Examples with NetworkPolicyEgressRule io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule used on opensource projects

Search in sources :

Example 1 with NetworkPolicyEgressRule

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule in project onos by opennetworkinglab.

the class K8sNetworkPolicyHandler method setAllowRulesByPolicy.

private void setAllowRulesByPolicy(NetworkPolicy policy, boolean install) {
    Map<String, Map<String, List<NetworkPolicyPort>>> white = Maps.newConcurrentMap();
    int nsHash = namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace());
    List<NetworkPolicyIngressRule> ingress = policy.getSpec().getIngress();
    if (ingress != null && ingress.size() == 1) {
        NetworkPolicyIngressRule rule = ingress.get(0);
        if (rule.getFrom().size() == 0 && rule.getPorts().size() == 0) {
            setAllowAllRule(nsHash, DIRECTION_INGRESS, install);
        }
    }
    policy.getSpec().getIngress().forEach(i -> {
        Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
        direction.put(DIRECTION_INGRESS, i.getPorts());
        i.getFrom().forEach(peer -> {
            // IP block
            if (peer.getIpBlock() != null) {
                if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
                    Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
                    blkDirection.put(DIRECTION_INGRESS, i.getPorts());
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> blkDirection);
                    setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_INGRESS, peer.getIpBlock().getExcept(), install);
                } else {
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> direction);
                }
            }
            // POD selector
            Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
            pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
                white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> direction);
                white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> direction);
            });
            // Namespace selector
            setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_INGRESS, install);
        });
    });
    List<NetworkPolicyEgressRule> egress = policy.getSpec().getEgress();
    if (egress != null && egress.size() == 1) {
        NetworkPolicyEgressRule rule = egress.get(0);
        if (rule.getTo().size() == 0 && rule.getPorts().size() == 0) {
            setAllowAllRule(nsHash, DIRECTION_EGRESS, install);
        }
    }
    policy.getSpec().getEgress().forEach(e -> {
        Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
        direction.put(DIRECTION_EGRESS, e.getPorts());
        e.getTo().forEach(peer -> {
            // IP block
            if (peer.getIpBlock() != null) {
                if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
                    Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
                    blkDirection.put(DIRECTION_EGRESS, e.getPorts());
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
                        if (v != null) {
                            v.put(DIRECTION_EGRESS, e.getPorts());
                            return v;
                        } else {
                            return blkDirection;
                        }
                    });
                    setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_EGRESS, peer.getIpBlock().getExcept(), install);
                } else {
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
                        if (v != null) {
                            v.put(DIRECTION_EGRESS, e.getPorts());
                            return v;
                        } else {
                            return direction;
                        }
                    });
                }
            }
            // POD selector
            Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
            pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
                white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> {
                    if (n != null) {
                        n.put(DIRECTION_EGRESS, e.getPorts());
                        return n;
                    } else {
                        return direction;
                    }
                });
                white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> {
                    if (n != null) {
                        n.put(DIRECTION_EGRESS, e.getPorts());
                        return n;
                    } else {
                        return direction;
                    }
                });
            });
            // Namespace selector
            setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_EGRESS, install);
        });
    });
    setAllowRules(namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace()), white, install);
    setBlackToRouteRules(true);
}
Also used : ACL_INGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_WHITE_TABLE) K8sNetworkingUtil.shiftIpDomain(org.onosproject.k8snetworking.util.K8sNetworkingUtil.shiftIpDomain) CoreService(org.onosproject.core.CoreService) DeviceService(org.onosproject.net.device.DeviceService) Tools.groupedThreads(org.onlab.util.Tools.groupedThreads) PRIORITY_NAMESPACE_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_NAMESPACE_RULE) NAMESPACE_TABLE(org.onosproject.k8snetworking.api.Constants.NAMESPACE_TABLE) PRIORITY_CIDR_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_CIDR_RULE) DriverService(org.onosproject.net.driver.DriverService) DefaultTrafficTreatment(org.onosproject.net.flow.DefaultTrafficTreatment) K8sNetworkPolicyEvent(org.onosproject.k8snetworking.api.K8sNetworkPolicyEvent) DEFAULT_METADATA_MASK(org.onosproject.k8snetworking.api.Constants.DEFAULT_METADATA_MASK) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) StorageService(org.onosproject.store.service.StorageService) ROUTING_TABLE(org.onosproject.k8snetworking.api.Constants.ROUTING_TABLE) DEFAULT_SEGMENT_ID(org.onosproject.k8snetworking.api.Constants.DEFAULT_SEGMENT_ID) DEFAULT_NAMESPACE_HASH(org.onosproject.k8snetworking.api.Constants.DEFAULT_NAMESPACE_HASH) Map(java.util.Map) SERVICE_IP_CIDR_DEFAULT(org.onosproject.k8snetworking.impl.OsgiPropertyConstants.SERVICE_IP_CIDR_DEFAULT) ApplicationId(org.onosproject.core.ApplicationId) K8sPodService(org.onosproject.k8snetworking.api.K8sPodService) K8sServiceEvent(org.onosproject.k8snetworking.api.K8sServiceEvent) TYPE_IPV4(org.onlab.packet.Ethernet.TYPE_IPV4) K8sPodListener(org.onosproject.k8snetworking.api.K8sPodListener) ACL_EGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_BLACK_TABLE) NodeId(org.onosproject.cluster.NodeId) ImmutableSet(com.google.common.collect.ImmutableSet) K8sNetworkingUtil.namespaceHashByPodIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByPodIp) Deactivate(org.osgi.service.component.annotations.Deactivate) K8sNetworkingUtil.namespaceHashByServiceIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByServiceIp) ACL_INGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_BLACK_TABLE) Set(java.util.Set) K8sFlowRuleService(org.onosproject.k8snetworking.api.K8sFlowRuleService) Executors.newSingleThreadExecutor(java.util.concurrent.Executors.newSingleThreadExecutor) Sets(com.google.common.collect.Sets) Objects(java.util.Objects) List(java.util.List) Namespace(io.fabric8.kubernetes.api.model.Namespace) K8sNetworkPolicyService(org.onosproject.k8snetworking.api.K8sNetworkPolicyService) ClusterService(org.onosproject.cluster.ClusterService) LabelSelectorRequirement(io.fabric8.kubernetes.api.model.LabelSelectorRequirement) IpPrefix(org.onlab.packet.IpPrefix) ACL_EGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_WHITE_TABLE) K8sServiceService(org.onosproject.k8snetworking.api.K8sServiceService) ACL_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_TABLE) GROUPING_TABLE(org.onosproject.k8snetworking.api.Constants.GROUPING_TABLE) K8sNetworkService(org.onosproject.k8snetworking.api.K8sNetworkService) AtomicReference(java.util.concurrent.atomic.AtomicReference) NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule) K8sNamespaceListener(org.onosproject.k8snetworking.api.K8sNamespaceListener) Component(org.osgi.service.component.annotations.Component) TrafficSelector(org.onosproject.net.flow.TrafficSelector) K8sNamespaceEvent(org.onosproject.k8snetworking.api.K8sNamespaceEvent) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) K8sServiceListener(org.onosproject.k8snetworking.api.K8sServiceListener) Activate(org.osgi.service.component.annotations.Activate) Service(io.fabric8.kubernetes.api.model.Service) DefaultTrafficSelector(org.onosproject.net.flow.DefaultTrafficSelector) ExecutorService(java.util.concurrent.ExecutorService) K8S_NETWORKING_APP_ID(org.onosproject.k8snetworking.api.Constants.K8S_NETWORKING_APP_ID) IpAddress(org.onlab.packet.IpAddress) TpPort(org.onlab.packet.TpPort) ComponentConfigService(org.onosproject.cfg.ComponentConfigService) TrafficTreatment(org.onosproject.net.flow.TrafficTreatment) Logger(org.slf4j.Logger) SHIFTED_IP_PREFIX(org.onosproject.k8snetworking.api.Constants.SHIFTED_IP_PREFIX) Pod(io.fabric8.kubernetes.api.model.Pod) Maps(com.google.common.collect.Maps) K8sNamespaceService(org.onosproject.k8snetworking.api.K8sNamespaceService) K8sNetworkPolicyListener(org.onosproject.k8snetworking.api.K8sNetworkPolicyListener) ReferenceCardinality(org.osgi.service.component.annotations.ReferenceCardinality) IPv4(org.onlab.packet.IPv4) DEFAULT_SERVICE_IP_NONE(org.onosproject.k8snetworking.api.Constants.DEFAULT_SERVICE_IP_NONE) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) LoggerFactory.getLogger(org.slf4j.LoggerFactory.getLogger) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) K8sNetworkingUtil.namespaceHashByNamespace(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByNamespace) K8sPodEvent(org.onosproject.k8snetworking.api.K8sPodEvent) K8sNodeService(org.onosproject.k8snode.api.K8sNodeService) Reference(org.osgi.service.component.annotations.Reference) LeadershipService(org.onosproject.cluster.LeadershipService) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) Pod(io.fabric8.kubernetes.api.model.Pod) NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) List(java.util.List) Map(java.util.Map)

Aggregations

ImmutableSet (com.google.common.collect.ImmutableSet)1 Maps (com.google.common.collect.Maps)1 Sets (com.google.common.collect.Sets)1 LabelSelectorRequirement (io.fabric8.kubernetes.api.model.LabelSelectorRequirement)1 Namespace (io.fabric8.kubernetes.api.model.Namespace)1 Pod (io.fabric8.kubernetes.api.model.Pod)1 Service (io.fabric8.kubernetes.api.model.Service)1 NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)1 NetworkPolicyEgressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule)1 NetworkPolicyIngressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)1 NetworkPolicyPeer (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)1 NetworkPolicyPort (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort)1 List (java.util.List)1 Map (java.util.Map)1 Objects (java.util.Objects)1 Set (java.util.Set)1 ExecutorService (java.util.concurrent.ExecutorService)1 Executors.newSingleThreadExecutor (java.util.concurrent.Executors.newSingleThreadExecutor)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 TYPE_IPV4 (org.onlab.packet.Ethernet.TYPE_IPV4)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial