Example 1 with K8sNamespaceService
use of org.onosproject.k8snetworking.api.K8sNamespaceService in project onos by opennetworkinglab.
the class K8sNamespaceListCommand method doExecute.
@Override
protected void doExecute() {
K8sNamespaceService service = get(K8sNamespaceService.class);
List<Namespace> namespaces = Lists.newArrayList(service.namespaces());
namespaces.sort(Comparator.comparing(n -> n.getMetadata().getName()));
String format = genFormatString(ImmutableList.of(CLI_NAME_LENGTH, CLI_PHASE_LENGTH, CLI_LABELS_LENGTH));
if (outputJson()) {
print("%s", json(namespaces));
} else {
print(format, "Name", "Phase", "Labels");
for (Namespace namespace : namespaces) {
print(format, StringUtils.substring(namespace.getMetadata().getName(), 0, CLI_NAME_LENGTH - CLI_MARGIN_LENGTH), namespace.getStatus().getPhase(), namespace.getMetadata() != null && namespace.getMetadata().getLabels() != null && !namespace.getMetadata().getLabels().isEmpty() ? StringUtils.substring(namespace.getMetadata().getLabels().toString(), 0, CLI_LABELS_LENGTH - CLI_MARGIN_LENGTH) : "");
}
}
}
Also used :
StringUtils(org.apache.commons.lang.StringUtils)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
IOException(java.io.IOException)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
K8sNamespaceService(org.onosproject.k8snetworking.api.K8sNamespaceService)
Command(org.apache.karaf.shell.api.action.Command)
CLI_NAME_LENGTH(org.onosproject.k8snetworking.api.Constants.CLI_NAME_LENGTH)
K8sNetworkingUtil.genFormatString(org.onosproject.k8snetworking.util.K8sNetworkingUtil.genFormatString)
ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode)
AbstractShellCommand(org.onosproject.cli.AbstractShellCommand)
List(java.util.List)
CLI_PHASE_LENGTH(org.onosproject.k8snetworking.api.Constants.CLI_PHASE_LENGTH)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
Namespace(io.fabric8.kubernetes.api.model.Namespace)
Serialization(io.fabric8.kubernetes.client.utils.Serialization)
K8sNetworkingUtil.prettyJson(org.onosproject.k8snetworking.util.K8sNetworkingUtil.prettyJson)
CLI_LABELS_LENGTH(org.onosproject.k8snetworking.api.Constants.CLI_LABELS_LENGTH)
CLI_MARGIN_LENGTH(org.onosproject.k8snetworking.api.Constants.CLI_MARGIN_LENGTH)
Comparator(java.util.Comparator)
K8sNamespaceService(org.onosproject.k8snetworking.api.K8sNamespaceService)
K8sNetworkingUtil.genFormatString(org.onosproject.k8snetworking.util.K8sNetworkingUtil.genFormatString)
Namespace(io.fabric8.kubernetes.api.model.Namespace)
Example 2 with K8sNamespaceService
use of org.onosproject.k8snetworking.api.K8sNamespaceService in project onos by opennetworkinglab.
the class K8sNetworkPolicyHandler method setAllowRulesByPolicy.
private void setAllowRulesByPolicy(NetworkPolicy policy, boolean install) {
Map<String, Map<String, List<NetworkPolicyPort>>> white = Maps.newConcurrentMap();
int nsHash = namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace());
List<NetworkPolicyIngressRule> ingress = policy.getSpec().getIngress();
if (ingress != null && ingress.size() == 1) {
NetworkPolicyIngressRule rule = ingress.get(0);
if (rule.getFrom().size() == 0 && rule.getPorts().size() == 0) {
setAllowAllRule(nsHash, DIRECTION_INGRESS, install);
}
}
policy.getSpec().getIngress().forEach(i -> {
Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
direction.put(DIRECTION_INGRESS, i.getPorts());
i.getFrom().forEach(peer -> {
// IP block
if (peer.getIpBlock() != null) {
if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
blkDirection.put(DIRECTION_INGRESS, i.getPorts());
white.compute(peer.getIpBlock().getCidr(), (k, v) -> blkDirection);
setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_INGRESS, peer.getIpBlock().getExcept(), install);
} else {
white.compute(peer.getIpBlock().getCidr(), (k, v) -> direction);
}
}
// POD selector
Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> direction);
white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> direction);
});
// Namespace selector
setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_INGRESS, install);
});
});
List<NetworkPolicyEgressRule> egress = policy.getSpec().getEgress();
if (egress != null && egress.size() == 1) {
NetworkPolicyEgressRule rule = egress.get(0);
if (rule.getTo().size() == 0 && rule.getPorts().size() == 0) {
setAllowAllRule(nsHash, DIRECTION_EGRESS, install);
}
}
policy.getSpec().getEgress().forEach(e -> {
Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
direction.put(DIRECTION_EGRESS, e.getPorts());
e.getTo().forEach(peer -> {
// IP block
if (peer.getIpBlock() != null) {
if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
blkDirection.put(DIRECTION_EGRESS, e.getPorts());
white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
if (v != null) {
v.put(DIRECTION_EGRESS, e.getPorts());
return v;
} else {
return blkDirection;
}
});
setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_EGRESS, peer.getIpBlock().getExcept(), install);
} else {
white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
if (v != null) {
v.put(DIRECTION_EGRESS, e.getPorts());
return v;
} else {
return direction;
}
});
}
}
// POD selector
Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> {
if (n != null) {
n.put(DIRECTION_EGRESS, e.getPorts());
return n;
} else {
return direction;
}
});
white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> {
if (n != null) {
n.put(DIRECTION_EGRESS, e.getPorts());
return n;
} else {
return direction;
}
});
});
// Namespace selector
setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_EGRESS, install);
});
});
setAllowRules(namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace()), white, install);
setBlackToRouteRules(true);
}
Also used :
ACL_INGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_WHITE_TABLE)
K8sNetworkingUtil.shiftIpDomain(org.onosproject.k8snetworking.util.K8sNetworkingUtil.shiftIpDomain)
CoreService(org.onosproject.core.CoreService)
DeviceService(org.onosproject.net.device.DeviceService)
Tools.groupedThreads(org.onlab.util.Tools.groupedThreads)
PRIORITY_NAMESPACE_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_NAMESPACE_RULE)
NAMESPACE_TABLE(org.onosproject.k8snetworking.api.Constants.NAMESPACE_TABLE)
PRIORITY_CIDR_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_CIDR_RULE)
DriverService(org.onosproject.net.driver.DriverService)
DefaultTrafficTreatment(org.onosproject.net.flow.DefaultTrafficTreatment)
K8sNetworkPolicyEvent(org.onosproject.k8snetworking.api.K8sNetworkPolicyEvent)
DEFAULT_METADATA_MASK(org.onosproject.k8snetworking.api.Constants.DEFAULT_METADATA_MASK)
NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)
StorageService(org.onosproject.store.service.StorageService)
ROUTING_TABLE(org.onosproject.k8snetworking.api.Constants.ROUTING_TABLE)
DEFAULT_SEGMENT_ID(org.onosproject.k8snetworking.api.Constants.DEFAULT_SEGMENT_ID)
DEFAULT_NAMESPACE_HASH(org.onosproject.k8snetworking.api.Constants.DEFAULT_NAMESPACE_HASH)
Map(java.util.Map)
SERVICE_IP_CIDR_DEFAULT(org.onosproject.k8snetworking.impl.OsgiPropertyConstants.SERVICE_IP_CIDR_DEFAULT)
ApplicationId(org.onosproject.core.ApplicationId)
K8sPodService(org.onosproject.k8snetworking.api.K8sPodService)
K8sServiceEvent(org.onosproject.k8snetworking.api.K8sServiceEvent)
TYPE_IPV4(org.onlab.packet.Ethernet.TYPE_IPV4)
K8sPodListener(org.onosproject.k8snetworking.api.K8sPodListener)
