GetANPPeerAddrSetDbIDs will return the dbObjectIDs for a given rule's address-set

func GetANPPortGroupDbIDs ¶

func GetANPPortGroupDbIDs(anpName string, isBanp bool, controller string) *libovsdbops.DbObjectIDs

Types ¶

type Controller ¶

type Controller struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Controller holds the fields required for ANP controller taken from k8s controller guidelines

func NewController ¶

func NewController(
	controllerName string,
	nbClient libovsdbclient.Client,
	anpClient anpclientset.Interface,
	anpInformer anpinformer.AdminNetworkPolicyInformer,
	banpInformer anpinformer.BaselineAdminNetworkPolicyInformer,
	namespaceInformer corev1informers.NamespaceInformer,
	podInformer corev1informers.PodInformer,
	nodeInformer corev1informers.NodeInformer,
	addressSetFactory addressset.AddressSetFactory,
	isPodScheduledinLocalZone func(*v1.Pod) bool,
	zone string,
	recorder record.EventRecorder) (*Controller, error)

NewController returns a new *Controller.

func (*Controller) Run ¶

func (c *Controller) Run(threadiness int, stopCh <-chan struct{})

Run will not return until stopCh is closed. workers determines how many objects (pods, namespaces, anps, banps) will be handled in parallel.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL