Documentation
¶
Index ¶
Constants ¶
View Source
const ( TableFilter = "filter" MainChain = "WEAVE-NPC" DefaultChain = "WEAVE-NPC-DEFAULT" IngressChain = "WEAVE-NPC-INGRESS" IpsetNamePrefix = "weave-" LocalIpset = IpsetNamePrefix + "local-pods" )
View Source
const ( // This array: // * Must include only printable UTF8 characters that are represented with a single byte (http://www.utf8-chartable.de/) // * Must be at least of length 85 (`len("weave-") + l(2^160)/l(85)` equals 31, the maximum ipset name length) // * Must not include commas as those are treated specially by `ipset add` when adding a named set to a list:set // * Should not include space for readability // * Should not include invalid chars for XML `<>&"'` // * Should not include single quote or backslash to be nice to shell users ShortNameSymbols = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789(){}[]+=_$%^!*|/?.;:@#~" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IngressIsolationPolicy ¶
type IngressIsolationPolicy string
const ( // Deny all ingress traffic to pods in this namespace. Ingress means // any incoming traffic to pods, whether that be from other pods within this namespace // or any source outside of this namespace. DefaultDeny IngressIsolationPolicy = "DefaultDeny" )
type NamespaceIngressPolicy ¶
type NamespaceIngressPolicy struct {
// The isolation policy to apply to pods in this namespace.
// Currently this field only supports "DefaultDeny", but could
// be extended to support other policies in the future. When set to DefaultDeny,
// pods in this namespace are denied ingress traffic by default. When not defined,
// the cluster default ingress isolation policy is applied (currently allow all).
Isolation *IngressIsolationPolicy `json:"isolation,omitempty"`
}
Configuration for ingress to pods within this namespace. For now, this only supports specifying an isolation policy.
type NamespaceNetworkPolicy ¶
type NamespaceNetworkPolicy struct {
// Ingress configuration for this namespace. This config is
// applied to all pods within this namespace. For now, only
// ingress is supported. This field is optional - if not
// defined, then the cluster default for ingress is applied.
Ingress *NamespaceIngressPolicy `json:"ingress,omitempty"`
}
type NamespaceSpec ¶
type NamespaceSpec struct {
// This is a pointer so that it can be left undefined.
NetworkPolicy *NamespaceNetworkPolicy `json:"networkPolicy,omitempty"`
}
Standard NamespaceSpec object, modified to include a new NamespaceNetworkPolicy field.
type NetworkPolicyController ¶
type NetworkPolicyController interface {
AddNamespace(ns *coreapi.Namespace) error
UpdateNamespace(oldObj, newObj *coreapi.Namespace) error
DeleteNamespace(ns *coreapi.Namespace) error
AddPod(obj *coreapi.Pod) error
UpdatePod(oldObj, newObj *coreapi.Pod) error
DeletePod(obj *coreapi.Pod) error
AddNetworkPolicy(obj *extnapi.NetworkPolicy) error
UpdateNetworkPolicy(oldObj, newObj *extnapi.NetworkPolicy) error
DeleteNetworkPolicy(obj *extnapi.NetworkPolicy) error
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.