cilium: github.com/cilium/cilium/pkg/k8s Index | Files | Directories

package k8s

import "github.com/cilium/cilium/pkg/k8s"

Package k8s abstracts all Kubernetes specific behaviour

Package k8s abstracts all Kubernetes specific behaviour

Package k8s contains all k8s related logic. +groupName=pkg

Package k8s abstracts all Kubernetes specific behaviour

Index

Package Files

annotate.go ccnpstatus.go client.go cnp.go cnpstatus.go config.go const.go doc.go endpoints.go error_helpers.go factory_functions.go init.go json_patch.go labels.go logfields.go network_policy.go node.go rule_translate.go service.go service_cache.go zz_generated.deepcopy.go

Constants

const (
    // BackOffLoopTimeout is the default duration when trying to reach the
    // kube-apiserver.
    BackOffLoopTimeout = 2 * time.Minute

    // EnvNodeNameSpec is the environment label used by Kubernetes to
    // specify the node's name.
    EnvNodeNameSpec = "K8S_NODE_NAME"
)
const (
    // AnnotationIstioSidecarStatus is the annotation added by Istio into a pod
    // when it is injected with a sidecar proxy.
    // Since Istio 0.5.0, the value of this annotation is a serialized JSON object
    // with the following structure ("imagePullSecrets" was added in Istio 0.8.0):
    //
    //     {
    //         "version": "0213afe1274259d2f23feb4820ad2f8eb8609b84a5538e5f51f711545b6bde88",
    //         "initContainers": ["sleep", "istio-init"],
    //         "containers": ["istio-proxy"],
    //         "volumes": ["cilium-unix-sock-dir", "istio-envoy", "istio-certs"],
    //         "imagePullSecrets": null
    //     }
    AnnotationIstioSidecarStatus = "sidecar.istio.io/status"

    // DefaultSidecarIstioProxyImageRegexp is the default regexp compiled into
    // SidecarIstioProxyImageRegexp.
    DefaultSidecarIstioProxyImageRegexp = "cilium/istio_proxy"
)
const (
    // maximum number of operations a single json patch may contain.
    // See https://github.com/kubernetes/kubernetes/pull/74000
    MaxJSONPatchOperations = 10000
)

Variables

var CCNPStatusesPath = path.Join(kvstore.BaseKeyPrefix, "state", "ccnpstatuses", "v2")
var CNPStatusesPath = path.Join(kvstore.BaseKeyPrefix, "state", "cnpstatuses", "v2")

CNPStatusesPath is the prefix in the kvstore which will contain all keys representing CNPStatus state for all nodes in the cluster.

var (
    // ErrNilNode is returned when the Kubernetes API server has returned a nil node
    ErrNilNode = goerrors.New("API server returned nil node")
)
var (
    // SidecarIstioProxyImageRegexp is the regular expression matching
    // compatible Istio sidecar istio-proxy container image names.
    // This is set by the "sidecar-istio-proxy-image" configuration flag.
    SidecarIstioProxyImageRegexp = regexp.MustCompile(DefaultSidecarIstioProxyImageRegexp)
)

func AnnotationsEqual Uses

func AnnotationsEqual(relevantAnnotations []string, anno1, anno2 map[string]string) bool

AnnotationsEqual returns whether the annotation with any key in relevantAnnotations is equal in anno1 and anno2.

func Configure Uses

func Configure(apiServerURL, kubeconfigPath string, qps float32, burst int)

Configure sets the parameters of the Kubernetes package

func ConvertToCCNP Uses

func ConvertToCCNP(obj interface{}) interface{}

ConvertToCCNP converts a *cilium_v2.CiliumClusterwideNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumClusterwideNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given CNP as empty.

func ConvertToCCNPWithStatus Uses

func ConvertToCCNPWithStatus(obj interface{}) interface{}

ConvertToCCNPWithStatus converts a *cilium_v2.CiliumClusterwideNetworkPolicy into *types.SlimCNP or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumClusterwideNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToCNP Uses

func ConvertToCNP(obj interface{}) interface{}

ConvertToCNP converts a *cilium_v2.CiliumNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given CNP as empty.

func ConvertToCNPWithStatus Uses

func ConvertToCNPWithStatus(obj interface{}) interface{}

ConvertToCNPWithStatus converts a *cilium_v2.CiliumNetworkPolicy or a *cilium_v2.CiliumClusterwideNetworkPolicy into a *types.SlimCNP or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToCiliumEndpoint Uses

func ConvertToCiliumEndpoint(obj interface{}) interface{}

ConvertToCiliumEndpoint converts a *cilium_v2.CiliumEndpoint into a *types.CiliumEndpoint or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.CiliumEndpoint in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumEndpoint nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToCiliumNode Uses

func ConvertToCiliumNode(obj interface{}) interface{}

ConvertToCiliumNode converts a *cilium_v2.CiliumNode into a *cilium_v2.CiliumNode or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *cilium_v2.CiliumNode in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNode nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToK8sEndpointSlice Uses

func ConvertToK8sEndpointSlice(obj interface{}) interface{}

ConvertToK8sEndpointSlice converts a *v1beta1.EndpointSlice into a *types.Endpoints or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Endpoints in its Obj. If the given obj can't be cast into either *v1.Endpoints nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToK8sEndpoints Uses

func ConvertToK8sEndpoints(obj interface{}) interface{}

ConvertToK8sEndpoints converts a *v1.Endpoints into a *types.Endpoints or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Endpoints in its Obj. If the given obj can't be cast into either *v1.Endpoints nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToK8sService Uses

func ConvertToK8sService(obj interface{}) interface{}

ConvertToK8sService converts a *v1.Service into a *types.Service or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Service in its Obj. If the given obj can't be cast into either *v1.Service nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToNamespace Uses

func ConvertToNamespace(obj interface{}) interface{}

ConvertToNamespace converts a *v1.Namespace into a *types.Namespace or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Namespace in its Obj. If the given obj can't be cast into either *v1.Namespace nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Namespace as empty.

func ConvertToNetworkPolicy Uses

func ConvertToNetworkPolicy(obj interface{}) interface{}

ConvertToNetworkPolicy converts a *networkingv1.NetworkPolicy into a *types.NetworkPolicy or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.NetworkPolicy in its Obj. If the given obj can't be cast into either *networkingv1.NetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.

func ConvertToNode Uses

func ConvertToNode(obj interface{}) interface{}

ConvertToNode converts a *v1.Node into a *types.Node or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Node in its Obj. If the given obj can't be cast into either *v1.Node nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Node as empty.

func ConvertToPod Uses

func ConvertToPod(obj interface{}) interface{}

ConvertToPod converts a *v1.Pod into a *types.Pod or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Pod in its Obj. If the given obj can't be cast into either *v1.Pod nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Pod as empty.

func CopyObjToCiliumEndpoint Uses

func CopyObjToCiliumEndpoint(obj interface{}) *types.CiliumEndpoint

CopyObjToCiliumEndpoint attempts to cast object to a CiliumEndpoint object and returns a deep copy if the castin succeeds. Otherwise, nil is returned.

func CopyObjToCiliumNode Uses

func CopyObjToCiliumNode(obj interface{}) *cilium_v2.CiliumNode

CopyObjToCiliumNode attempts to cast object to a CiliumNode object and returns a deep copy if the castin succeeds. Otherwise, nil is returned.

func CopyObjToV1EndpointSlice Uses

func CopyObjToV1EndpointSlice(obj interface{}) *types.EndpointSlice

func CopyObjToV1Endpoints Uses

func CopyObjToV1Endpoints(obj interface{}) *types.Endpoints

func CopyObjToV1Namespace Uses

func CopyObjToV1Namespace(obj interface{}) *types.Namespace

func CopyObjToV1NetworkPolicy Uses

func CopyObjToV1NetworkPolicy(obj interface{}) *types.NetworkPolicy

func CopyObjToV1Node Uses

func CopyObjToV1Node(obj interface{}) *types.Node

func CopyObjToV1Pod Uses

func CopyObjToV1Pod(obj interface{}) *types.Pod

func CopyObjToV1Services Uses

func CopyObjToV1Services(obj interface{}) *types.Service

func CopyObjToV2CNP Uses

func CopyObjToV2CNP(obj interface{}) *types.SlimCNP

func CreateClient Uses

func CreateClient(config *rest.Config) (*kubernetes.Clientset, error)

CreateClient creates a new client to access the Kubernetes API

func CreateConfig Uses

func CreateConfig() (*rest.Config, error)

CreateConfig creates a client configuration based on the configured API server and Kubeconfig path

func CreateConfigFromAgentResponse Uses

func CreateConfigFromAgentResponse(resp *models.DaemonConfiguration) (*rest.Config, error)

CreateConfigFromAgentResponse creates a client configuration from a models.DaemonConfigurationResponse

func CreateCustomDialer Uses

func CreateCustomDialer(b ServiceIPGetter, log *logrus.Entry) func(s string, duration time.Duration) (conn net.Conn, e error)

CreateCustomDialer returns a custom dialer that picks the service IP, from the given ServiceIPGetter, if the address the used to dial is a k8s service.

func EqualV1EndpointSlice Uses

func EqualV1EndpointSlice(ep1, ep2 *types.EndpointSlice) bool

func EqualV1Endpoints Uses

func EqualV1Endpoints(ep1, ep2 *types.Endpoints) bool

func EqualV1Namespace Uses

func EqualV1Namespace(ns1, ns2 *types.Namespace) bool

func EqualV1NetworkPolicy Uses

func EqualV1NetworkPolicy(np1, np2 *types.NetworkPolicy) bool

func EqualV1Node Uses

func EqualV1Node(node1, node2 *types.Node) bool

func EqualV1Pod Uses

func EqualV1Pod(pod1, pod2 *types.Pod) bool

func EqualV1PodContainers Uses

func EqualV1PodContainers(c1, c2 types.PodContainer) bool

func EqualV1Services Uses

func EqualV1Services(k8sSVC1, k8sSVC2 *types.Service) bool

func EqualV2CNP Uses

func EqualV2CNP(cnp1, cnp2 *types.SlimCNP) bool

func GetAPIServerURL Uses

func GetAPIServerURL() string

GetAPIServerURL returns the configured API server URL address

func GetBurst Uses

func GetBurst() int

GetBurst gets the burst limit of the K8s configuration.

func GetKubeconfigPath Uses

func GetKubeconfigPath() string

GetKubeconfigPath returns the configured path to the kubeconfig configuration file

func GetNode Uses

func GetNode(c kubernetes.Interface, nodeName string) (*v1.Node, error)

GetNode returns the kubernetes nodeName's node information from the kubernetes api server

func GetPodMetadata Uses

func GetPodMetadata(k8sNs *types.Namespace, pod *types.Pod) (lbls map[string]string, retAnno map[string]string, retErr error)

GetPodMetadata returns the labels and annotations of the pod with the given namespace / name.

func GetPolicyLabelsv1 Uses

func GetPolicyLabelsv1(np *networkingv1.NetworkPolicy) labels.LabelArray

GetPolicyLabelsv1 extracts the name of np. It uses the name from the Cilium annotation if present. If the policy's annotations do not contain the Cilium annotation, the policy's name field is used instead.

func GetQPS Uses

func GetQPS() float32

GetQPS gets the QPS of the K8s configuration.

func HasEndpointSlice Uses

func HasEndpointSlice(hasEndpointSlices chan struct{}, controller cache.Controller) bool

HasEndpointSlice returns true if the hasEndpointSlices is closed before the controller has been synchronized with k8s.

func Init Uses

func Init() error

Init initializes the Kubernetes package. It is required to call Configure() beforehand.

func IsEnabled Uses

func IsEnabled() bool

IsEnabled checks if Cilium is being used in tandem with Kubernetes.

func IsErrParse Uses

func IsErrParse(e error) bool

IsErrParse returns true if the error is a ErrParse

func K8sErrorHandler Uses

func K8sErrorHandler(e error)

K8sErrorHandler handles the error messages in a non verbose way by omitting repeated instances of the same error message for a timeout defined with k8sErrLogTimeout.

func NewClusterService Uses

func NewClusterService(id ServiceID, k8sService *Service, k8sEndpoints *Endpoints) service.ClusterService

NewClusterService returns the service.ClusterService representing a Kubernetes Service

func ParseEndpointSlice Uses

func ParseEndpointSlice(ep *types.EndpointSlice) (ServiceID, *Endpoints)

ParseEndpointSlice parses a Kubernetes Endpoints resource

func ParseEndpoints Uses

func ParseEndpoints(ep *types.Endpoints) (ServiceID, *Endpoints)

ParseEndpoints parses a Kubernetes Endpoints resource

func ParseNetworkPolicy Uses

func ParseNetworkPolicy(np *networkingv1.NetworkPolicy) (api.Rules, error)

ParseNetworkPolicy parses a k8s NetworkPolicy. Returns a list of Cilium policy rules that can be added, along with an error if there was an error sanitizing the rules.

func ParseNode Uses

func ParseNode(k8sNode *types.Node, source source.Source) *node.Node

ParseNode parses a kubernetes node to a cilium node

func ParseNodeAddressType Uses

func ParseNodeAddressType(k8sAddress v1.NodeAddressType) (addressing.AddressType, error)

ParseNodeAddressType converts a Kubernetes NodeAddressType to a Cilium NodeAddressType. If the Kubernetes NodeAddressType does not have a corresponding Cilium AddressType, returns an error.

func ParseService Uses

func ParseService(svc *types.Service) (ServiceID, *Service)

ParseService parses a Kubernetes service and returns a Service

func PreprocessRules Uses

func PreprocessRules(r api.Rules, cache *ServiceCache) error

PreprocessRules translates rules that apply to headless services

func RegisterCRDs Uses

func RegisterCRDs() error

RegisterCRDs registers all CRDs

func SetNodeNetworkUnavailableFalse Uses

func SetNodeNetworkUnavailableFalse(c kubernetes.Interface, nodeName string) error

SetNodeNetworkUnavailableFalse sets Kubernetes NodeNetworkUnavailable to false as Cilium is managing the network connectivity. https://kubernetes.io/docs/concepts/architecture/nodes/#condition

func SupportsEndpointSlice Uses

func SupportsEndpointSlice() bool

SupportsEndpointSlice returns true if cilium-operator or cilium-agent should watch and process endpoint slices.

type Backend Uses

type Backend struct {
    Ports    service.PortConfiguration
    NodeName string
}

Backend contains all ports and the node name of a given backend +k8s:deepcopy-gen=true

func (*Backend) DeepCopy Uses

func (in *Backend) DeepCopy() *Backend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend.

func (*Backend) DeepCopyInto Uses

func (in *Backend) DeepCopyInto(out *Backend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Backend) DeepEquals Uses

func (b *Backend) DeepEquals(o *Backend) bool

DeepEquals returns true if both Backends are identical

type CCNPStatusEventHandler Uses

type CCNPStatusEventHandler struct {
    *CNPStatusEventHandler
}

CCNPStatusEventHandler handles status updates events for all the CCNPs in the cluster. Upon creation of Clusterwide policies, it will start a controller for that CNP which handles sending of updates for that CCNP to the kubernetes API server. Upon receiving eventes from the key-value store it will send the update for the CCNP corresponding to the status update to the controller for that CCNP.

func NewCCNPStatusEventHandler Uses

func NewCCNPStatusEventHandler(cnpStore *store.SharedStore, k8sStore cache.Store, updateInterval time.Duration) *CCNPStatusEventHandler

NewCCNPStatusEventHandler returns a new CCNPStatusEventHandler. which is more or less a wrapper around the CNPStatusEventHandler itself.

func (*CCNPStatusEventHandler) WatchForCCNPStatusEvents Uses

func (c *CCNPStatusEventHandler) WatchForCCNPStatusEvents()

WatchForCCNPStatusEvents starts a watcher for all the Clusterwide policy updates from the key-value store.

type CNPNSWithMeta Uses

type CNPNSWithMeta struct {
    UID       k8sTypes.UID
    Namespace string
    Name      string
    Node      string
    cilium_v2.CiliumNetworkPolicyNodeStatus
}

CNPNSWithMeta is a wrapper around a CiliumNetworkPolicyNodeStatus with metadata that uniquely identifies the CNP which is being updated, and the node to which the status update corresponds. Implements pkg/kvstore/store/Key.

func (*CNPNSWithMeta) GetKeyName Uses

func (c *CNPNSWithMeta) GetKeyName() string

GetKeyName returns the uniquely identifying information of this CNPNSWithMeta as a string for use as a key in a map.

