Merge "Add Network Policies Driver"

2018-07-18 05:57:29 +00:00 · 2018-07-18 05:57:29 +00:00 · f3ebf8a4ea
parent ce03cacb31 5421ce1ba5
commit f3ebf8a4ea
6 changed files with 62 additions and 3 deletions
--- a/kuryr_kubernetes/config.py
+++ b/kuryr_kubernetes/config.py
@ -112,6 +112,10 @@ k8s_opts = [
               help=_("The driver to determine OpenStack "
                      "project for namespaces"),
               default='default'),
+    cfg.StrOpt('network_policy_project_driver',
+               help=_("The driver to determine OpenStack "
+                      "project for network policies"),
+               default='default'),
    cfg.StrOpt('pod_subnets_driver',
               help=_("The driver to determine Neutron "
                      "subnets for pod ports"),
@ -169,6 +173,9 @@ k8s_opts = [
    cfg.PortOpt('controller_ha_elector_port',
                help=_('Port on which leader-elector pod is listening to.'),
                default=16401),
+    cfg.StrOpt('network_policy_driver',
+               help=_("Driver for network policies"),
+               default='default'),
 ]

 neutron_defaults = [
--- a/kuryr_kubernetes/controller/drivers/base.py
+++ b/kuryr_kubernetes/controller/drivers/base.py
@ -664,7 +664,7 @@ class NetworkPolicyDriver(DriverBase):
 class NetworkPolicyProjectDriver(DriverBase):
    """Get an OpenStack project id for K8s network policies"""

-    ALIAS = 'policy_project'
+    ALIAS = 'network_policy_project'

    @abc.abstractmethod
    def get_project(self, policy):
--- a/kuryr_kubernetes/controller/drivers/default_project.py
+++ b/kuryr_kubernetes/controller/drivers/default_project.py
@ -67,4 +67,13 @@ class DefaultNamespaceProjectDriver(base.NamespaceProjectDriver):
            raise cfg.RequiredOptError('project',
                                       cfg.OptGroup('neutron_defaults'))

+
+class DefaultNetworkPolicyProjectDriver(base.NetworkPolicyProjectDriver):
+
+    def get_project(self, policy):
+        project_id = config.CONF.neutron_defaults.project
+
+        if not project_id:
+            raise cfg.RequiredOptError('project',
+                                       cfg.OptGroup('neutron_defaults'))
        return project_id
--- a/kuryr_kubernetes/controller/drivers/network_policy.py
+++ b/kuryr_kubernetes/controller/drivers/network_policy.py
@ -0,0 +1,30 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from oslo_log import log as logging
+
+from kuryr_kubernetes.controller.drivers import base
+
+LOG = logging.getLogger(__name__)
+
+
+class NetworkPolicyDriver(base.NetworkPolicyDriver):
+    """Provides security groups actions based on K8s Network Policies"""
+
+    def ensure_network_policy(self, policy, project_id):
+        pass
+
+    def release_network_policy(self, policy, project_id):
+        pass
--- a/kuryr_kubernetes/controller/handlers/policy.py
+++ b/kuryr_kubernetes/controller/handlers/policy.py
@ -15,6 +15,7 @@
 from oslo_log import log as logging

 from kuryr_kubernetes import constants as k_const
+from kuryr_kubernetes.controller.drivers import base as drivers
 from kuryr_kubernetes.handlers import k8s_base

 LOG = logging.getLogger(__name__)
@ -28,9 +29,15 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler):

    def __init__(self):
        super(NetworkPolicyHandler, self).__init__()
+        self._drv_policy = drivers.NetworkPolicyDriver.get_instance()
+        self._drv_project = drivers.NetworkPolicyProjectDriver.get_instance()

    def on_present(self, policy):
-        LOG.debug("Received event notification on network policy: %s", policy)
+        LOG.debug("Created or updated: %s", policy)
+        project_id = self._drv_project.get_project(policy)
+        self._drv_policy.ensure_network_policy(policy, project_id)

    def on_deleted(self, policy):
-        LOG.debug("Received event notification on network policy: %s", policy)
+        LOG.debug("Deleted network policy: %s", policy)
+        project_id = self._drv_project.get_project(policy)
+        self._drv_policy.release_network_policy(policy, project_id)
--- a/setup.cfg
+++ b/setup.cfg
@ -49,6 +49,9 @@ kuryr_kubernetes.controller.drivers.service_project =
 kuryr_kubernetes.controller.drivers.namespace_project =
    default = kuryr_kubernetes.controller.drivers.default_project:DefaultNamespaceProjectDriver

+kuryr_kubernetes.controller.drivers.network_policy_project =
+    default = kuryr_kubernetes.controller.drivers.default_project:DefaultNetworkPolicyProjectDriver
+
 kuryr_kubernetes.controller.drivers.pod_subnets =
    default = kuryr_kubernetes.controller.drivers.default_subnet:DefaultPodSubnetDriver
    namespace = kuryr_kubernetes.controller.drivers.namespace_subnet:NamespacePodSubnetDriver
@ -62,6 +65,9 @@ kuryr_kubernetes.controller.drivers.pod_security_groups =
 kuryr_kubernetes.controller.drivers.service_security_groups =
    default = kuryr_kubernetes.controller.drivers.default_security_groups:DefaultServiceSecurityGroupsDriver

+kuryr_kubernetes.controller.drivers.network_policy =
+    default = kuryr_kubernetes.controller.drivers.network_policy:NetworkPolicyDriver
+
 kuryr_kubernetes.controller.drivers.pod_vif =
    neutron-vif = kuryr_kubernetes.controller.drivers.neutron_vif:NeutronPodVIFDriver
    nested-vlan = kuryr_kubernetes.controller.drivers.nested_vlan_vif:NestedVlanPodVIFDriver