Merge "Create network policy handler and driver"
This commit is contained in:
commit
7a22f5a764
|
@ -16,11 +16,13 @@
|
|||
K8S_API_BASE = '/api/v1'
|
||||
K8S_API_NAMESPACES = K8S_API_BASE + '/namespaces'
|
||||
K8S_API_CRD = '/apis/openstack.org/v1'
|
||||
K8S_API_POLICIES = '/apis/networking.k8s.io/v1/networkpolicies'
|
||||
|
||||
K8S_OBJ_NAMESPACE = 'Namespace'
|
||||
K8S_OBJ_POD = 'Pod'
|
||||
K8S_OBJ_SERVICE = 'Service'
|
||||
K8S_OBJ_ENDPOINTS = 'Endpoints'
|
||||
K8S_OBJ_POLICY = 'NetworkPolicy'
|
||||
|
||||
K8S_OBJ_KURYRNET = 'KuryrNet'
|
||||
|
||||
|
|
|
@ -616,3 +616,44 @@ class ServicePubIpDriver(DriverBase):
|
|||
:param service_pub_ip_info: service loadbalancer IP info
|
||||
|
||||
"""
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class NetworkPolicyDriver(DriverBase):
|
||||
"""Provide network-policy for pods"""
|
||||
|
||||
ALIAS = 'network_policy'
|
||||
|
||||
@abc.abstractmethod
|
||||
def ensure_network_policy(self, policy, project_id):
|
||||
"""Policy created or updated
|
||||
|
||||
:param policy: dict containing Kubernetes NP object
|
||||
:param project_id: openstack project_id
|
||||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
@abc.abstractmethod
|
||||
def release_network_policy(self, policy, project_id):
|
||||
"""Delete a network policy
|
||||
|
||||
:param policy: dict containing Kubernetes NP object
|
||||
:param project_id
|
||||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class NetworkPolicyProjectDriver(DriverBase):
|
||||
"""Get an OpenStack project id for K8s network policies"""
|
||||
|
||||
ALIAS = 'policy_project'
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project(self, policy):
|
||||
"""Get an OpenStack project id for K8s pod ports.
|
||||
|
||||
:param policy: dict containing Kubernetes NP object
|
||||
:returns: OpenStack project_id
|
||||
"""
|
||||
raise NotImplementedError()
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
from kuryr_kubernetes import constants as k_const
|
||||
from kuryr_kubernetes.handlers import k8s_base
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||
"""NetworkPolicyHandler handles k8s Network Policies events"""
|
||||
|
||||
OBJECT_KIND = k_const.K8S_OBJ_POLICY
|
||||
OBJECT_WATCH_PATH = k_const.K8S_API_POLICIES
|
||||
|
||||
def __init__(self):
|
||||
super(NetworkPolicyHandler, self).__init__()
|
||||
|
||||
def on_present(self, policy):
|
||||
LOG.debug("Received event notification on network policy: %s", policy)
|
||||
|
||||
def on_deleted(self, policy):
|
||||
LOG.debug("Received event notification on network policy: %s", policy)
|
|
@ -83,6 +83,7 @@ kuryr_kubernetes.controller.handlers =
|
|||
namespace = kuryr_kubernetes.controller.handlers.namespace:NamespaceHandler
|
||||
ingresslb = kuryr_kubernetes.controller.handlers.ingress_lbaas:IngressLoadBalancerHandler
|
||||
ocproute = kuryr_kubernetes.platform.ocp.controller.handlers.route:OcpRouteHandler
|
||||
policy = kuryr_kubernetes.controller.handlers.policy:NetworkPolicyHandler
|
||||
test_handler = kuryr_kubernetes.tests.unit.controller.handlers.test_fake_handler:TestHandler
|
||||
|
||||
[files]
|
||||
|
|
Loading…
Reference in New Issue