func (CNPNSWithMeta) GetName Uses

func (c CNPNSWithMeta) GetName() string

func (CNPNSWithMeta) GetNamespace Uses

func (c CNPNSWithMeta) GetNamespace() string

func (CNPNSWithMeta) GetUID Uses

func (c CNPNSWithMeta) GetUID() k8sTypes.UID

func (*CNPNSWithMeta) Marshal Uses

func (c *CNPNSWithMeta) Marshal() ([]byte, error)

Marshal marshals the CNPNSWithMeta into JSON form.

func (*CNPNSWithMeta) Unmarshal Uses

func (c *CNPNSWithMeta) Unmarshal(data []byte) error

Unmarshal unmarshals the CNPNSWithMeta from JSON form.

type CNPStatusEventHandler Uses

type CNPStatusEventHandler struct {
    // contains filtered or unexported fields
}

CNPStatusEventHandler handles status updates events for all CNPs in the cluster. Upon creation of CNPs, it will start a controller for that CNP which handles sending of updates for that CNP to the Kubernetes API server. Upon receiving events from the key-value store, it will send the update for the CNP corresponding to the status update to the controller for that CNP.

func NewCNPStatusEventHandler Uses

func NewCNPStatusEventHandler(cnpStore *store.SharedStore, k8sStore cache.Store, updateInterval time.Duration) *CNPStatusEventHandler

NewCNPStatusEventHandler returns a new CNPStatusEventHandler.

func (*CNPStatusEventHandler) StartStatusHandler Uses

func (c *CNPStatusEventHandler) StartStatusHandler(cnp *types.SlimCNP)

StartStatusHandler starts the goroutine which sends status updates for the given CNP to the Kubernetes APIserver. If a status handler has already been started, it is a no-op.

func (*CNPStatusEventHandler) StopStatusHandler Uses

func (c *CNPStatusEventHandler) StopStatusHandler(cnp *types.SlimCNP)

StopStatusHandler signals that we need to stop managing the sending of status updates to the Kubernetes APIServer for the given CNP. It also cleans up all status updates from the key-value store for this CNP.

func (*CNPStatusEventHandler) WatchForCNPStatusEvents Uses

func (c *CNPStatusEventHandler) WatchForCNPStatusEvents()

WatchForCNPStatusEvents starts a watcher for all the CNP update from the key-value store.

type CNPStatusUpdateContext Uses

type CNPStatusUpdateContext struct {
    // CiliumNPClient is the CiliumNetworkPolicy client
    CiliumNPClient clientset.Interface

    // CiliumV2Store is a store containing all CiliumNetworkPolicy
    CiliumV2Store cache.Store

    // NodeName is the name of the node, it is used to separate status
    // field entries per node
    NodeName string

    // NodeManager implements the backoff.NodeManager interface and is used
    // to provide cluster-size dependent backoff
    NodeManager backoff.NodeManager

    // UpdateDuration must be populated using spanstart.Start() to provide
    // the timestamp of when the status update operation was started. It is
    // used to provide the latency in the Prometheus metrics.
    UpdateDuration *spanstat.SpanStat

    // WaitForEndpointsAtPolicyRev must point to a function that will wait
    // for all local endpoints to reach the particular policy revision
    WaitForEndpointsAtPolicyRev func(ctx context.Context, rev uint64) error
}

CNPStatusUpdateContext is the context required to update the status of a CNP. It is filled out by the owner of the Kubernetes client before UpdateStatus() is called.

func (*CNPStatusUpdateContext) UpdateStatus Uses

func (c *CNPStatusUpdateContext) UpdateStatus(ctx context.Context, cnp *types.SlimCNP, rev uint64, policyImportErr error) error

UpdateStatus updates the status section of a CiliumNetworkPolicy. It will retry as long as required to update the status unless a non-temporary error occurs in which case it expects a surrounding controller to restart or give up.

type CacheAction Uses

type CacheAction int

CacheAction is the type of action that was performed on the cache

const (
    // UpdateService reflects that the service was updated or added
    UpdateService CacheAction = iota

    // DeleteService reflects that the service was deleted
    DeleteService
)

func (CacheAction) String Uses

func (c CacheAction) String() string

String returns the cache action as a string

type Endpoints Uses

type Endpoints struct {
    // Backends is a map containing all backend IPs and ports. The key to
    // the map is the backend IP in string form. The value defines the list
    // of ports for that backend IP, plus an additional optional node name.
    Backends map[string]*Backend
}

