Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Config is the structure holding all information about the supervisor

func NewSupervisor

func NewSupervisor(collector collector.EventCollector, enforcerInstance enforcer.PolicyEnforcer, mode constants.ModeType, implementation constants.ImplementationType, networks []string) (*Config, error)

NewSupervisor will create a new connection supervisor that uses IPTables to redirect specific packets to userspace. It instantiates multiple data stores to maintain efficient mappings between contextID, policy and IP addresses. This simplifies the lookup operations at the expense of memory.

func (*Config) SetTargetNetworks

func (s *Config) SetTargetNetworks(networks []string) error

SetTargetNetworks sets the target networks of the supervisor

func (*Config) Start

func (s *Config) Start() error

Start starts the supervisor

func (*Config) Stop

func (s *Config) Stop() error

Stop stops the supervisor

func (*Config) Supervise

func (s *Config) Supervise(contextID string, containerInfo *policy.PUInfo) error

Supervise creates a mapping between an IP address and the corresponding labels. it invokes the various handlers that process the parameter policy.

func (*Config) Unsupervise

func (s *Config) Unsupervise(contextID string) error

Unsupervise removes the mapping from cache and cleans up the iptable rules. ALL remove operations will print errors by they don't return error. We want to force as much cleanup as possible to avoid stale state

type Implementor

type Implementor interface {

	// ConfigureRules
	ConfigureRules(version int, contextID string, containerInfo *policy.PUInfo) error

	// UpdateRules
	UpdateRules(version int, contextID string, containerInfo *policy.PUInfo) error

	// DeleteRules
	DeleteRules(version int, context string, ipAddresses policy.ExtendedMap, port string, mark string, uid string) error

	// SetTargetNetworks sets the target networks of the supervisor
	SetTargetNetworks([]string, []string) error

	// Start initializes any defaults
	Start() error

	// Stop cleans up state
	Stop() error
}

Implementor is the interface of the implementation based on iptables, ipsets, remote etc

type Supervisor

type Supervisor interface {

	// Supervise adds a new supervised processing unit.
	Supervise(contextID string, puInfo *policy.PUInfo) error

	// Unsupervise unsupervises the given PU
	Unsupervise(contextID string) error

	// Start starts the Supervisor.
	Start() error

	// Stop stops the Supervisor.
	Stop() error

	// SetTargetNetworks sets the target networks of the supervisor
	SetTargetNetworks([]string) error
}

A Supervisor is implementing the node control plane that captures the packets.

type TestSupervisor

type TestSupervisor interface {
	Supervisor
	MockSupervise(t *testing.T, impl func(contextID string, puInfo *policy.PUInfo) error)
	MockUnsupervise(t *testing.T, impl func(contextID string) error)
	MockStart(t *testing.T, impl func() error)
	MockStop(t *testing.T, impl func() error)
	MockAddExcludedIPs(t *testing.T, impl func(ips []string) error)
	MockSetTargetNetworks(t *testing.T, impl func(networks []string) error)
}

TestSupervisor is a test implementation for IptablesProvider

type TestSupervisorInst

type TestSupervisorInst struct {
	// contains filtered or unexported fields
}

A TestSupervisorInst is an empty TransactionalManipulator that can be easily mocked.

func NewTestSupervisor

func NewTestSupervisor() *TestSupervisorInst

NewTestSupervisor returns a new TestManipulator.

func (*TestSupervisorInst) AddExcludedIPs

func (m *TestSupervisorInst) AddExcludedIPs(ips []string) error

AddExcludedIPs is a test implementation of the AddExcludedIPs interface

func (*TestSupervisorInst) MockAddExcludedIPs

func (m *TestSupervisorInst) MockAddExcludedIPs(t *testing.T, impl func(ip []string) error)

MockAddExcludedIPs mocks AddExcludedIPs

func (*TestSupervisorInst) MockSetTargetNetworks

func (m *TestSupervisorInst) MockSetTargetNetworks(t *testing.T, impl func(networks []string) error)

MockSetTargetNetworks mocks the SetTargetNetworks method

func (*TestSupervisorInst) MockStart

func (m *TestSupervisorInst) MockStart(t *testing.T, impl func() error)

MockStart mocks the Start method

func (*TestSupervisorInst) MockStop

func (m *TestSupervisorInst) MockStop(t *testing.T, impl func() error)

MockStop mocks the Stop method

func (*TestSupervisorInst) MockSupervise

func (m *TestSupervisorInst) MockSupervise(t *testing.T, impl func(contextID string, puInfo *policy.PUInfo) error)

MockSupervise mocks the Supervise method

func (*TestSupervisorInst) MockUnsupervise

func (m *TestSupervisorInst) MockUnsupervise(t *testing.T, impl func(contextID string) error)

MockUnsupervise mocks the unsupervise method

func (*TestSupervisorInst) SetTargetNetworks

func (m *TestSupervisorInst) SetTargetNetworks(networks []string) error

SetTargetNetworks is a test implementation of the SetTargetNetworks interface method

func (*TestSupervisorInst) Start

func (m *TestSupervisorInst) Start() error

Start is a test implementation of the Start interface method

func (*TestSupervisorInst) Stop

func (m *TestSupervisorInst) Stop() error

Stop is a test implementation of the Stop interface method

func (*TestSupervisorInst) Supervise

func (m *TestSupervisorInst) Supervise(contextID string, puInfo *policy.PUInfo) error

Supervise is a test implementation of the Supervise interface

func (*TestSupervisorInst) Unsupervise

func (m *TestSupervisorInst) Unsupervise(contextID string) error

Unsupervise is a test implementation of the Unsupervise interface

Directories

Path Synopsis
nolint
nolint
mock
nolint nolint
nolint nolint
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.
Package supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.