Documentation
¶
Index ¶
- Constants
- func ConfigureDefaultMTUs(hostMTU int, c *Config)
- func FindJumpMap(progID int, ifaceName string) (mapFD maps.FD, err error)
- func NewSockmapState() (*sockmapState, error)
- func NewXDPState(allowGenericXDP bool) (*xdpState, error)
- func NewXDPStateWithBPFLibrary(library bpf.BPFDataplane, allowGenericXDP bool) *xdpState
- type Config
- type EndpointStatusUpdateCallback
- type IfaceFlags
- type InternalDataplane
- type Manager
- type ManagerWithRouteRules
- type ManagerWithRouteTables
- type PolDirection
- type UpdateBatchResolver
- type WireguardStatusUpdateCallback
Constants ¶
const EndTierDrop = true
const (
// Interface name used by kube-proxy to bind service ips.
KubeIPVSInterface = "kube-ipvs0"
)
const NoEndTierDrop = false
Variables ¶
This section is empty.
Functions ¶
func ConfigureDefaultMTUs ¶
ConfigureDefaultMTUs defaults any MTU configurations that have not been set. We default the values even if the encap is not enabled, in order to match behavior from earlier versions of Calico. However, they MTU will only be considered for allocation to pod interfaces if the encap is enabled.
func NewSockmapState ¶
func NewSockmapState() (*sockmapState, error)
func NewXDPState ¶
func NewXDPStateWithBPFLibrary ¶
func NewXDPStateWithBPFLibrary(library bpf.BPFDataplane, allowGenericXDP bool) *xdpState
Types ¶
type Config ¶
type Config struct {
Hostname string
NodeZone string
IPv6Enabled bool
RuleRendererOverride rules.RuleRenderer
IPIPMTU int
VXLANMTU int
VXLANMTUV6 int
VXLANPort int
MaxIPSetSize int
RouteSyncDisabled bool
IptablesBackend string
IPSetsRefreshInterval time.Duration
RouteRefreshInterval time.Duration
DeviceRouteSourceAddress net.IP
DeviceRouteSourceAddressIPv6 net.IP
DeviceRouteProtocol netlink.RouteProtocol
RemoveExternalRoutes bool
IptablesRefreshInterval time.Duration
IptablesPostWriteCheckInterval time.Duration
IptablesInsertMode string
IptablesLockFilePath string
IptablesLockTimeout time.Duration
IptablesLockProbeInterval time.Duration
XDPRefreshInterval time.Duration
FloatingIPsEnabled bool
Wireguard wireguard.Config
NetlinkTimeout time.Duration
RulesConfig rules.Config
IfaceMonitorConfig ifacemonitor.Config
StatusReportingInterval time.Duration
ConfigChangedRestartCallback func()
FatalErrorRestartCallback func(error)
PostInSyncCallback func()
HealthAggregator *health.HealthAggregator
WatchdogTimeout time.Duration
RouteTableManager *idalloc.IndexAllocator
DebugSimulateDataplaneHangAfter time.Duration
ExternalNodesCidrs []string
BPFEnabled bool
BPFPolicyDebugEnabled bool
BPFDisableUnprivileged bool
BPFKubeProxyIptablesCleanupEnabled bool
BPFLogLevel string
BPFExtToServiceConnmark int
BPFDataIfacePattern *regexp.Regexp
BPFL3IfacePattern *regexp.Regexp
XDPEnabled bool
XDPAllowGeneric bool
BPFConntrackTimeouts bpfconntrack.Timeouts
BPFCgroupV2 string
BPFConnTimeLBEnabled bool
BPFMapRepin bool
BPFNodePortDSREnabled bool
BPFDSROptoutCIDRs []string
BPFPSNATPorts numorstring.Port
BPFMapSizeRoute int
BPFMapSizeConntrack int
BPFMapSizeNATFrontend int
BPFMapSizeNATBackend int
BPFMapSizeNATAffinity int
BPFMapSizeIPSets int
BPFMapSizeIfState int
BPFIpv6Enabled bool
BPFHostConntrackBypass bool
BPFEnforceRPF string
KubeProxyMinSyncPeriod time.Duration
SidecarAccelerationEnabled bool
LookPathOverride func(file string) (string, error)
KubeClientSet *kubernetes.Clientset
FeatureDetectOverrides map[string]string
FeatureGates map[string]string
MTUIfacePattern *regexp.Regexp
RouteSource string
KubernetesProvider config.Provider
// contains filtered or unexported fields
}
type IfaceFlags ¶
type IfaceFlags uint8
type InternalDataplane ¶
type InternalDataplane struct {
// contains filtered or unexported fields
}
InternalDataplane implements an in-process Felix dataplane driver based on iptables and ipsets. It communicates with the datastore-facing part of Felix via the Send/RecvMessage methods, which operate on the protobuf-defined API objects.
Architecture ¶
The internal dataplane driver is organised around a main event loop, which handles update events from the datastore and dataplane.
Each pass around the main loop has two phases. In the first phase, updates are fanned out to "manager" objects, which calculate the changes that are needed and pass them to the dataplane programming layer. In the second phase, the dataplane layer applies the updates in a consistent sequence. The second phase is skipped until the datastore is in sync; this ensures that the first update to the dataplane applies a consistent snapshot.
Having the dataplane layer batch updates has several advantages. It is much more efficient to batch updates, since each call to iptables/ipsets has a high fixed cost. In addition, it allows for different managers to make updates without having to coordinate on their sequencing.
Requirements on the API ¶
The internal dataplane does not do consistency checks on the incoming data (as the old Python-based driver used to do). It expects to be told about dependent resources before they are needed and for their lifetime to exceed that of the resources that depend on them. For example, it is important that the datastore layer sends an IP set create event before it sends a rule that references that IP set.
func NewIntDataplaneDriver ¶
func NewIntDataplaneDriver(config Config) *InternalDataplane
func (*InternalDataplane) RecvMessage ¶
func (d *InternalDataplane) RecvMessage() (interface{}, error)
func (*InternalDataplane) RegisterManager ¶
func (d *InternalDataplane) RegisterManager(mgr Manager)
func (*InternalDataplane) SendMessage ¶
func (d *InternalDataplane) SendMessage(msg interface{}) error
func (*InternalDataplane) Start ¶
func (d *InternalDataplane) Start()
type Manager ¶
type Manager interface {
// OnUpdate is called for each protobuf message from the datastore. May either directly
// send updates to the IPSets and iptables.Table objects (which will queue the updates
// until the main loop instructs them to act) or (for efficiency) may wait until
// a call to CompleteDeferredWork() to flush updates to the dataplane.
OnUpdate(protoBufMsg interface{})
// Called before the main loop flushes updates to the dataplane to allow for batched
// work to be completed.
CompleteDeferredWork() error
}
type ManagerWithRouteRules ¶
type ManagerWithRouteRules interface {
Manager
GetRouteRules() []routeRules
}
type ManagerWithRouteTables ¶
type ManagerWithRouteTables interface {
Manager
GetRouteTableSyncers() []routetable.RouteTableSyncer
}
type PolDirection ¶
type PolDirection int
PolDirection is the Calico datamodel direction of policy. On a host endpoint, ingress is towards the host. On a workload endpoint, ingress is towards the workload.
const ( PolDirnIngress PolDirection = iota PolDirnEgress )
func (PolDirection) Inverse ¶
func (polDirection PolDirection) Inverse() PolDirection
func (PolDirection) RuleDir ¶
func (polDirection PolDirection) RuleDir() string
type UpdateBatchResolver ¶
type UpdateBatchResolver interface {
// Opportunity for a manager component to resolve state that depends jointly on the updates
// that it has seen since the preceding CompleteDeferredWork call. Processing here can
// include passing resolved state to other managers. It should not include any actual
// dataplane updates yet. (Those should be actioned in CompleteDeferredWork.)
ResolveUpdateBatch() error
}
Source Files