Endpoints is an abstraction for the Kubernetes endpoints object. Endpoints consists of a set of backend IPs in combination with a set of ports and protocols. The name of the backend ports must match the names of the frontend ports of the corresponding service. +k8s:deepcopy-gen=true

func (*Endpoints) CIDRPrefixes Uses

func (e *Endpoints) CIDRPrefixes() ([]*net.IPNet, error)

CIDRPrefixes returns the endpoint's backends as a slice of IPNets.

func (*Endpoints) DeepCopy Uses

func (in *Endpoints) DeepCopy() *Endpoints

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoints.

func (*Endpoints) DeepCopyInto Uses

func (in *Endpoints) DeepCopyInto(out *Endpoints)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Endpoints) DeepEquals Uses

func (e *Endpoints) DeepEquals(o *Endpoints) bool

DeepEquals returns true if both endpoints are deep equal.

func (*Endpoints) String Uses

func (e *Endpoints) String() string

String returns the string representation of an endpoints resource, with backends and ports sorted.

type ErrParse Uses

type ErrParse struct {
    // contains filtered or unexported fields
}

ErrParse is an error to describe where policy fails to parse due any invalid rule.

func (ErrParse) Error Uses

func (e ErrParse) Error() string

Error returns the error message for parsing

type FrontendList Uses

type FrontendList map[string]struct{}

FrontendList is the list of all k8s service frontends

func (FrontendList) LooseMatch Uses

func (l FrontendList) LooseMatch(frontend loadbalancer.L3n4Addr) (exists bool)

LooseMatch returns true if the provided frontend is found in the FrontendList. If the frontend has a protocol value set, it only matches a k8s service with a matching protocol. If no protocol is set, any k8s service matching frontend IP and port is considered a match, regardless of protocol.

type JSONPatch Uses

type JSONPatch struct {
    OP    string      `json:"op,omitempty"`
    Path  string      `json:"path,omitempty"`
    Value interface{} `json:"value"`
}

JSONPatch structure based on the RFC 6902

type K8sCiliumClient Uses

type K8sCiliumClient struct {
    clientset.Interface
}

K8sCiliumClient is a wrapper around clientset.Interface.

func CiliumClient Uses

func CiliumClient() *K8sCiliumClient

CiliumClient returns the default Cilium Kubernetes client.

type K8sClient Uses

type K8sClient struct {
    // kubernetes.Interface is the object through which interactions with
    // Kubernetes are performed.
    kubernetes.Interface
}

K8sClient is a wrapper around kubernetes.Interface.

func Client Uses

func Client() *K8sClient

Client returns the default Kubernetes client.

func (K8sClient) AnnotateNode Uses

func (k8sCli K8sClient) AnnotateNode(nodeName string, encryptKey uint8, v4CIDR, v6CIDR *cidr.CIDR, v4HealthIP, v6HealthIP, v4CiliumHostIP, v6CiliumHostIP net.IP) error

AnnotateNode writes v4 and v6 CIDRs and health IPs in the given k8s node name. In case of failure while updating the node, this function while spawn a go routine to retry the node update indefinitely.

func (K8sClient) GetSecrets Uses

func (k8sCli K8sClient) GetSecrets(ctx context.Context, ns, name string) (map[string][]byte, error)

GetSecrets returns the secrets found in the given namespace and name.

type K8sMetaObject Uses

type K8sMetaObject interface {
    GetUID() k8sTypes.UID
    GetNamespace() string
    GetName() string
}

type NodeStatusUpdate Uses

type NodeStatusUpdate struct {
    *cilium_v2.CiliumNetworkPolicyNodeStatus
    // contains filtered or unexported fields
}

NodeStatusUpdate pairs a CiliumNetworkPolicyNodeStatus to a specific node.

type NodeStatusUpdater Uses

type NodeStatusUpdater struct {
    // contains filtered or unexported fields
}

NodeStatusUpdater handles the lifecycle around sending CNP NodeStatus updates.

type RuleTranslator Uses

type RuleTranslator struct {
    Service          ServiceID
    Endpoint         Endpoints
    ServiceLabels    map[string]string
    Revert           bool
    AllocatePrefixes bool
}

RuleTranslator implements pkg/policy.Translator interface Translate populates/depopulates given rule with ToCIDR rules Based on provided service/endpoint

func NewK8sTranslator Uses

func NewK8sTranslator(
    serviceInfo ServiceID,
    endpoint Endpoints,
    revert bool,
    labels map[string]string,
    allocatePrefixes bool) RuleTranslator

