Skip to content

Commit

Permalink
allow to set the name of the nftables table and implement defaulting …
Browse files Browse the repository at this point in the history 
…on the controller configuration
  • Loading branch information
@aojea
aojea committed Oct 23, 2024
1 parent 0a6bc77 commit 9b96993
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 1 deletion.
25 changes: 24 additions & 1 deletion pkg/networkpolicy/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package networkpolicy
import (
"context"
"fmt"
"os"
"time"

nfqueue "github.com/florianl/go-nfqueue"
Expand Down Expand Up @@ -67,6 +68,24 @@ type Config struct {
QueueID int
NodeName string
NetfilterBug1766Fix bool
NFTableName string // if other projects use this controllers they need to be able to use their own table name
}

func (c *Config) Defaults() error {
var err error
if c.QueueID == 0 {
c.QueueID = 100
}
if c.NodeName == "" {
c.NodeName, err = os.Hostname()
if err != nil {
return err
}
}
if c.NFTableName == "" {
c.NFTableName = "kube-network-policies"
}
return nil
}

// NewController returns a new *Controller.
Expand All @@ -80,8 +99,12 @@ func NewController(client clientset.Interface,
baselineAdminNetworkPolicyInformer policyinformers.BaselineAdminNetworkPolicyInformer,
config Config,
) (*Controller, error) {
err := config.Defaults()
if err != nil {
return nil, err
}
klog.V(2).Info("Initializing nftables")
nft, err := knftables.New(knftables.InetFamily, "kube-network-policies")
nft, err := knftables.New(knftables.InetFamily, config.NFTableName)
if err != nil {
return nil, err
}
Expand Down
69 changes: 69 additions & 0 deletions pkg/networkpolicy/controller_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package networkpolicy

import (
"testing"

v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/informers"
Expand Down Expand Up @@ -125,3 +127,70 @@ func newTestController() *networkpolicyController {
informersFactory.Core().V1().Nodes().Informer().GetStore(),
}
}

func TestConfig_Defaults(t *testing.T) {
tests := []struct {
name string
config Config
expected Config
}{
{
name: "empty",
config: Config{
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
},
expected: Config{
FailOpen: false,
AdminNetworkPolicy: false,
BaselineAdminNetworkPolicy: false,
QueueID: 100,
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
NetfilterBug1766Fix: false,
NFTableName: "kube-network-policies",
},
}, {
name: "queue id",
config: Config{
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
QueueID: 99,
},
expected: Config{
FailOpen: false,
AdminNetworkPolicy: false,
BaselineAdminNetworkPolicy: false,
QueueID: 99,
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
NetfilterBug1766Fix: false,
NFTableName: "kube-network-policies",
},
}, {
name: "table name",
config: Config{
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
QueueID: 99,
NFTableName: "kindnet-network-policies",
},
expected: Config{
FailOpen: false,
AdminNetworkPolicy: false,
BaselineAdminNetworkPolicy: false,
QueueID: 99,
NodeName: "testnode", // nodename defaults to os.Hostname so we ignore for tests
NetfilterBug1766Fix: false,
NFTableName: "kindnet-network-policies",
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := tt.config
if err := c.Defaults(); err != nil {
t.Errorf("Config.Defaults() error = %v", err)
}

if c != tt.expected {
t.Errorf("Config.Defaults() = %v, want %v", c, tt.expected)
}
})
}
}

0 comments on commit 9b96993

Please sign in to comment.