networkpolicies

package
v0.0.0-...-44ba42e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2019 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 6 Imported by: 0

Documentation

Overview

Package networkpolicies contain all network policies for various providers.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// KubeControllerManagerInfoSecured points to cloud-agnostic kube-apiserver.
	KubeAPIServerInfo = &SourcePod{
		Ports: NewSinglePort(443),
		Pod: NewPod("kube-apiserver", labels.Set{
			"app":  "kubernetes",
			"role": "apiserver",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-kube-apiserver",
			"allow-to-dns",
			"allow-to-public-networks",
			"allow-to-private-networks",
			"allow-to-shoot-networks",
			"deny-all",
		),
	}

	// KubeControllerManagerInfoSecured points to cloud-agnostic kube-controller-manager running on HTTPS port.
	KubeControllerManagerInfoSecured = &SourcePod{
		Ports: NewSinglePort(10257),
		Pod: NewPod("kube-controller-manager-https", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "controller-manager",
		}, ">= 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-to-public-networks",
			"allow-to-private-networks",
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-blocked-cidrs",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// KubeControllerManagerInfoSecured points to cloud-agnostic kube-controller-manager running on HTTP port.
	KubeControllerManagerInfoNotSecured = &SourcePod{
		Ports: NewSinglePort(10252),
		Pod: NewPod("kube-controller-manager-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "controller-manager",
		}, "< 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-to-public-networks",
			"allow-to-private-networks",
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-blocked-cidrs",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// KubeSchedulerInfoSecured points to cloud-agnostic kube-scheduler running on HTTPS port.
	KubeSchedulerInfoSecured = &SourcePod{
		Ports: NewSinglePort(10259),
		Pod: NewPod("kube-scheduler-https", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "scheduler",
		}, ">= 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-shoot-apiserver",
			"allow-to-dns",
			"deny-all",
		),
	}

	// KubeSchedulerInfoNotSecured points to cloud-agnostic kube-scheduler running on HTTP port.
	KubeSchedulerInfoNotSecured = &SourcePod{
		Ports: NewSinglePort(10251),
		Pod: NewPod("kube-scheduler-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "scheduler",
		}, "< 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-shoot-apiserver",
			"allow-to-dns",
			"deny-all",
		),
	}

	// EtcdMainInfo points to cloud-agnostic etcd-main instance.
	EtcdMainInfo = &SourcePod{
		Ports: NewSinglePort(2379),
		Pod: NewPod("etcd-main", labels.Set{
			"app":                     "etcd-statefulset",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "main",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-etcd",
			"allow-to-dns",
			"allow-to-public-networks",
			"allow-to-private-networks",
			"deny-all",
		),
	}

	// EtcdMainInfo points to cloud-agnostic etcd-main instance.
	EtcdEventsInfo = &SourcePod{
		Ports: NewSinglePort(2379),
		Pod: NewPod("etcd-events", labels.Set{
			"app":                     "etcd-statefulset",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "events",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-etcd",
			"allow-to-dns",
			"allow-to-public-networks",
			"allow-to-private-networks",
			"deny-all",
		),
	}

	// CloudControllerManagerInfoNotSecured points to cloud-agnostic cloud-controller-manager running on HTTP port.
	CloudControllerManagerInfoNotSecured = &SourcePod{
		Ports: NewSinglePort(10253),
		Pod: NewPod("cloud-controller-manager-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "cloud-controller-manager",
		}, "< 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-shoot-apiserver",
			"allow-to-dns",
			"allow-to-public-networks",
			"deny-all",
		),
	}

	// CloudControllerManagerInfoSecured points to cloud-agnostic cloud-controller-manager running on HTTPS port.
	CloudControllerManagerInfoSecured = &SourcePod{
		Ports: NewSinglePort(10258),
		Pod: NewPod("cloud-controller-manager-https", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "cloud-controller-manager",
		}, ">= 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-shoot-apiserver",
			"allow-to-dns",
			"allow-to-public-networks",
			"deny-all",
		),
	}

