57 lines
1.3 KiB
Go
57 lines
1.3 KiB
Go
|
package agent
|
||
|
|
|
||
|
|
import (
|
||
|
|
"net"
|
||
|
|
|
||
|
|
"code.fritzlab.net/fritzlab/flock/pkg/agent/netpol"
|
||
|
|
)
|
||
|
|
|
||
|
|
// collectLocalPods bridges the agent's allocation store + pod informer
|
||
|
|
// cache into the netpol-package input shape. It returns one Pod per
|
||
|
|
// committed allocation that has a matching pod in the informer cache;
|
||
|
|
// allocations whose pod was just deleted (DEL race) are skipped.
|
||
|
|
//
|
||
|
|
// Called on every netpol reconcile pass, so it must be cheap. The work
|
||
|
|
// here is O(allocations) and reads from in-memory maps only.
|
||
|
|
func collectLocalPods(store *Store, pods *PodCache) []netpol.Pod {
|
||
|
|
allocs := store.Snapshot()
|
||
|
|
out := make([]netpol.Pod, 0, len(allocs))
|
||
|
|
for _, a := range allocs {
|
||
|
|
if a.State != StateCommitted {
|
||
|
|
continue
|
||
|
|
}
|
||
|
|
pod, ok := pods.Get(a.Namespace, a.PodName)
|
||
|
|
if !ok {
|
||
|
|
// Pod evicted but DEL hasn't fired yet; nothing to enforce.
|
||
|
|
continue
|
||
|
|
}
|
||
|
|
ips := allocationIPs(a)
|
||
|
|
if len(ips) == 0 {
|
||
|
|
continue
|
||
|
|
}
|
||
|
|
out = append(out, netpol.Pod{
|
||
|
|
Namespace: a.Namespace,
|
||
|
|
Name: a.PodName,
|
||
|
|
Labels: pod.Labels,
|
||
|
|
HostIface: HostIfaceName(a.ContainerID),
|
||
|
|
IPs: ips,
|
||
|
|
})
|
||
|
|
}
|
||
|
|
return out
|
||
|
|
}
|
||
|
|
|
||
|
|
func allocationIPs(a Allocation) []net.IP {
|
||
|
|
var out []net.IP
|
||
|
|
if a.IP6 != "" {
|
||
|
|
if ip := net.ParseIP(a.IP6); ip != nil {
|
||
|
|
out = append(out, ip)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
if a.IP4 != "" {
|
||
|
|
if ip := net.ParseIP(a.IP4); ip != nil {
|
||
|
|
out = append(out, ip)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
return out
|
||
|
|
}
|