diff --git a/kuryr_kubernetes/config.py b/kuryr_kubernetes/config.py index e2c42d293..fb54fdf00 100644 --- a/kuryr_kubernetes/config.py +++ b/kuryr_kubernetes/config.py @@ -112,6 +112,10 @@ k8s_opts = [ help=_("The driver to determine OpenStack " "project for namespaces"), default='default'), + cfg.StrOpt('network_policy_project_driver', + help=_("The driver to determine OpenStack " + "project for network policies"), + default='default'), cfg.StrOpt('pod_subnets_driver', help=_("The driver to determine Neutron " "subnets for pod ports"), @@ -169,6 +173,9 @@ k8s_opts = [ cfg.PortOpt('controller_ha_elector_port', help=_('Port on which leader-elector pod is listening to.'), default=16401), + cfg.StrOpt('network_policy_driver', + help=_("Driver for network policies"), + default='default'), ] neutron_defaults = [ diff --git a/kuryr_kubernetes/controller/drivers/base.py b/kuryr_kubernetes/controller/drivers/base.py index c531d8057..0c7edc949 100644 --- a/kuryr_kubernetes/controller/drivers/base.py +++ b/kuryr_kubernetes/controller/drivers/base.py @@ -664,7 +664,7 @@ class NetworkPolicyDriver(DriverBase): class NetworkPolicyProjectDriver(DriverBase): """Get an OpenStack project id for K8s network policies""" - ALIAS = 'policy_project' + ALIAS = 'network_policy_project' @abc.abstractmethod def get_project(self, policy): diff --git a/kuryr_kubernetes/controller/drivers/default_project.py b/kuryr_kubernetes/controller/drivers/default_project.py index a7744fc8c..7f2513815 100644 --- a/kuryr_kubernetes/controller/drivers/default_project.py +++ b/kuryr_kubernetes/controller/drivers/default_project.py @@ -67,4 +67,13 @@ class DefaultNamespaceProjectDriver(base.NamespaceProjectDriver): raise cfg.RequiredOptError('project', cfg.OptGroup('neutron_defaults')) + +class DefaultNetworkPolicyProjectDriver(base.NetworkPolicyProjectDriver): + + def get_project(self, policy): + project_id = config.CONF.neutron_defaults.project + + if not project_id: + raise cfg.RequiredOptError('project', + cfg.OptGroup('neutron_defaults')) return project_id diff --git a/kuryr_kubernetes/controller/drivers/network_policy.py b/kuryr_kubernetes/controller/drivers/network_policy.py new file mode 100644 index 000000000..26fa49830 --- /dev/null +++ b/kuryr_kubernetes/controller/drivers/network_policy.py @@ -0,0 +1,30 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from oslo_log import log as logging + +from kuryr_kubernetes.controller.drivers import base + +LOG = logging.getLogger(__name__) + + +class NetworkPolicyDriver(base.NetworkPolicyDriver): + """Provides security groups actions based on K8s Network Policies""" + + def ensure_network_policy(self, policy, project_id): + pass + + def release_network_policy(self, policy, project_id): + pass diff --git a/kuryr_kubernetes/controller/handlers/policy.py b/kuryr_kubernetes/controller/handlers/policy.py index 0a70a6989..7b7e5b057 100644 --- a/kuryr_kubernetes/controller/handlers/policy.py +++ b/kuryr_kubernetes/controller/handlers/policy.py @@ -15,6 +15,7 @@ from oslo_log import log as logging from kuryr_kubernetes import constants as k_const +from kuryr_kubernetes.controller.drivers import base as drivers from kuryr_kubernetes.handlers import k8s_base LOG = logging.getLogger(__name__) @@ -28,9 +29,15 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler): def __init__(self): super(NetworkPolicyHandler, self).__init__() + self._drv_policy = drivers.NetworkPolicyDriver.get_instance() + self._drv_project = drivers.NetworkPolicyProjectDriver.get_instance() def on_present(self, policy): - LOG.debug("Received event notification on network policy: %s", policy) + LOG.debug("Created or updated: %s", policy) + project_id = self._drv_project.get_project(policy) + self._drv_policy.ensure_network_policy(policy, project_id) def on_deleted(self, policy): - LOG.debug("Received event notification on network policy: %s", policy) + LOG.debug("Deleted network policy: %s", policy) + project_id = self._drv_project.get_project(policy) + self._drv_policy.release_network_policy(policy, project_id) diff --git a/setup.cfg b/setup.cfg index 557538b22..af387b7ff 100644 --- a/setup.cfg +++ b/setup.cfg @@ -49,6 +49,9 @@ kuryr_kubernetes.controller.drivers.service_project = kuryr_kubernetes.controller.drivers.namespace_project = default = kuryr_kubernetes.controller.drivers.default_project:DefaultNamespaceProjectDriver +kuryr_kubernetes.controller.drivers.network_policy_project = + default = kuryr_kubernetes.controller.drivers.default_project:DefaultNetworkPolicyProjectDriver + kuryr_kubernetes.controller.drivers.pod_subnets = default = kuryr_kubernetes.controller.drivers.default_subnet:DefaultPodSubnetDriver namespace = kuryr_kubernetes.controller.drivers.namespace_subnet:NamespacePodSubnetDriver @@ -62,6 +65,9 @@ kuryr_kubernetes.controller.drivers.pod_security_groups = kuryr_kubernetes.controller.drivers.service_security_groups = default = kuryr_kubernetes.controller.drivers.default_security_groups:DefaultServiceSecurityGroupsDriver +kuryr_kubernetes.controller.drivers.network_policy = + default = kuryr_kubernetes.controller.drivers.network_policy:NetworkPolicyDriver + kuryr_kubernetes.controller.drivers.pod_vif = neutron-vif = kuryr_kubernetes.controller.drivers.neutron_vif:NeutronPodVIFDriver nested-vlan = kuryr_kubernetes.controller.drivers.nested_vlan_vif:NestedVlanPodVIFDriver