代码拉取完成,页面将自动刷新
package networkpolicy
import (
"fmt"
"github.com/rancher/norman/types/convert"
"github.com/rancher/rancher/pkg/controllers/user/nodesyncer"
"github.com/rancher/types/apis/core/v1"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/config"
"github.com/sirupsen/logrus"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
type clusterHandler struct {
cluster *config.UserContext
pnpLister v3.ProjectNetworkPolicyLister
podLister v1.PodLister
serviceLister v1.ServiceLister
pLister v3.ProjectLister
clusters v3.ClusterInterface
pnps v3.ProjectNetworkPolicyInterface
npmgr *netpolMgr
clusterNamespace string
}
/*
clusterHandler enqueues resources for creating/deleting network policies
based on cluster.Annotations[netPolAnnotation] and sets status if successful
*/
func (ch *clusterHandler) Sync(key string, cluster *v3.Cluster) error {
if cluster == nil || cluster.DeletionTimestamp != nil ||
cluster.Name != ch.clusterNamespace ||
!v3.ClusterConditionReady.IsTrue(cluster) {
return nil
}
if cluster.Spec.EnableNetworkPolicy == nil {
return nil
}
toEnable := convert.ToBool(cluster.Annotations[netPolAnnotation])
if cluster.Status.AppliedEnableNetworkPolicy == toEnable {
return nil
}
if toEnable != *cluster.Spec.EnableNetworkPolicy {
// allow clusterNetAnnHandler to update first
return nil
}
var err error
if toEnable {
logrus.Infof("clusterHandler: calling sync to create network policies for cluster %v", cluster.Name)
err = ch.createNetworkPolicies(cluster)
} else {
logrus.Infof("clusterHandler: deleting network policies for cluster %s", cluster.Name)
err = ch.deleteNetworkPolicies(cluster)
}
if err != nil {
return err
}
cluster.Status.AppliedEnableNetworkPolicy = toEnable
_, err = ch.clusters.Update(cluster)
if err != nil {
return err
}
return nil
}
func (ch *clusterHandler) createNetworkPolicies(cluster *v3.Cluster) error {
projects, err := ch.pLister.List(cluster.Name, labels.NewSelector())
if err != nil {
return fmt.Errorf("projectLister: %v", err)
}
for _, project := range projects {
ch.npmgr.projects.Controller().Enqueue(project.Namespace, project.Name)
}
systemNamespaces, _, err := ch.npmgr.getSystemNSInfo(cluster.Name)
if err != nil {
return fmt.Errorf("systemNS: %v", err)
}
//hostPort
pods, err := ch.podLister.List("", labels.NewSelector())
if err != nil {
return fmt.Errorf("podLister: %v", err)
}
for _, pod := range pods {
if systemNamespaces[pod.Namespace] {
continue
}
if hostPortPod(pod) {
ch.cluster.Core.Pods("").Controller().Enqueue(pod.Namespace, pod.Name)
}
}
// nodePort
svcs, err := ch.serviceLister.List("", labels.NewSelector())
if err != nil {
return err
}
for _, svc := range svcs {
if systemNamespaces[svc.Namespace] {
continue
}
if nodePortService(svc) {
ch.cluster.Core.Services("").Controller().Enqueue(svc.Namespace, svc.Name)
}
}
ch.cluster.Management.Management.Nodes(ch.cluster.ClusterName).Controller().Enqueue(
cluster.ClusterName, fmt.Sprintf("%s/%s", ch.cluster.ClusterName, nodesyncer.AllNodeKey))
return nil
//skipping nssyncer, projectSyncer + nodehandler would result into handling nssyncer as well
}
func (ch *clusterHandler) deleteNetworkPolicies(cluster *v3.Cluster) error {
nps, err := ch.npmgr.npLister.List("", labels.NewSelector())
if err != nil {
return fmt.Errorf("npLister: %v", err)
}
for _, np := range nps {
if err := ch.npmgr.delete(np.Namespace, np.Name); err != nil {
return fmt.Errorf("npDelete: %v", err)
}
}
projects, err := ch.pLister.List(cluster.Name, labels.NewSelector())
if err != nil {
return fmt.Errorf("projectLister: %v", err)
}
for _, project := range projects {
pnps, err := ch.pnpLister.List(project.Name, labels.NewSelector())
if err != nil {
return fmt.Errorf("pnpLister: %v", err)
}
for _, pnp := range pnps {
err := ch.pnps.DeleteNamespaced(pnp.Namespace, pnp.Name, &metav1.DeleteOptions{})
if err != nil {
return fmt.Errorf("pnpDelete: %v", err)
}
}
}
return nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。