Add Network Policies Driver
This patch adds the driver skel for Network Policy Support and hooks the previously merged handler to use it. Follow up patches will provide translation between NP and Neutron security groups and driver implementation. Partially Implements: blueprint k8s-network-policies Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com> Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
This commit is contained in:
Daniel Mellado
parent
a48a49bce6
commit
5421ce1ba5
@ -112,6 +112,10 @@ k8s_opts = [
|
||||
help=_("The driver to determine OpenStack "
|
||||
"project for namespaces"),
|
||||
default='default'),
|
||||
cfg.StrOpt('network_policy_project_driver',
|
||||
help=_("The driver to determine OpenStack "
|
||||
"project for network policies"),
|
||||
default='default'),
|
||||
cfg.StrOpt('pod_subnets_driver',
|
||||
help=_("The driver to determine Neutron "
|
||||
"subnets for pod ports"),
|
||||
@ -169,6 +173,9 @@ k8s_opts = [
|
||||
cfg.PortOpt('controller_ha_elector_port',
|
||||
help=_('Port on which leader-elector pod is listening to.'),
|
||||
default=16401),
|
||||
cfg.StrOpt('network_policy_driver',
|
||||
help=_("Driver for network policies"),
|
||||
default='default'),
|
||||
]
|
||||
|
||||
neutron_defaults = [
|
||||
|
||||
@ -664,7 +664,7 @@ class NetworkPolicyDriver(DriverBase):
|
||||
class NetworkPolicyProjectDriver(DriverBase):
|
||||
"""Get an OpenStack project id for K8s network policies"""
|
||||
|
||||
ALIAS = 'policy_project'
|
||||
ALIAS = 'network_policy_project'
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_project(self, policy):
|
||||
|
||||
@ -67,4 +67,13 @@ class DefaultNamespaceProjectDriver(base.NamespaceProjectDriver):
|
||||
raise cfg.RequiredOptError('project',
|
||||
cfg.OptGroup('neutron_defaults'))
|
||||
|
||||
|
||||
class DefaultNetworkPolicyProjectDriver(base.NetworkPolicyProjectDriver):
|
||||
|
||||
def get_project(self, policy):
|
||||
project_id = config.CONF.neutron_defaults.project
|
||||
|
||||
if not project_id:
|
||||
raise cfg.RequiredOptError('project',
|
||||
cfg.OptGroup('neutron_defaults'))
|
||||
return project_id
|
||||
|
||||
30
kuryr_kubernetes/controller/drivers/network_policy.py
Normal file
30
kuryr_kubernetes/controller/drivers/network_policy.py
Normal file
@ -0,0 +1,30 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
from oslo_log import log as logging
|
||||
|
||||
from kuryr_kubernetes.controller.drivers import base
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class NetworkPolicyDriver(base.NetworkPolicyDriver):
|
||||
"""Provides security groups actions based on K8s Network Policies"""
|
||||
|
||||
def ensure_network_policy(self, policy, project_id):
|
||||
pass
|
||||
|
||||
def release_network_policy(self, policy, project_id):
|
||||
pass
|
||||
@ -15,6 +15,7 @@
|
||||
from oslo_log import log as logging
|
||||
|
||||
from kuryr_kubernetes import constants as k_const
|
||||
from kuryr_kubernetes.controller.drivers import base as drivers
|
||||
from kuryr_kubernetes.handlers import k8s_base
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
@ -28,9 +29,15 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
|
||||
|
||||
def __init__(self):
|
||||
super(NetworkPolicyHandler, self).__init__()
|
||||
self._drv_policy = drivers.NetworkPolicyDriver.get_instance()
|
||||
self._drv_project = drivers.NetworkPolicyProjectDriver.get_instance()
|
||||
|
||||
def on_present(self, policy):
|
||||
LOG.debug("Received event notification on network policy: %s", policy)
|
||||
LOG.debug("Created or updated: %s", policy)
|
||||
project_id = self._drv_project.get_project(policy)
|
||||
self._drv_policy.ensure_network_policy(policy, project_id)
|
||||
|
||||
def on_deleted(self, policy):
|
||||
LOG.debug("Received event notification on network policy: %s", policy)
|
||||
LOG.debug("Deleted network policy: %s", policy)
|
||||
project_id = self._drv_project.get_project(policy)
|
||||
self._drv_policy.release_network_policy(policy, project_id)
|
||||
|
||||
@ -49,6 +49,9 @@ kuryr_kubernetes.controller.drivers.service_project =
|
||||
kuryr_kubernetes.controller.drivers.namespace_project =
|
||||
default = kuryr_kubernetes.controller.drivers.default_project:DefaultNamespaceProjectDriver
|
||||
|
||||
kuryr_kubernetes.controller.drivers.network_policy_project =
|
||||
default = kuryr_kubernetes.controller.drivers.default_project:DefaultNetworkPolicyProjectDriver
|
||||
|
||||
kuryr_kubernetes.controller.drivers.pod_subnets =
|
||||
default = kuryr_kubernetes.controller.drivers.default_subnet:DefaultPodSubnetDriver
|
||||
namespace = kuryr_kubernetes.controller.drivers.namespace_subnet:NamespacePodSubnetDriver
|
||||
@ -62,6 +65,9 @@ kuryr_kubernetes.controller.drivers.pod_security_groups =
|
||||
kuryr_kubernetes.controller.drivers.service_security_groups =
|
||||
default = kuryr_kubernetes.controller.drivers.default_security_groups:DefaultServiceSecurityGroupsDriver
|
||||
|
||||
kuryr_kubernetes.controller.drivers.network_policy =
|
||||
default = kuryr_kubernetes.controller.drivers.network_policy:NetworkPolicyDriver
|
||||
|
||||
kuryr_kubernetes.controller.drivers.pod_vif =
|
||||
neutron-vif = kuryr_kubernetes.controller.drivers.neutron_vif:NeutronPodVIFDriver
|
||||
nested-vlan = kuryr_kubernetes.controller.drivers.nested_vlan_vif:NestedVlanPodVIFDriver
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user