use of org.onosproject.k8snetworking.api.K8sNamespaceService in project onos by opennetworkinglab.
the class K8sNamespaceListCommand method doExecute.
@Override
protected void doExecute() {
K8sNamespaceService service = get(K8sNamespaceService.class);
List<Namespace> namespaces = Lists.newArrayList(service.namespaces());
namespaces.sort(Comparator.comparing(n -> n.getMetadata().getName()));
String format = genFormatString(ImmutableList.of(CLI_NAME_LENGTH, CLI_PHASE_LENGTH, CLI_LABELS_LENGTH));
if (outputJson()) {
print("%s", json(namespaces));
} else {
print(format, "Name", "Phase", "Labels");
for (Namespace namespace : namespaces) {
print(format, StringUtils.substring(namespace.getMetadata().getName(), 0, CLI_NAME_LENGTH - CLI_MARGIN_LENGTH), namespace.getStatus().getPhase(), namespace.getMetadata() != null && namespace.getMetadata().getLabels() != null && !namespace.getMetadata().getLabels().isEmpty() ? StringUtils.substring(namespace.getMetadata().getLabels().toString(), 0, CLI_LABELS_LENGTH - CLI_MARGIN_LENGTH) : "");
}
}
}
use of org.onosproject.k8snetworking.api.K8sNamespaceService in project onos by opennetworkinglab.
the class K8sNetworkPolicyHandler method setAllowRulesByPolicy.
private void setAllowRulesByPolicy(NetworkPolicy policy, boolean install) {
Map<String, Map<String, List<NetworkPolicyPort>>> white = Maps.newConcurrentMap();
int nsHash = namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace());
List<NetworkPolicyIngressRule> ingress = policy.getSpec().getIngress();
if (ingress != null && ingress.size() == 1) {
NetworkPolicyIngressRule rule = ingress.get(0);
if (rule.getFrom().size() == 0 && rule.getPorts().size() == 0) {
setAllowAllRule(nsHash, DIRECTION_INGRESS, install);
}
}
policy.getSpec().getIngress().forEach(i -> {
Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
direction.put(DIRECTION_INGRESS, i.getPorts());
i.getFrom().forEach(peer -> {
// IP block
if (peer.getIpBlock() != null) {
if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
blkDirection.put(DIRECTION_INGRESS, i.getPorts());
white.compute(peer.getIpBlock().getCidr(), (k, v) -> blkDirection);
setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_INGRESS, peer.getIpBlock().getExcept(), install);
} else {
white.compute(peer.getIpBlock().getCidr(), (k, v) -> direction);
}
}
// POD selector
Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> direction);
white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> direction);
});
// Namespace selector
setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_INGRESS, install);
});
});
List<NetworkPolicyEgressRule> egress = policy.getSpec().getEgress();
if (egress != null && egress.size() == 1) {
NetworkPolicyEgressRule rule = egress.get(0);
if (rule.getTo().size() == 0 && rule.getPorts().size() == 0) {
setAllowAllRule(nsHash, DIRECTION_EGRESS, install);
}
}
policy.getSpec().getEgress().forEach(e -> {
Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
direction.put(DIRECTION_EGRESS, e.getPorts());
e.getTo().forEach(peer -> {
// IP block
if (peer.getIpBlock() != null) {
if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
blkDirection.put(DIRECTION_EGRESS, e.getPorts());
white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
if (v != null) {
v.put(DIRECTION_EGRESS, e.getPorts());
return v;
} else {
return blkDirection;
}
});
setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_EGRESS, peer.getIpBlock().getExcept(), install);
} else {
white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
if (v != null) {
v.put(DIRECTION_EGRESS, e.getPorts());
return v;
} else {
return direction;
}
});
}
}
// POD selector
Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> {
if (n != null) {
n.put(DIRECTION_EGRESS, e.getPorts());
return n;
} else {
return direction;
}
});
white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> {
if (n != null) {
n.put(DIRECTION_EGRESS, e.getPorts());
return n;
} else {
return direction;
}
});
});
// Namespace selector
setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_EGRESS, install);
});
});
setAllowRules(namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace()), white, install);
setBlackToRouteRules(true);
}
Aggregations