ACL_EGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_BLACK_TABLE)
NodeId(org.onosproject.cluster.NodeId)
ImmutableSet(com.google.common.collect.ImmutableSet)
K8sNetworkingUtil.namespaceHashByPodIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByPodIp)
Deactivate(org.osgi.service.component.annotations.Deactivate)
K8sNetworkingUtil.namespaceHashByServiceIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByServiceIp)
ACL_INGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_BLACK_TABLE)
Set(java.util.Set)
K8sFlowRuleService(org.onosproject.k8snetworking.api.K8sFlowRuleService)
Executors.newSingleThreadExecutor(java.util.concurrent.Executors.newSingleThreadExecutor)
Sets(com.google.common.collect.Sets)
Objects(java.util.Objects)
List(java.util.List)
Namespace(io.fabric8.kubernetes.api.model.Namespace)
K8sNetworkPolicyService(org.onosproject.k8snetworking.api.K8sNetworkPolicyService)
ClusterService(org.onosproject.cluster.ClusterService)
LabelSelectorRequirement(io.fabric8.kubernetes.api.model.LabelSelectorRequirement)
IpPrefix(org.onlab.packet.IpPrefix)
ACL_EGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_WHITE_TABLE)
K8sServiceService(org.onosproject.k8snetworking.api.K8sServiceService)
ACL_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_TABLE)
GROUPING_TABLE(org.onosproject.k8snetworking.api.Constants.GROUPING_TABLE)
K8sNetworkService(org.onosproject.k8snetworking.api.K8sNetworkService)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule)
K8sNamespaceListener(org.onosproject.k8snetworking.api.K8sNamespaceListener)
Component(org.osgi.service.component.annotations.Component)
TrafficSelector(org.onosproject.net.flow.TrafficSelector)
K8sNamespaceEvent(org.onosproject.k8snetworking.api.K8sNamespaceEvent)
NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort)
K8sServiceListener(org.onosproject.k8snetworking.api.K8sServiceListener)
Activate(org.osgi.service.component.annotations.Activate)
Service(io.fabric8.kubernetes.api.model.Service)
DefaultTrafficSelector(org.onosproject.net.flow.DefaultTrafficSelector)
ExecutorService(java.util.concurrent.ExecutorService)
K8S_NETWORKING_APP_ID(org.onosproject.k8snetworking.api.Constants.K8S_NETWORKING_APP_ID)
IpAddress(org.onlab.packet.IpAddress)
TpPort(org.onlab.packet.TpPort)
ComponentConfigService(org.onosproject.cfg.ComponentConfigService)
TrafficTreatment(org.onosproject.net.flow.TrafficTreatment)
Logger(org.slf4j.Logger)
SHIFTED_IP_PREFIX(org.onosproject.k8snetworking.api.Constants.SHIFTED_IP_PREFIX)
Pod(io.fabric8.kubernetes.api.model.Pod)
Maps(com.google.common.collect.Maps)
K8sNamespaceService(org.onosproject.k8snetworking.api.K8sNamespaceService)
K8sNetworkPolicyListener(org.onosproject.k8snetworking.api.K8sNetworkPolicyListener)
ReferenceCardinality(org.osgi.service.component.annotations.ReferenceCardinality)
IPv4(org.onlab.packet.IPv4)
DEFAULT_SERVICE_IP_NONE(org.onosproject.k8snetworking.api.Constants.DEFAULT_SERVICE_IP_NONE)
NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)
LoggerFactory.getLogger(org.slf4j.LoggerFactory.getLogger)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
K8sNetworkingUtil.namespaceHashByNamespace(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByNamespace)
K8sPodEvent(org.onosproject.k8snetworking.api.K8sPodEvent)
K8sNodeService(org.onosproject.k8snode.api.K8sNodeService)
Reference(org.osgi.service.component.annotations.Reference)
LeadershipService(org.onosproject.cluster.LeadershipService)
NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort)
Pod(io.fabric8.kubernetes.api.model.Pod)
NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule)
NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)
List(java.util.List)
Map(java.util.Map)
Aggregations
Namespace (io.fabric8.kubernetes.api.model.Namespace)2
List (java.util.List)2
K8sNamespaceService (org.onosproject.k8snetworking.api.K8sNamespaceService)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Lists (com.google.common.collect.Lists)1
Maps (com.google.common.collect.Maps)1
Sets (com.google.common.collect.Sets)1
LabelSelectorRequirement (io.fabric8.kubernetes.api.model.LabelSelectorRequirement)1
Pod (io.fabric8.kubernetes.api.model.Pod)1
Service (io.fabric8.kubernetes.api.model.Service)1
NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)1
NetworkPolicyEgressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule)1
NetworkPolicyIngressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)1
NetworkPolicyPeer (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)1
NetworkPolicyPort (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort)1
Serialization (io.fabric8.kubernetes.client.utils.Serialization)1
