-
Notifications
You must be signed in to change notification settings - Fork 334
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add logic for processing network policy objects. This includes: - ensuring traffic is whitelisted for pods in non-isolated namespaces - ensuring a default 'drop' ACL is added for each pod in an isolated namespace - translating kubernetes network policies into a pseudo-acls representation of OVN match rules - Determining which policies apply to a pod and translating pseud-acls into actual ACLs upon pod creation - Removing all ACLs for a pod upon pod deletion - Creating and maintaining OVN address sets for the IP addresses of pods that match the from clause of network policies rules - monitoring transitions in the namespace isolation property and reacting accordingly Also, the pod watcher will keep track of pod-IP mappings. As the pod IP address is removed before the pod DELETED events, when this event occurs neither pod data nor their cached version will contain a pod IP. The pod IP is required to update the address set for the network policy upon pod deletion. As a part of this patch, the signature for the create_logical_port and delete_logical_port methods in the ovn_k8s.modes.overlay.OvnNB class has been changed to accept pod data (and pod ip for the delete method) rather than an event. Signed-off-by: Salvatore Orlando <salv.orlando@gmail.com>
- Loading branch information
1 parent
1f929ae
commit 0cf76dd
Showing
4 changed files
with
194 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters