Documentation
¶
Index ¶
- Constants
- type ACLPolicy
- type Direction
- type NPMNetworkPolicy
- type PolicyManager
- func (pMgr *PolicyManager) AddPolicy(policy *NPMNetworkPolicy, endpointList []string) error
- func (pMgr *PolicyManager) GetPolicy(name string) (*NPMNetworkPolicy, bool)
- func (pMgr *PolicyManager) PolicyExists(name string) bool
- func (pMgr *PolicyManager) RemovePolicy(name string, endpointList []string) error
- type PolicyMap
- type Ports
- type Protocol
- type SetInfo
- type Verdict
Constants ¶
View Source
const ( // Ingress when packet is entering a container Ingress Direction = "IN" // Egress when packet is leaving a container Egress Direction = "OUT" // Both applies to both directions Both Direction = "BOTH" // Allowed is accept in linux Allowed Verdict = "ALLOW" // Dropped is denying a flow Dropped Verdict = "DROP" // TCP Protocol TCP Protocol = "tcp" // UDP Protocol UDP Protocol = "udp" // SCTP Protocol SCTP Protocol = "sctp" // ICMP Protocol ICMP Protocol = "icmp" // AnyProtocol can be used for all other protocols AnyProtocol Protocol = "any" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACLPolicy ¶
type ACLPolicy struct {
// PolicyID is the rules name with a given network policy
PolicyID string
// Comment is the string attached to rule to identity its representation
Comment string
// SrcList source IPSets condition setinfos
SrcList []SetInfo
// DstList destination IPSets condition setinfos
DstList []SetInfo
// Target defines a target in iptables for linux. i,e, Mark, Accept, Drop
// in windows, this is either ALLOW or DENY
Target Verdict
// Direction defines the flow of traffic
Direction Direction
// SrcPorts holds the source port information
SrcPorts []Ports
// DstPorts holds the destination port information
DstPorts []Ports
// Protocol is the value of traffic protocol
Protocol Protocol
}
ACLPolicy equivalent to a single iptable rule in linux or a single HNS rule in windows
type NPMNetworkPolicy ¶
type NPMNetworkPolicy struct {
Name string
// PodSelectorIPSets holds all the IPSets generated from Pod Selector
PodSelectorIPSets []*ipsets.TranslatedIPSet
// RuleIPSets holds all IPSets generated from policy's rules
// and not from pod selector IPSets
//
RuleIPSets []*ipsets.TranslatedIPSet
ACLs []*ACLPolicy
// podIP is key and endpoint ID as value
// Will be populated by dataplane and policy manager
PodEndpoints map[string]string
RawNP *networkingv1.NetworkPolicy
}
type PolicyManager ¶
type PolicyManager struct {
// contains filtered or unexported fields
}
func NewPolicyManager ¶
func NewPolicyManager(ioShim *common.IOShim) *PolicyManager
func (*PolicyManager) AddPolicy ¶ added in v1.4.13
func (pMgr *PolicyManager) AddPolicy(policy *NPMNetworkPolicy, endpointList []string) error
func (*PolicyManager) GetPolicy ¶
func (pMgr *PolicyManager) GetPolicy(name string) (*NPMNetworkPolicy, bool)
func (*PolicyManager) PolicyExists ¶
func (pMgr *PolicyManager) PolicyExists(name string) bool
func (*PolicyManager) RemovePolicy ¶
func (pMgr *PolicyManager) RemovePolicy(name string, endpointList []string) error
type SetInfo ¶
type SetInfo struct {
IPSet *ipsets.IPSetMetadata
Included bool
MatchType string // match type can be “src”, “src,dst” or “dst,dst” etc
}
SetInfo helps capture additional details in a matchSet example match set in linux:
! azure-npm-123 src,src
"!" this indicates a negative match of an IPset for src,src Included flag captures the negative or positive match MatchType captures match flags
Source Files
Click to show internal directories.
Click to hide internal directories.