github.com/datadog/cilium@v1.6.12/operator/cnp_event.go (about)

     1  // Copyright 2018-2019 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package main
    16  
    17  import (
    18  	"context"
    19  	"time"
    20  
    21  	"github.com/cilium/cilium/pkg/controller"
    22  	"github.com/cilium/cilium/pkg/k8s"
    23  	cilium_v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
    24  	"github.com/cilium/cilium/pkg/k8s/informer"
    25  	"github.com/cilium/cilium/pkg/metrics"
    26  	"github.com/cilium/cilium/pkg/policy/groups"
    27  
    28  	"k8s.io/api/core/v1"
    29  	"k8s.io/apimachinery/pkg/fields"
    30  	"k8s.io/apimachinery/pkg/util/runtime"
    31  	"k8s.io/apimachinery/pkg/util/wait"
    32  	"k8s.io/client-go/tools/cache"
    33  )
    34  
    35  func init() {
    36  	runtime.ErrorHandlers = []func(error){
    37  		k8s.K8sErrorHandler,
    38  	}
    39  }
    40  
    41  func enableCNPWatcher() error {
    42  	log.Info("Starting to garbage collect stale CiliumNetworkPolicy status field entries...")
    43  
    44  	_, ciliumV2Controller := informer.NewInformer(
    45  		cache.NewListWatchFromClient(k8s.CiliumClient().CiliumV2().RESTClient(),
    46  			"ciliumnetworkpolicies", v1.NamespaceAll, fields.Everything()),
    47  		&cilium_v2.CiliumNetworkPolicy{},
    48  		0,
    49  		cache.ResourceEventHandlerFuncs{
    50  			AddFunc: func(obj interface{}) {
    51  				metrics.EventTSK8s.SetToCurrentTime()
    52  				if cnp := k8s.CopyObjToV2CNP(obj); cnp != nil {
    53  					groups.AddDerivativeCNPIfNeeded(cnp.CiliumNetworkPolicy)
    54  				}
    55  			},
    56  			UpdateFunc: func(oldObj, newObj interface{}) {
    57  				metrics.EventTSK8s.SetToCurrentTime()
    58  				if oldCNP := k8s.CopyObjToV2CNP(oldObj); oldCNP != nil {
    59  					if newCNP := k8s.CopyObjToV2CNP(newObj); newCNP != nil {
    60  						if k8s.EqualV2CNP(oldCNP, newCNP) {
    61  							return
    62  						}
    63  
    64  						groups.UpdateDerivativeCNPIfNeeded(newCNP.CiliumNetworkPolicy, oldCNP.CiliumNetworkPolicy)
    65  					}
    66  				}
    67  			},
    68  			DeleteFunc: func(obj interface{}) {
    69  				metrics.EventTSK8s.SetToCurrentTime()
    70  				cnp := k8s.CopyObjToV2CNP(obj)
    71  				if cnp == nil {
    72  					deletedObj, ok := obj.(cache.DeletedFinalStateUnknown)
    73  					if !ok {
    74  						return
    75  					}
    76  					// Delete was not observed by the watcher but is
    77  					// removed from kube-apiserver. This is the last
    78  					// known state and the object no longer exists.
    79  					cnp = k8s.CopyObjToV2CNP(deletedObj.Obj)
    80  					if cnp == nil {
    81  						return
    82  					}
    83  				}
    84  				// The derivative policy will be deleted by the parent but need
    85  				// to delete the cnp from the pooling.
    86  				groups.DeleteDerivativeFromCache(cnp.CiliumNetworkPolicy)
    87  			},
    88  		},
    89  		k8s.ConvertToCNP,
    90  	)
    91  	go ciliumV2Controller.Run(wait.NeverStop)
    92  
    93  	controller.NewManager().UpdateController("cnp-to-groups",
    94  		controller.ControllerParams{
    95  			DoFunc: func(ctx context.Context) error {
    96  				groups.UpdateCNPInformation()
    97  				return nil
    98  			},
    99  			RunInterval: 5 * time.Minute,
   100  		})
   101  
   102  	return nil
   103  }