Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( DefaultInputRules = poltypes.NetRuleChain{ Name: string(k8stables.ChainInput), Rules: []poltypes.NetRule{ poltypes.NetRule{SourceIface: "lo", Operation: poltypes.IptablesAccept}, poltypes.NetRule{State: poltypes.StateEstablishedRelated, Operation: poltypes.IptablesAccept}, poltypes.NetRule{Operation: poltypes.IptablesReject}, }, } DefaultOutputRules = poltypes.NetRuleChain{ Name: string(k8stables.ChainOutput), Rules: []poltypes.NetRule{ poltypes.NetRule{DestIface: "lo", Operation: poltypes.IptablesAccept}, poltypes.NetRule{State: poltypes.StateEstablishedRelated, Operation: poltypes.IptablesAccept}, poltypes.NetRule{Protocol: "tcp", DestPort: "53", State: poltypes.StateNewEstablished, Operation: poltypes.IptablesAccept}, poltypes.NetRule{Protocol: "udp", DestPort: "53", State: poltypes.StateNewEstablished, Operation: poltypes.IptablesAccept}, poltypes.NetRule{Operation: poltypes.IptablesReject}, }, } DefaultForwardRules = poltypes.NetRuleChain{ Name: string(k8stables.ChainForward), Rules: []poltypes.NetRule{ poltypes.NetRule{Operation: poltypes.IptablesReject}, }, } JumpToV4IngressRule = poltypes.NetRuleChain{ Name: string(k8stables.ChainInput), Rules: []poltypes.NetRule{ poltypes.NetRule{Operation: poltypes.IngressV4ChainName}, }, } JumpToV4EgressRule = poltypes.NetRuleChain{ Name: string(k8stables.ChainOutput), Rules: []poltypes.NetRule{ poltypes.NetRule{Operation: poltypes.EgressV4ChainName}, }, } JumpToV6IngressRule = poltypes.NetRuleChain{ Name: string(k8stables.ChainInput), Rules: []poltypes.NetRule{ poltypes.NetRule{Operation: poltypes.IngressV6ChainName}, }, } JumpToV6EgressRule = poltypes.NetRuleChain{ Name: string(k8stables.ChainOutput), Rules: []poltypes.NetRule{ poltypes.NetRule{Operation: poltypes.EgressV6ChainName}, }, } DefaultReturnRule = poltypes.NetRule{ Operation: poltypes.IptablesReturn, } )
Functions ¶
This section is empty.
Types ¶
type IptablesProvisioner ¶
type IptablesProvisioner struct {
V4Provisioner k8stables.Interface
V6Provisioner k8stables.Interface
}
func NewIptablesProvisioner ¶
func NewIptablesProvisioner() *IptablesProvisioner
func (*IptablesProvisioner) AddRulesToNewPod ¶
func (iptabProv *IptablesProvisioner) AddRulesToNewPod(ruleSet *poltypes.NetRuleSet, pod *corev1.Pod)
Source Files
Click to show internal directories.
Click to hide internal directories.