NewK8sTranslator returns RuleTranslator

func (RuleTranslator) Translate Uses

func (k RuleTranslator) Translate(r *api.Rule, result *policy.TranslationResult) error

Translate calls TranslateEgress on all r.Egress rules

func (RuleTranslator) TranslateEgress Uses

func (k RuleTranslator) TranslateEgress(r *api.EgressRule, result *policy.TranslationResult) error

TranslateEgress populates/depopulates egress rules with ToCIDR entries based on toService entries

type Service Uses

type Service struct {
    FrontendIP net.IP
    IsHeadless bool

    // IncludeExternal is true when external endpoints from other clusters
    // should be included
    IncludeExternal bool

    // Shared is true when the service should be exposed/shared to other clusters
    Shared bool

    // TrafficPolicy controls how backends are selected. If set to "Local", only
    // node-local backends are chosen
    TrafficPolicy loadbalancer.SVCTrafficPolicy

    // HealthCheckNodePort defines on which port the node runs a HTTP health
    // check server which may be used by external loadbalancers to determine
    // if a node has local backends. This will only have effect if both
    // LoadBalancerIPs is not empty and TrafficPolicy is SVCTrafficPolicyLocal.
    HealthCheckNodePort uint16

    Ports map[loadbalancer.FEPortName]*loadbalancer.L4Addr
    // NodePorts stores mapping for port name => NodePort frontend addr string =>
    // NodePort fronted addr. The string addr => addr indirection is to avoid
    // storing duplicates.
    NodePorts map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID
    // K8sExternalIPs stores mapping of the endpoint in a string format to the
    // externalIP in net.IP format.
    K8sExternalIPs map[string]net.IP
    // LoadBalancerIPs stores LB IPs assigned to the service (string(IP) => IP).
    LoadBalancerIPs map[string]net.IP
    Labels          map[string]string
    Selector        map[string]string
}

Service is an abstraction for a k8s service that is composed by the frontend IP address (FEIP) and the map of the frontend ports (Ports). +k8s:deepcopy-gen=true

func NewService Uses

func NewService(ip net.IP, externalIPs []string, loadBalancerIPs []string,
    headless bool, trafficPolicy loadbalancer.SVCTrafficPolicy,
    healthCheckNodePort uint16, labels, selector map[string]string) *Service

NewService returns a new Service with the Ports map initialized.

func (*Service) DeepCopy Uses

func (in *Service) DeepCopy() *Service

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.

func (*Service) DeepCopyInto Uses

func (in *Service) DeepCopyInto(out *Service)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Service) DeepEquals Uses

func (s *Service) DeepEquals(o *Service) bool

DeepEquals returns true if both services are equal

func (Service) IsExternal Uses

func (s Service) IsExternal() bool

IsExternal returns true if the service is expected to serve out-of-cluster endpoints:

func (*Service) String Uses

func (s *Service) String() string

String returns the string representation of a service resource

func (*Service) UniquePorts Uses

func (s *Service) UniquePorts() map[uint16]bool

UniquePorts returns a map of all unique ports configured in the service

type ServiceCache Uses

type ServiceCache struct {
    Events chan ServiceEvent
    // contains filtered or unexported fields
}

ServiceCache is a list of services correlated with the matching endpoints. The Events member will receive events as services.

func NewServiceCache Uses

func NewServiceCache() ServiceCache

NewServiceCache returns a new ServiceCache

func (*ServiceCache) DebugStatus Uses

func (s *ServiceCache) DebugStatus() string

DebugStatus implements debug.StatusObject to provide debug status collection ability

func (*ServiceCache) DeleteEndpointSlices Uses

func (s *ServiceCache) DeleteEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) ServiceID

func (*ServiceCache) DeleteEndpoints Uses

func (s *ServiceCache) DeleteEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) ServiceID

DeleteEndpoints parses a Kubernetes endpoints and removes it from the ServiceCache

func (*ServiceCache) DeleteService Uses

func (s *ServiceCache) DeleteService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup)

DeleteService parses a Kubernetes service and removes it from the ServiceCache

func (*ServiceCache) GetServiceIP Uses

func (s *ServiceCache) GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr

GetServiceIP returns a random L3n4Addr that is backing the given Service ID.

func (*ServiceCache) MergeExternalServiceDelete Uses

func (s *ServiceCache) MergeExternalServiceDelete(service *service.ClusterService, swg *lock.StoppableWaitGroup)

MergeExternalServiceDelete merges the deletion of a cluster service in a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().

func (*ServiceCache) MergeExternalServiceUpdate Uses

func (s *ServiceCache) MergeExternalServiceUpdate(service *service.ClusterService, swg *lock.StoppableWaitGroup)

MergeExternalServiceUpdate merges a cluster service of a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().

func (*ServiceCache) UniqueServiceFrontends Uses

func (s *ServiceCache) UniqueServiceFrontends() FrontendList

UniqueServiceFrontends returns all services known to the service cache as a map, indexed by the string representation of a loadbalancer.L3n4Addr

func (*ServiceCache) UpdateEndpointSlices Uses

func (s *ServiceCache) UpdateEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)

func (*ServiceCache) UpdateEndpoints Uses

func (s *ServiceCache) UpdateEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)

UpdateEndpoints parses a Kubernetes endpoints and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes endpoints could not be parsed and a bool to indicate whether the endpoints was changed in the cache or not.

func (*ServiceCache) UpdateService Uses

func (s *ServiceCache) UpdateService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup) ServiceID

UpdateService parses a Kubernetes service and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes service could not be parsed and a bool to indicate whether the service was changed in the cache or not.

type ServiceEvent Uses

type ServiceEvent struct {
    // Action is the action that was performed in the cache
    Action CacheAction

    // ID is the identified of the service
    ID  ServiceID

    // Service is the service structure
    Service *Service

    // OldService is the service structure
    OldService *Service

    // Endpoints is the endpoints structured correlated with the service
    Endpoints *Endpoints

    // SWG provides a mechanism to detect if a service was synchronized with
    // the datapath.
    SWG *lock.StoppableWaitGroup
}

ServiceEvent is emitted via the Events channel of ServiceCache and describes the change that occurred in the cache

type ServiceID Uses

type ServiceID struct {
    Name      string `json:"serviceName,omitempty"`
    Namespace string `json:"namespace,omitempty"`
}

ServiceID identities the Kubernetes service

func ParseEndpointSliceID Uses

func ParseEndpointSliceID(svc *types.EndpointSlice) ServiceID

ParseEndpointSliceID parses a Kubernetes endpoints slice and returns the ServiceID

func ParseEndpointsID Uses

func ParseEndpointsID(svc *types.Endpoints) ServiceID

ParseEndpointsID parses a Kubernetes endpoints and returns the ServiceID

func ParseServiceID Uses

func ParseServiceID(svc *types.Service) ServiceID

ParseServiceID parses a Kubernetes service and returns the ServiceID

func ParseServiceIDFrom Uses

func ParseServiceIDFrom(dn string) *ServiceID

ParseServiceIDFrom returns a ServiceID derived from the given kubernetes service FQDN.

func (ServiceID) String Uses

func (s ServiceID) String() string

String returns the string representation of a service ID

type ServiceIPGetter Uses

type ServiceIPGetter interface {
    GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
}

Directories

PathSynopsis
apis/cilium.io
apis/cilium.io/utils
apis/cilium.io/v2Package v2 is the v2 version of the API.
client/clientset/versionedThis package has the automatically generated clientset.
client/clientset/versioned/fakeThis package has the automatically generated fake clientset.
client/clientset/versioned/schemeThis package contains the scheme of the automatically generated clientset.
client/clientset/versioned/typed/cilium.io/v2This package has the automatically generated typed clients.
client/clientset/versioned/typed/cilium.io/v2/fakePackage fake has the automatically generated clients.
client/informers/externalversions
client/informers/externalversions/cilium.io
client/informers/externalversions/cilium.io/v2
client/informers/externalversions/internalinterfaces
client/listers/cilium.io/v2
endpointsynchronizer
identitybackend
informer
metrics
typesPackage types contains slimmer versions of k8s types.
utils
versionPackage version keeps track of the Kubernetes version the client is connected to
watchers

Package k8s imports 61 packages (graph) and is imported by 56 packages. Updated 2020-02-19. Refresh now. Tools for package owners.