github.com/kubearmor/cilium@v1.6.12/operator/cnp_event.go (about) 1 // Copyright 2018-2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package main 16 17 import ( 18 "context" 19 "time" 20 21 "github.com/cilium/cilium/pkg/controller" 22 "github.com/cilium/cilium/pkg/k8s" 23 cilium_v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2" 24 "github.com/cilium/cilium/pkg/k8s/informer" 25 "github.com/cilium/cilium/pkg/metrics" 26 "github.com/cilium/cilium/pkg/policy/groups" 27 28 "k8s.io/api/core/v1" 29 "k8s.io/apimachinery/pkg/fields" 30 "k8s.io/apimachinery/pkg/util/runtime" 31 "k8s.io/apimachinery/pkg/util/wait" 32 "k8s.io/client-go/tools/cache" 33 ) 34 35 func init() { 36 runtime.ErrorHandlers = []func(error){ 37 k8s.K8sErrorHandler, 38 } 39 } 40 41 func enableCNPWatcher() error { 42 log.Info("Starting to garbage collect stale CiliumNetworkPolicy status field entries...") 43 44 _, ciliumV2Controller := informer.NewInformer( 45 cache.NewListWatchFromClient(k8s.CiliumClient().CiliumV2().RESTClient(), 46 "ciliumnetworkpolicies", v1.NamespaceAll, fields.Everything()), 47 &cilium_v2.CiliumNetworkPolicy{}, 48 0, 49 cache.ResourceEventHandlerFuncs{ 50 AddFunc: func(obj interface{}) { 51 metrics.EventTSK8s.SetToCurrentTime() 52 if cnp := k8s.CopyObjToV2CNP(obj); cnp != nil { 53 groups.AddDerivativeCNPIfNeeded(cnp.CiliumNetworkPolicy) 54 } 55 }, 56 UpdateFunc: func(oldObj, newObj interface{}) { 57 metrics.EventTSK8s.SetToCurrentTime() 58 if oldCNP := k8s.CopyObjToV2CNP(oldObj); oldCNP != nil { 59 if newCNP := k8s.CopyObjToV2CNP(newObj); newCNP != nil { 60 if k8s.EqualV2CNP(oldCNP, newCNP) { 61 return 62 } 63 64 groups.UpdateDerivativeCNPIfNeeded(newCNP.CiliumNetworkPolicy, oldCNP.CiliumNetworkPolicy) 65 } 66 } 67 }, 68 DeleteFunc: func(obj interface{}) { 69 metrics.EventTSK8s.SetToCurrentTime() 70 cnp := k8s.CopyObjToV2CNP(obj) 71 if cnp == nil { 72 deletedObj, ok := obj.(cache.DeletedFinalStateUnknown) 73 if !ok { 74 return 75 } 76 // Delete was not observed by the watcher but is 77 // removed from kube-apiserver. This is the last 78 // known state and the object no longer exists. 79 cnp = k8s.CopyObjToV2CNP(deletedObj.Obj) 80 if cnp == nil { 81 return 82 } 83 } 84 // The derivative policy will be deleted by the parent but need 85 // to delete the cnp from the pooling. 86 groups.DeleteDerivativeFromCache(cnp.CiliumNetworkPolicy) 87 }, 88 }, 89 k8s.ConvertToCNP, 90 ) 91 go ciliumV2Controller.Run(wait.NeverStop) 92 93 controller.NewManager().UpdateController("cnp-to-groups", 94 controller.ControllerParams{ 95 DoFunc: func(ctx context.Context) error { 96 groups.UpdateCNPInformation() 97 return nil 98 }, 99 RunInterval: 5 * time.Minute, 100 }) 101 102 return nil 103 }