Merge "Create network policy handler and driver"
This commit is contained in:
commit
7a22f5a764
|
@ -16,11 +16,13 @@
|
||||||
K8S_API_BASE = '/api/v1'
|
K8S_API_BASE = '/api/v1'
|
||||||
K8S_API_NAMESPACES = K8S_API_BASE + '/namespaces'
|
K8S_API_NAMESPACES = K8S_API_BASE + '/namespaces'
|
||||||
K8S_API_CRD = '/apis/openstack.org/v1'
|
K8S_API_CRD = '/apis/openstack.org/v1'
|
||||||
|
K8S_API_POLICIES = '/apis/networking.k8s.io/v1/networkpolicies'
|
||||||
|
|
||||||
K8S_OBJ_NAMESPACE = 'Namespace'
|
K8S_OBJ_NAMESPACE = 'Namespace'
|
||||||
K8S_OBJ_POD = 'Pod'
|
K8S_OBJ_POD = 'Pod'
|
||||||
K8S_OBJ_SERVICE = 'Service'
|
K8S_OBJ_SERVICE = 'Service'
|
||||||
K8S_OBJ_ENDPOINTS = 'Endpoints'
|
K8S_OBJ_ENDPOINTS = 'Endpoints'
|
||||||
|
K8S_OBJ_POLICY = 'NetworkPolicy'
|
||||||
|
|
||||||
K8S_OBJ_KURYRNET = 'KuryrNet'
|
K8S_OBJ_KURYRNET = 'KuryrNet'
|
||||||
|
|
||||||
|
|
|
@ -616,3 +616,44 @@ class ServicePubIpDriver(DriverBase):
|
||||||
:param service_pub_ip_info: service loadbalancer IP info
|
:param service_pub_ip_info: service loadbalancer IP info
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
@six.add_metaclass(abc.ABCMeta)
|
||||||
|
class NetworkPolicyDriver(DriverBase):
|
||||||
|
"""Provide network-policy for pods"""
|
||||||
|
|
||||||
|
ALIAS = 'network_policy'
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def ensure_network_policy(self, policy, project_id):
|
||||||
|
"""Policy created or updated
|
||||||
|
|
||||||
|
:param policy: dict containing Kubernetes NP object
|
||||||
|
:param project_id: openstack project_id
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def release_network_policy(self, policy, project_id):
|
||||||
|
"""Delete a network policy
|
||||||
|
|
||||||
|
:param policy: dict containing Kubernetes NP object
|
||||||
|
:param project_id
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
||||||
|
|
||||||
|
@six.add_metaclass(abc.ABCMeta)
|
||||||
|
class NetworkPolicyProjectDriver(DriverBase):
|
||||||
|
"""Get an OpenStack project id for K8s network policies"""
|
||||||
|
|
||||||
|
ALIAS = 'policy_project'
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def get_project(self, policy):
|
||||||
|
"""Get an OpenStack project id for K8s pod ports.
|
||||||
|
|
||||||
|
:param policy: dict containing Kubernetes NP object
|
||||||
|
:returns: OpenStack project_id
|
||||||
|
"""
|
||||||
|
raise NotImplementedError()
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# Copyright 2018 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from oslo_log import log as logging
|
||||||
|
|
||||||
|
from kuryr_kubernetes import constants as k_const
|
||||||
|
from kuryr_kubernetes.handlers import k8s_base
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||||
|
"""NetworkPolicyHandler handles k8s Network Policies events"""
|
||||||
|
|
||||||
|
OBJECT_KIND = k_const.K8S_OBJ_POLICY
|
||||||
|
OBJECT_WATCH_PATH = k_const.K8S_API_POLICIES
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
super(NetworkPolicyHandler, self).__init__()
|
||||||
|
|
||||||
|
def on_present(self, policy):
|
||||||
|
LOG.debug("Received event notification on network policy: %s", policy)
|
||||||
|
|
||||||
|
def on_deleted(self, policy):
|
||||||
|
LOG.debug("Received event notification on network policy: %s", policy)
|
|
@ -83,6 +83,7 @@ kuryr_kubernetes.controller.handlers =
|
||||||
namespace = kuryr_kubernetes.controller.handlers.namespace:NamespaceHandler
|
namespace = kuryr_kubernetes.controller.handlers.namespace:NamespaceHandler
|
||||||
ingresslb = kuryr_kubernetes.controller.handlers.ingress_lbaas:IngressLoadBalancerHandler
|
ingresslb = kuryr_kubernetes.controller.handlers.ingress_lbaas:IngressLoadBalancerHandler
|
||||||
ocproute = kuryr_kubernetes.platform.ocp.controller.handlers.route:OcpRouteHandler
|
ocproute = kuryr_kubernetes.platform.ocp.controller.handlers.route:OcpRouteHandler
|
||||||
|
policy = kuryr_kubernetes.controller.handlers.policy:NetworkPolicyHandler
|
||||||
test_handler = kuryr_kubernetes.tests.unit.controller.handlers.test_fake_handler:TestHandler
|
test_handler = kuryr_kubernetes.tests.unit.controller.handlers.test_fake_handler:TestHandler
|
||||||
|
|
||||||
[files]
|
[files]
|
||||||
|
|
Loading…
Reference in New Issue