external_traffic

package

v0.1.15 Latest Latest Go to latest Published: Feb 5, 2023 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/otterize/intents-operator

Documentation ¶

Index ¶

Constants
type EndpointsReconciler
- func NewEndpointsReconciler(client client.Client, scheme *runtime.Scheme, enabled bool, ...) *EndpointsReconciler
type IngressReconciler
- func NewIngressReconciler(client client.Client, scheme *runtime.Scheme, ...) *IngressReconciler
type NetworkPolicyCreator
- func NewNetworkPolicyCreator(client client.Client, scheme *runtime.Scheme, enabled bool, ...) *NetworkPolicyCreator

Constants ¶

View Source

const (
	ReasonEnforcementGloballyDisabled         = "EnforcementGloballyDisabled"
	ReasonCreatingExternalTrafficPolicyFailed = "CreatingExternalTrafficPolicyFailed"
	ReasonCreatedExternalTrafficPolicy        = "CreatedExternalTrafficPolicy"
	ReasonGettingExternalTrafficPolicyFailed  = "GettingExternalTrafficPolicyFailed"
	ReasonRemovingExternalTrafficPolicy       = "RemovingExternalTrafficPolicy"
	ReasonRemovingExternalTrafficPolicyFailed = "RemovingExternalTrafficPolicyFailed"
	ReasonRemovedExternalTrafficPolicy        = "RemovedExternalTrafficPolicy"
)

View Source

const OtterizeExternalNetworkPolicyNameTemplate = "external-access-to-%s"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EndpointsReconciler ¶

type EndpointsReconciler struct {
	client.Client
	Scheme *runtime.Scheme

	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewEndpointsReconciler ¶

func NewEndpointsReconciler(client client.Client, scheme *runtime.Scheme, enabled bool, enforcementEnabledGlobally bool) *EndpointsReconciler

func (*EndpointsReconciler) InitIngressReferencedServicesIndex ¶

func (r *EndpointsReconciler) InitIngressReferencedServicesIndex(mgr ctrl.Manager) error

func (*EndpointsReconciler) InjectRecorder ¶

func (r *EndpointsReconciler) InjectRecorder(recorder record.EventRecorder)

func (*EndpointsReconciler) Reconcile ¶

func (r *EndpointsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles three cases: (1) It watches Endpoints, which means it gets updates when Services are updated, or the pods backing them are updated.

    When that happens, and the Service is of type LoadBalancer, NodePort, or is referenced by an Ingress,
	   it checks if the backing pods are affected by Otterize Intents Network Policies.
	   If so, and the reconciler is enabled, it will create network policies to allow external traffic to those pods.
	   If the Endpoints (= Services) update port, it will update the port specified in the corresponding network policy.
	   If the Endpoints no longer refer to pods affected by Intents, then the network policy will be deleted.
	   If the Service is deleted completely, then the corresponding network policy will be deleted, since it is owned
	   by the service.

(2) It receives reconcile requests from the IngressReconciler, when Ingresses are created, updated or deleted. (3) It receives reconcile requests from the Intents NetworkPolicyReconciler, when Network Policies that apply intents

are created, updated or deleted. This means that if you create, update or delete intents, the corresponding
external traffic policy will be created (if there were no other intents affecting the service before then) or
deleted (if no intents network policies refer to the pods backing the service any longer).

func (*EndpointsReconciler) ReconcileServiceForOtterizeNetpol ¶

func (r *EndpointsReconciler) ReconcileServiceForOtterizeNetpol(ctx context.Context, endpoints *corev1.Endpoints, otterizeServiceName string, ingressList *v1.IngressList, netpol *v1.NetworkPolicy) (ctrl.Result, error)

func (*EndpointsReconciler) SetupWithManager ¶

func (r *EndpointsReconciler) SetupWithManager(mgr ctrl.Manager) error

type IngressReconciler ¶

type IngressReconciler struct {
	client.Client
	Scheme *runtime.Scheme

	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewIngressReconciler ¶

func NewIngressReconciler(client client.Client, scheme *runtime.Scheme, endpointsReconciler *EndpointsReconciler) *IngressReconciler

func (*IngressReconciler) InitNetworkPoliciesByIngressNameIndex ¶

func (r *IngressReconciler) InitNetworkPoliciesByIngressNameIndex(mgr ctrl.Manager) error

func (*IngressReconciler) Reconcile ¶

func (r *IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

Reconcile handles ingress creation, update and delete. In all of these cases, it resolves which services the ingress refers to, and sends a Reconcile request to the EndpointsReconciler. The EndpointsReconciler is responsible for determining which services and ingresses are related to an Endpoints resource and managing the network policies accordingly.

func (*IngressReconciler) SetupWithManager ¶

func (r *IngressReconciler) SetupWithManager(mgr ctrl.Manager) error

type NetworkPolicyCreator ¶

type NetworkPolicyCreator struct {
	injectablerecorder.InjectableRecorder
	// contains filtered or unexported fields
}

func NewNetworkPolicyCreator ¶

func NewNetworkPolicyCreator(client client.Client, scheme *runtime.Scheme, enabled bool, enforcementEnabledGlobally bool) *NetworkPolicyCreator

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL