mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-19 01:40:13 +00:00
99 lines
3.1 KiB
Go
99 lines
3.1 KiB
Go
/*
|
|
Copyright 2020 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package netpol
|
|
|
|
import (
|
|
networkingv1 "k8s.io/api/networking/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
type SetFunc func(policy *networkingv1.NetworkPolicy)
|
|
|
|
func GenNetworkPolicy(fn ...SetFunc) *networkingv1.NetworkPolicy {
|
|
policy := &networkingv1.NetworkPolicy{}
|
|
for _, f := range fn {
|
|
f(policy)
|
|
}
|
|
return policy
|
|
}
|
|
|
|
func GenNetworkPolicyWithNameAndPodMatchLabel(name string, targetLabels map[string]string, otherFunc ...SetFunc) *networkingv1.NetworkPolicy {
|
|
otherFunc = append(otherFunc, SetObjectMetaName(name), SetSpecPodSelectorMatchLabels(targetLabels))
|
|
return GenNetworkPolicy(otherFunc...)
|
|
}
|
|
|
|
func GenNetworkPolicyWithNameAndPodSelector(name string, targetSelector metav1.LabelSelector, otherFunc ...SetFunc) *networkingv1.NetworkPolicy {
|
|
otherFunc = append(otherFunc, SetObjectMetaName(name), SetSpecPodSelector(targetSelector))
|
|
return GenNetworkPolicy(otherFunc...)
|
|
}
|
|
|
|
func SetObjectMetaName(name string) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
policy.ObjectMeta.Name = name
|
|
}
|
|
}
|
|
|
|
func SetGenerateName(name string) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
policy.ObjectMeta.GenerateName = name
|
|
}
|
|
}
|
|
|
|
func SetObjectMetaLabel(targetLabels map[string]string) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
policy.ObjectMeta.Labels = targetLabels
|
|
}
|
|
}
|
|
|
|
func SetSpecPodSelector(targetSelector metav1.LabelSelector) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
policy.Spec.PodSelector = targetSelector
|
|
}
|
|
}
|
|
|
|
func SetSpecPodSelectorMatchLabels(targetLabels map[string]string) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
policy.Spec.PodSelector = metav1.LabelSelector{
|
|
MatchLabels: targetLabels,
|
|
}
|
|
}
|
|
}
|
|
|
|
func SetSpecIngressRules(rules ...networkingv1.NetworkPolicyIngressRule) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
if policy.Spec.Ingress == nil {
|
|
policy.Spec.Ingress = []networkingv1.NetworkPolicyIngressRule{}
|
|
policy.Spec.PolicyTypes = append(policy.Spec.PolicyTypes, networkingv1.PolicyTypeIngress)
|
|
}
|
|
for _, rule := range rules {
|
|
policy.Spec.Ingress = append(policy.Spec.Ingress, rule)
|
|
}
|
|
}
|
|
}
|
|
|
|
func SetSpecEgressRules(rules ...networkingv1.NetworkPolicyEgressRule) SetFunc {
|
|
return func(policy *networkingv1.NetworkPolicy) {
|
|
if policy.Spec.Egress == nil {
|
|
policy.Spec.Egress = []networkingv1.NetworkPolicyEgressRule{}
|
|
policy.Spec.PolicyTypes = append(policy.Spec.PolicyTypes, networkingv1.PolicyTypeEgress)
|
|
}
|
|
for _, rule := range rules {
|
|
policy.Spec.Egress = append(policy.Spec.Egress, rule)
|
|
}
|
|
}
|
|
}
|