Documentation
¶
Index ¶
- func ParseDenyCIDRs(s string) []string
- type Config
- type Manager
- func (m *Manager) ApplyNetworkPolicy(ctx context.Context, namespace string) error
- func (m *Manager) DeleteNamespace(ctx context.Context, namespace string) error
- func (m *Manager) EnsureNamespace(ctx context.Context, workspaceID string) (string, error)
- func (m *Manager) NamespaceName(workspaceID string) string
- type NetworkPolicyConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseDenyCIDRs ¶
ParseDenyCIDRs splits a comma-separated CIDR string into a slice.
Types ¶
type Config ¶
type Config struct {
Prefix string
NetworkPolicy NetworkPolicyConfig
}
Config holds configuration for the namespace manager.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager handles per-workspace K8s namespace lifecycle.
func NewManager ¶
func NewManager(clientset kubernetes.Interface, config Config) *Manager
NewManager creates a new namespace Manager.
func (*Manager) ApplyNetworkPolicy ¶
ApplyNetworkPolicy creates or updates the sandbox egress NetworkPolicy in the given namespace.
func (*Manager) DeleteNamespace ¶
DeleteNamespace deletes the namespace. K8s cascades all resources within it.
func (*Manager) EnsureNamespace ¶
EnsureNamespace creates the namespace if it does not exist, applies labels and NetworkPolicy. Returns the namespace name. Idempotent.
func (*Manager) NamespaceName ¶
NamespaceName returns the K8s namespace name for a workspace ID.
type NetworkPolicyConfig ¶
type NetworkPolicyConfig struct {
Enabled bool
DenyCIDRs []string
AgentserverNamespace string // Allow egress to agentserver namespace (for Anthropic API proxy).
}
NetworkPolicyConfig holds NetworkPolicy settings applied to each workspace namespace.
Source Files
Click to show internal directories.
Click to hide internal directories.