36 Star 412 Fork 76

GVPrancher/rancher

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
.github
app
k8s
package
pkg
agent
api
audit
auth
catalog
cert
clustermanager
clusterprovisioninglogger
clusterrouter
configfield
controllers
management
user
alert
approuter
dnsrecord
endpoints
eventssyncer
externalservice
healthsyncer
helm
ingress
ingresshostgen
logging
namespace
networkpolicy
clusterHandler.go
clusterNetAnnHandler.go
netpol.go
nodehandler.go
nssyncer.go
pnpsyncer.go
podhandler.go
projectsyncer.go
register.go
servicehandler.go
utils.go
noderemove
nodesyncer
nslabels
pipeline
rbac
resourcequota
secret
targetworkloadservice
workload
controllers.go
dialer
dynamiclistener
embedded
encryptedstore
filter
httpproxy
hyperkube
image
k8scheck
k8slookup
k8sproxy
kubeconfig
kubectl
librke
logserver
namespace
node
nodeconfig
randomtoken
rbac
ref
remotedialer
rkecerts
rkedialerfactory
rkenodeconfigclient
rkenodeconfigserver
rkeworker
settings
systemaccount
systemtemplate
telemetry
templatecontent
ticker
tls
tunnelserver
rke-templates
scripts
server
tests
vendor
.dockerignore
.drone.yml
.gitignore
Dockerfile.dapper
LICENSE
Makefile
README.md
README_1_6.md
code-of-conduct.md
keybase.md
main.go
vendor.conf
克隆/下载
servicehandler.go 2.79 KB
一键复制 编辑 原始数据 按行查看 历史
package networkpolicy
import (
"fmt"
"sort"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/sirupsen/logrus"
corev1 "k8s.io/api/core/v1"
knetworkingv1 "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1"
)
type serviceHandler struct {
npmgr *netpolMgr
clusterLister v3.ClusterLister
clusterNamespace string
}
func (sh *serviceHandler) Sync(key string, service *corev1.Service) error {
if service == nil || service.DeletionTimestamp != nil {
return nil
}
disabled, err := isNetworkPolicyDisabled(sh.clusterNamespace, sh.clusterLister)
if err != nil {
return err
}
if disabled {
return nil
}
logrus.Debugf("serviceHandler: Sync: %+v", *service)
return sh.npmgr.nodePortsUpdateHandler(service, sh.clusterNamespace)
}
func (npmgr *netpolMgr) nodePortsUpdateHandler(service *corev1.Service, clusterNamespace string) error {
systemNamespaces, _, err := npmgr.getSystemNSInfo(clusterNamespace)
if err != nil {
return fmt.Errorf("netpolMgr: hostPortsUpdateHandler: getSystemNamespaces: err=%v", err)
}
policyName := getNodePortsPolicyName(service)
if _, ok := systemNamespaces[service.Namespace]; ok {
npmgr.delete(service.Namespace, policyName)
return nil
}
np := generateServiceNetworkPolicy(service, policyName)
hasNodePorts := false
for _, port := range service.Spec.Ports {
if port.NodePort != 0 {
tp := port.TargetPort
proto := corev1.Protocol(port.Protocol)
p := knetworkingv1.NetworkPolicyPort{
Protocol: &proto,
Port: &tp,
}
np.Spec.Ingress[0].Ports = append(np.Spec.Ingress[0].Ports, p)
hasNodePorts = true
}
}
// sort ports so it always appears in a certain order
sort.Slice(np.Spec.Ingress[0].Ports, func(i, j int) bool {
return portToString(np.Spec.Ingress[0].Ports[i]) < portToString(np.Spec.Ingress[0].Ports[j])
})
if hasNodePorts {
logrus.Debugf("netpolMgr: nodePortsUpdateHandler: service=%+v has node ports, hence programming np=%+v", *service, *np)
return npmgr.program(np)
}
return nil
}
func getNodePortsPolicyName(service *corev1.Service) string {
return "np-" + service.Name
}
func generateServiceNetworkPolicy(service *corev1.Service, policyName string) *knetworkingv1.NetworkPolicy {
np := &knetworkingv1.NetworkPolicy{
ObjectMeta: v1.ObjectMeta{
Name: policyName,
Namespace: service.Namespace,
OwnerReferences: []v1.OwnerReference{
{
APIVersion: "v1",
Kind: "Service",
UID: service.UID,
Name: service.Name,
},
},
},
Spec: knetworkingv1.NetworkPolicySpec{
PodSelector: v1.LabelSelector{
MatchLabels: service.Spec.Selector,
},
Ingress: []knetworkingv1.NetworkPolicyIngressRule{
{
From: []knetworkingv1.NetworkPolicyPeer{},
Ports: []knetworkingv1.NetworkPolicyPort{},
},
},
},
}
return np
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/rancher/rancher.git
git@gitee.com:rancher/rancher.git
rancher
rancher
rancher
v2.0.7-rc6

搜索帮助