	// ElasticSearchInfo points to cloud-agnostic elasticsearch instance.
	ElasticSearchInfo = &SourcePod{
		Ports: []Port{
			{Name: "http", Port: 9200},
			{Name: "metrics", Port: 9114},
		},
		Pod: NewPod("elasticsearch-logging", labels.Set{
			"app":                     "elasticsearch-logging",
			"garden.sapcloud.io/role": "logging",
			"role":                    "logging",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-elasticsearch",
			"deny-all",
		),
	}

	// GrafanaInfo points to cloud-agnostic grafana instance.
	GrafanaInfo = &SourcePod{
		Ports: NewSinglePort(3000),
		Pod: NewPod("grafana", labels.Set{
			"component":               "grafana",
			"garden.sapcloud.io/role": "monitoring",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-grafana",
			"allow-to-dns",
			"deny-all",
		),
	}

	// KibanaInfo points to cloud-agnostic kibana instance.
	KibanaInfo = &SourcePod{
		Ports: NewSinglePort(5601),
		Pod: NewPod("kibana-logging", labels.Set{
			"app":                     "kibana-logging",
			"garden.sapcloud.io/role": "logging",
			"role":                    "logging",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-kibana",
			"allow-to-dns",
			"allow-to-elasticsearch",
			"deny-all",
		),
	}

	// KubeStateMetricsSeedInfo points to cloud-agnostic kube-state-metrics-seed instance.
	KubeStateMetricsSeedInfo = &SourcePod{
		Ports: NewSinglePort(8080),
		Pod: NewPod("kube-state-metrics-seed", labels.Set{
			"component":               "kube-state-metrics",
			"garden.sapcloud.io/role": "monitoring",
			"type":                    "seed",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-seed-apiserver",
			"deny-all",
		),
	}

	// KubeStateMetricsShootInfo points to cloud-agnostic kube-state-metrics-shoot instance.
	KubeStateMetricsShootInfo = &SourcePod{
		Ports: NewSinglePort(8080),
		Pod: NewPod("kube-state-metrics-shoot", labels.Set{
			"component":               "kube-state-metrics",
			"garden.sapcloud.io/role": "monitoring",
			"type":                    "shoot",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// MachineControllerManagerInfo points to cloud-agnostic machine-controller-manager instance.
	MachineControllerManagerInfo = &SourcePod{
		Ports: NewSinglePort(10258),
		Pod: NewPod("machine-controller-manager", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "machine-controller-manager",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-public-networks",
			"allow-to-private-networks",
			"allow-to-seed-apiserver",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// PrometheusInfo points to cloud-agnostic prometheus instance.
	PrometheusInfo = &SourcePod{
		Ports: NewSinglePort(9090),
		Pod: NewPod("prometheus", labels.Set{
			"app":                     "prometheus",
			"garden.sapcloud.io/role": "monitoring",
			"role":                    "monitoring",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-prometheus",
			"allow-to-dns",
			"allow-to-public-networks",
			"allow-to-seed-apiserver",
			"allow-to-shoot-apiserver",
			"allow-to-shoot-networks",
			"deny-all",
		),
	}

	// AddonManagerInfo points to kube-addon-manager instance.
	AddonManagerInfo = &SourcePod{
		Pod: NewPod("kube-addon-manager", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "addon-manager",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// DependencyWatchdog points to dependency-watchdog instance.
	DependencyWatchdog = &SourcePod{
		Pod: NewPod("dependency-watchdog", labels.Set{
			"role": "dependency-watchdog",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-to-dns",
			"allow-to-seed-apiserver",
			"deny-all",
		),
	}

	// AddonManagerInfo points to busybox instance.
	BusyboxInfo = &SourcePod{
		Pod: NewPod("busybox", labels.Set{
			"app":  "busybox",
			"role": "testing",
		}),
	}

	// ExternalHost points external host.
	ExternalHost = &Host{
		Description: "External host",
		HostName:    "8.8.8.8",
		Port:        53,
	}

	// SeedKubeAPIServer points the Seed Kube APIServer.
	SeedKubeAPIServer = &Host{
		Description: "Seed Kube APIServer",
		HostName:    "kubernetes.default",
		Port:        443,
	}

	// GardenPrometheus points the Gardener Prometheus running in the seed cluster.
	GardenPrometheus = &Host{
		Description: "Garden Prometheus",
		HostName:    "prometheus-web.garden",
		Port:        80,
	}
)

Info about pods in Shoot-namespace

View Source 
var (

	// AlicloudCloudControllerManagerInfoNotSecured points to alicloud-specific cloud-controller-manager.
	// For now it listens only on HTTP for all Shoot versions.
	AlicloudCloudControllerManagerInfoNotSecured = &SourcePod{
		Ports: NewSinglePort(10253),
		Pod: NewPod("cloud-controller-manager-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "cloud-controller-manager",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-shoot-apiserver",
			"allow-to-dns",
			"allow-to-public-networks",
			"deny-all",
		),
	}

	// AlicloudKubeControllerManagerInfoSecured points to alicloud-specific kube-controller-manager.
	AlicloudKubeControllerManagerInfoSecured = &SourcePod{
		Ports: NewSinglePort(10257),
		Pod: NewPod("kube-controller-manager-https", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "controller-manager",
		}, ">= 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// AlicloudKubeControllerManagerInfoNotSecured points to alicloud-specific kube-controller-manager.
	AlicloudKubeControllerManagerInfoNotSecured = &SourcePod{
		Ports: NewSinglePort(10252),
		Pod: NewPod("kube-controller-manager-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "controller-manager",
		}, "< 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// AlicloudCSIPluginInfo points to alicloud-specific CSI Plugin.
	AlicloudCSIPluginInfo = &SourcePod{
		Ports: NewSinglePort(80),
		Pod: NewPod("csi-plugin-controller", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "csi-plugin-controller",
		}),
		ExpectedPolicies: sets.NewString(
			"allow-to-public-networks",
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// AlicloudMetadataServiceHost points to alicloud-specific Metadata service.
	AlicloudMetadataServiceHost = &Host{
		Description: "Metadata service",
		HostName:    "100.100.100.200",
		Port:        80,
	}
)
View Source 
var (

	// AWSLBReadvertiserInfo points to aws-specific aws-lb-readvertiser.
	AWSLBReadvertiserInfo = &SourcePod{
		Pod: Pod{
			Name: "aws-lb-readvertiser",
			Labels: labels.Set{
				"app":                     "aws-lb-readvertiser",
				"garden.sapcloud.io/role": "controlplane",
			},
			SeedClusterConstraints: sets.NewString(string(v1beta1.CloudProviderAWS)),
		},
		ExpectedPolicies: sets.NewString(
			"allow-to-public-networks",
			"allow-to-dns",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// AWSMetadataServiceHost points to aws-specific Metadata service.
	AWSMetadataServiceHost = &Host{
		Description: "Metadata service",
		HostName:    "169.254.169.254",
		Port:        80,
	}
)
View Source 
var (
	// OpenStackMetadataServiceHost points to openstack-specific Metadata service.
	OpenStackMetadataServiceHost = &Host{
		Description: "Metadata service",
		HostName:    "169.254.169.254",
		Port:        80,
	}

	// OpenStackCloudControllerManagerNotSecured points to OpenStack specific cloud-controller-manager running on HTTP port.
	OpenStackCloudControllerManagerNotSecured = &SourcePod{
		Ports: NewSinglePort(10253),
		Pod: NewPod("cloud-controller-manager-http", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "cloud-controller-manager",
		}, "< 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-private-networks",
			"allow-to-public-networks",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}

	// OpenStackCloudControllerManagerSecured points to OpenStack specific cloud-controller-manager running on HTTPS port.
	OpenStackCloudControllerManagerSecured = &SourcePod{
		Ports: NewSinglePort(10258),
		Pod: NewPod("cloud-controller-manager-https", labels.Set{
			"app":                     "kubernetes",
			"garden.sapcloud.io/role": "controlplane",
			"role":                    "cloud-controller-manager",
		}, ">= 1.13"),
		ExpectedPolicies: sets.NewString(
			"allow-from-prometheus",
			"allow-to-dns",
			"allow-to-private-networks",
			"allow-to-public-networks",
			"allow-to-shoot-apiserver",
			"deny-all",
		),
	}
)
View Source 
var (

	// AzureMetadataServiceHost points to azure-specific Metadata service.
	AzureMetadataServiceHost = &Host{
		Description: "Metadata service",
		HostName:    "169.254.169.254",
		Port:        80,
	}
)
View Source 
var (

	// GCPMetadataServiceHost points to gcp-specific Metadata service.
	GCPMetadataServiceHost = &Host{
		Description: "Metadata service",
		HostName:    "169.254.169.254",
		Port:        80,
	}
)

Functions

This section is empty.

Types

type AWSNetworkPolicy 

type AWSNetworkPolicy struct {
}

AWSNetworkPolicy holds aws-specific network policy settings. +gen-netpoltests=true +gen-packagename=aws

func (*AWSNetworkPolicy) EgressFromOtherNamespaces 

func (a *AWSNetworkPolicy) EgressFromOtherNamespaces(sourcePod *SourcePod) Rule

EgressFromOtherNamespaces returns list of all aws-specific sources and targets.

func (*AWSNetworkPolicy) Provider 

func (a *AWSNetworkPolicy) Provider() v1beta1.CloudProvider

Provider returns AWS cloud provider.

func (*AWSNetworkPolicy) ToSources 

func (a *AWSNetworkPolicy) ToSources() []Rule

ToSources returns list of all aws-specific sources and targets.

type AlicloudNetworkPolicy 

type AlicloudNetworkPolicy struct {
}

AlicloudNetworkPolicy holds alicloud-specific network policy settings. +gen-netpoltests=true +gen-packagename=alicloud

func (*AlicloudNetworkPolicy) EgressFromOtherNamespaces 

func (a *AlicloudNetworkPolicy) EgressFromOtherNamespaces(sourcePod *SourcePod) Rule

EgressFromOtherNamespaces returns list of all alicloud-specific sources and targets.

func (*AlicloudNetworkPolicy) Provider 

func (a *AlicloudNetworkPolicy) Provider() v1beta1.CloudProvider

Provider returns Alicloud cloud provider.

func (*AlicloudNetworkPolicy) ToSources 

func (a *AlicloudNetworkPolicy) ToSources() []Rule

ToSources returns list of all alicloud-specific sources and targets.

type AzureNetworkPolicy 

type AzureNetworkPolicy struct {
}

AzureNetworkPolicy holds azure-specific network policy settings. +gen-netpoltests=true +gen-packagename=azure

func (*AzureNetworkPolicy) EgressFromOtherNamespaces 

func (a *AzureNetworkPolicy) EgressFromOtherNamespaces(sourcePod *SourcePod) Rule

EgressFromOtherNamespaces returns list of all azure-specific sources and targets.

func (*AzureNetworkPolicy) Provider 

func (a *AzureNetworkPolicy) Provider() v1beta1.CloudProvider

Provider returns Azure cloud provider.

func (*AzureNetworkPolicy) ToSources 

func (a *AzureNetworkPolicy) ToSources() []Rule

ToSources returns list of all azure-specific sources and targets.

type CloudAwarePodInfo 

type CloudAwarePodInfo interface {
	// ToSources returns a list of all sources of the CloudProvider.
	ToSources() []Rule

	// EgressFromOtherNamespaces returns a list of all TargetPod.
	EgressFromOtherNamespaces(source *SourcePod) Rule

	// Provider returns the CloudProvider.
	Provider() v1beta1.CloudProvider
}

CloudAwarePodInfo contains a Cloud-specific information for Source(s) to Target(s) communication.

type GCPNetworkPolicy 

type GCPNetworkPolicy struct {
}

GCPNetworkPolicy holds gcp-specific network policy settings. +gen-netpoltests=true +gen-packagename=gcp

func (*GCPNetworkPolicy) EgressFromOtherNamespaces 

func (a *GCPNetworkPolicy) EgressFromOtherNamespaces(sourcePod *SourcePod) Rule

EgressFromOtherNamespaces returns list of all gcp-specific sources and targets.

func (*GCPNetworkPolicy) Provider 

func (a *GCPNetworkPolicy) Provider() v1beta1.CloudProvider

Provider returns GCP cloud provider.

func (*GCPNetworkPolicy) ToSources 

func (a *GCPNetworkPolicy) ToSources() []Rule

ToSources returns list of all gcp-specific sources and targets.

type Host 

type Host struct {
	Description string
	HostName    string
	Port        int32
}

Host containts host with port and optional description.

type HostRule 

type HostRule struct {
	Host
	Allowed bool
}

HostRule contains a target Host and decision if it's visible to the source Pod.

func (*HostRule) ToString 

func (t *HostRule) ToString() string

ToString returns the string represetnation of TargetHost.

type NamespacedSourcePod 

type NamespacedSourcePod struct {
	*SourcePod
	Namespace string
}

NamespacedSourcePod holds namespaced PodInfo.

func NewNamespacedSourcePod 

func NewNamespacedSourcePod(sp *SourcePod, namespace string) *NamespacedSourcePod

NewNamespacedSourcePod creates a new NamespacedSourcePod.

type NamespacedTargetPod 

type NamespacedTargetPod struct {
	*TargetPod
	Namespace string
}

NamespacedTargetPod holds namespaced TargetPod.

func NewNamespacedTargetPod 

func NewNamespacedTargetPod(tp *TargetPod, namespace string) *NamespacedTargetPod

NewNamespacedTargetPod creates a new NamespacedTargetPod.

type OpenStackNetworkPolicy 

type OpenStackNetworkPolicy struct {
}

OpenStackNetworkPolicy holds openstack-specific network policy settings. +gen-netpoltests=true +gen-packagename=openstack

func (*OpenStackNetworkPolicy) EgressFromOtherNamespaces 

func (a *OpenStackNetworkPolicy) EgressFromOtherNamespaces(sourcePod *SourcePod) Rule

EgressFromOtherNamespaces returns list of all openstack-specific sources and targets.

func (*OpenStackNetworkPolicy) Provider 

func (a *OpenStackNetworkPolicy) Provider() v1beta1.CloudProvider

Provider returns OpenStack cloud provider.

func (*OpenStackNetworkPolicy) ToSources 

func (a *OpenStackNetworkPolicy) ToSources() []Rule

ToSources returns list of all openstack-specific sources and targets.

type Pod 

type Pod struct {
	Name                   string
	Labels                 labels.Set
	ShootVersionConstraint string
	// For which seed clusters this pod is active.
	SeedClusterConstraints sets.String
}

Pod contains the barebone detals about a Pod.

func NewPod 

func NewPod(name string, labels labels.Set, shootVersionContstraints ...string) Pod

NewPod creates a new instance of Pod.

func (*Pod) CheckSeedCluster 

func (p *Pod) CheckSeedCluster(provider v1beta1.CloudProvider) bool

CheckSeedCluster checks if Seed cluster is matched by ShootVersionConstraint.

func (*Pod) CheckVersion 

func (p *Pod) CheckVersion(shoot *v1beta1.Shoot) bool

CheckVersion checks if shoot version is matched by ShootVersionConstraint.

func (*Pod) Selector 

func (p *Pod) Selector() labels.Selector

Selector returns label selector for specific pod.

type PodRule 

type PodRule struct {
	TargetPod
	Allowed bool
}

PodRule contains a rule which allows/disallow traffic to a TargetPod.

func (*PodRule) ToString 

func (p *PodRule) ToString() string

ToString returns the string represetnation of TargetPod.

type Port 

type Port struct {
	Port int32
	Name string
}

Port holds the data about a single port.

func NewSinglePort 

func NewSinglePort(p int32) []Port

NewSinglePort returns just one port.

type Rule 

type Rule struct {
	*SourcePod
	TargetPods  []PodRule
	TargetHosts []HostRule
}

Rule contains Pod and target Pods and Hosts to which it's (not) allowed to talk to.

type RuleBuilder 

type RuleBuilder struct {
	// contains filtered or unexported fields
}

RuleBuilder is a builder for easy construction of Source.

func NewSource 

func NewSource(pi *SourcePod) *RuleBuilder

NewSource creates a new instance of RuleBuilder.

func (*RuleBuilder) AllowHost 

func (s *RuleBuilder) AllowHost(allowedHosts ...*Host) *RuleBuilder

AllowHost adds `allowedHosts` as allowed Targets.

func (*RuleBuilder) AllowPod 

func (s *RuleBuilder) AllowPod(allowedSources ...*SourcePod) *RuleBuilder

AllowPod adds `allowedSources` as allowed Targets.

func (*RuleBuilder) AllowTargetPod 

func (s *RuleBuilder) AllowTargetPod(allowTargetPods ...*TargetPod) *RuleBuilder

AllowTargetPod adds `allowTargetPods` as allowed Targets.

func (*RuleBuilder) Build 

func (s *RuleBuilder) Build() Rule

Build returns the completed Source instance.

func (*RuleBuilder) DenyHost 

func (s *RuleBuilder) DenyHost(deniedHosts ...*Host) *RuleBuilder

DenyHost adds `deniedHosts` as denied Targets.

func (*RuleBuilder) DenyPod 

func (s *RuleBuilder) DenyPod(deniedPods ...*SourcePod) *RuleBuilder

DenyPod adds `deniedPods` as denied Targets.

func (*RuleBuilder) DenyTargetPod 

func (s *RuleBuilder) DenyTargetPod(deniedTargets ...*TargetPod) *RuleBuilder

DenyTargetPod adds `deniedTargets` as denied Targets.

type SharedResources 

type SharedResources struct {
	Mirror            string                       `json:"mirror"`
	External          string                       `json:"external"`
	SeedNodeIP        string                       `json:"seedNodeIP"`
	Policies          []networkingv1.NetworkPolicy `json:"policies"`
	SeedCloudProvider v1beta1.CloudProvider        `json:"seedCloudProvider"`
}

SharedResources are shared between Ginkgo Nodes.

type SourcePod 

type SourcePod struct {
	Pod
	Ports            []Port
	ExpectedPolicies sets.String
}

SourcePod holds the data about pods in the shoot namespace and their services.

func (*SourcePod) AsTargetPods 

func (s *SourcePod) AsTargetPods() []*TargetPod

AsTargetPods returns a list of TargetPods for each Port. Returned slice is not deep copied!

func (*SourcePod) DummyPort 

func (s *SourcePod) DummyPort() *TargetPod

DummyPort returns a TargetPod containing only one 8080 port. This resource is not deep copied!

func (*SourcePod) FromPort 

func (s *SourcePod) FromPort(portName string) *TargetPod

FromPort returns a TargetPod containing only one specific port. This resource is not deep copied!

type TargetPod 

type TargetPod struct {
	Pod
	Port
}

TargetPod contains data about a Pod listening on a specific port.

Source Files

View all Source files

Directories

Path Synopsis
generators

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.