github.com/cilium/cilium@v1.16.2/pkg/policy/k8s/network_policy.go

github.com/cilium/cilium@v1.16.2/pkg/policy/k8s/network_policy.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package k8s
     5  
     6  import (
     7  	"github.com/sirupsen/logrus"
     8  
     9  	ipcacheTypes "github.com/cilium/cilium/pkg/ipcache/types"
    10  	"github.com/cilium/cilium/pkg/k8s"
    11  	slim_networkingv1 "github.com/cilium/cilium/pkg/k8s/slim/k8s/api/networking/v1"
    12  	"github.com/cilium/cilium/pkg/logging/logfields"
    13  	"github.com/cilium/cilium/pkg/metrics"
    14  	"github.com/cilium/cilium/pkg/policy"
    15  	"github.com/cilium/cilium/pkg/source"
    16  )
    17  
    18  func (p *policyWatcher) addK8sNetworkPolicyV1(k8sNP *slim_networkingv1.NetworkPolicy, apiGroup string) error {
    19  	defer func() {
    20  		p.k8sResourceSynced.SetEventTimestamp(apiGroup)
    21  	}()
    22  
    23  	scopedLog := p.log.WithField(logfields.K8sAPIVersion, k8sNP.TypeMeta.APIVersion)
    24  	rules, err := k8s.ParseNetworkPolicy(k8sNP)
    25  	if err != nil {
    26  		metrics.PolicyChangeTotal.WithLabelValues(metrics.LabelValueOutcomeFail).Inc()
    27  		scopedLog.WithError(err).WithFields(logrus.Fields{
    28  			logfields.CiliumNetworkPolicy: logfields.Repr(k8sNP),
    29  		}).Error("Error while parsing k8s kubernetes NetworkPolicy")
    30  		return err
    31  	}
    32  	scopedLog = scopedLog.WithField(logfields.K8sNetworkPolicyName, k8sNP.ObjectMeta.Name)
    33  
    34  	opts := policy.AddOptions{
    35  		Source: source.Kubernetes,
    36  		Resource: ipcacheTypes.NewResourceID(
    37  			ipcacheTypes.ResourceKindNetpol,
    38  			k8sNP.ObjectMeta.Namespace,
    39  			k8sNP.ObjectMeta.Name,
    40  		),
    41  		ReplaceByResource: true,
    42  	}
    43  	if _, err := p.policyManager.PolicyAdd(rules, &opts); err != nil {
    44  		metrics.PolicyChangeTotal.WithLabelValues(metrics.LabelValueOutcomeFail).Inc()
    45  		scopedLog.WithError(err).WithFields(logrus.Fields{
    46  			logfields.CiliumNetworkPolicy: logfields.Repr(rules),
    47  		}).Error("Unable to add NetworkPolicy rules to policy repository")
    48  		return err
    49  	}
    50  
    51  	metrics.PolicyChangeTotal.WithLabelValues(metrics.LabelValueOutcomeSuccess).Inc()
    52  	scopedLog.Info("NetworkPolicy successfully added")
    53  	return nil
    54  }
    55  
    56  func (p *policyWatcher) deleteK8sNetworkPolicyV1(k8sNP *slim_networkingv1.NetworkPolicy, apiGroup string) error {
    57  	defer func() {
    58  		p.k8sResourceSynced.SetEventTimestamp(apiGroup)
    59  	}()
    60  
    61  	labels := k8s.GetPolicyLabelsv1(k8sNP)
    62  
    63  	if labels == nil {
    64  		p.log.Fatalf("provided v1 NetworkPolicy is nil, so cannot delete it")
    65  	}
    66  
    67  	scopedLog := p.log.WithFields(logrus.Fields{
    68  		logfields.K8sNetworkPolicyName: k8sNP.ObjectMeta.Name,
    69  		logfields.K8sNamespace:         k8sNP.ObjectMeta.Namespace,
    70  		logfields.K8sAPIVersion:        k8sNP.TypeMeta.APIVersion,
    71  		logfields.Labels:               logfields.Repr(labels),
    72  	})
    73  	if _, err := p.policyManager.PolicyDelete(nil, &policy.DeleteOptions{
    74  		Source:           source.Kubernetes,
    75  		DeleteByResource: true,
    76  		Resource: ipcacheTypes.NewResourceID(
    77  			ipcacheTypes.ResourceKindNetpol,
    78  			k8sNP.ObjectMeta.Namespace,
    79  			k8sNP.ObjectMeta.Name,
    80  		),
    81  	}); err != nil {
    82  		metrics.PolicyChangeTotal.WithLabelValues(metrics.LabelValueOutcomeFail).Inc()
    83  		scopedLog.WithError(err).Error("Error while deleting k8s NetworkPolicy")
    84  		return err
    85  	}
    86  
    87  	metrics.PolicyChangeTotal.WithLabelValues(metrics.LabelValueOutcomeSuccess).Inc()
    88  	scopedLog.Info("NetworkPolicy successfully removed")
    89  	return nil
    90  }