proxy

package

v0.0.0-...-c34bea4 Latest Latest Go to latest Published: May 20, 2022 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gocifer/goins

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func ChangeLogLevel(level logrus.Level)
func GetProxyPort(name string) (uint16, error)
type DatapathUpdater
type EndpointLookup
type Proxy
- func StartProxySupport(minPort uint16, maxPort uint16, stateDir string, ...) *Proxy
type ProxyPort
type ProxyType
- func (p ProxyType) String() string
type Redirect
type RedirectImplementation

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// Allocator is a package-level variable which is used to lookup security
	// identities from their numeric representation.
	// TODO: plumb an allocator in from callers of these functions vs. having
	// this as a package-level variable.
	Allocator cache.IdentityAllocator
)

View Source

var (
	// DefaultDNSProxy is the global, shared, DNS Proxy singleton.
	DefaultDNSProxy proxy.DNSProxier
)

Functions ¶

func ChangeLogLevel ¶

func ChangeLogLevel(level logrus.Level)

ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.

func GetProxyPort ¶

func GetProxyPort(name string) (uint16, error)

GetProxyPort() returns the fixed listen port for a proxy, if any.

Types ¶

type DatapathUpdater ¶

type DatapathUpdater interface {
	InstallProxyRules(ctx context.Context, proxyPort uint16, ingress bool, name string) error
	SupportsOriginalSourceAddr() bool
}

type EndpointLookup ¶

type EndpointLookup interface {
	LookupIP(ip net.IP) (ep *endpoint.Endpoint)
}

EndpointLookup is any type which maps from IP to the endpoint owning that IP.

func StartProxySupport ¶

func StartProxySupport(minPort uint16, maxPort uint16, stateDir string,
	accessLogNotifier logger.LogRecordNotifier, accessLogMetadata []string,
	datapathUpdater DatapathUpdater, mgr EndpointLookup,
	ipcache *ipcache.IPCache) *Proxy

StartProxySupport starts the servers to support L7 proxies: xDS GRPC server and access log server.

func (*Proxy) AckProxyPort ¶

func (p *Proxy) AckProxyPort(ctx context.Context, name string) error

AckProxyPort() marks the proxy of the given type as successfully created and creates or updates the datapath rules accordingly.

func (*Proxy) AllocateProxyPort ¶

func (p *Proxy) AllocateProxyPort(name string, ingress bool) (uint16, error)

AllocateProxyPort() allocates a new port for listener 'name', or returns the current one if already allocated. Each call has to be paired with AckProxyPort(name) to update the datapath rules accordingly. Each allocated port must be eventually freed with ReleaseProxyPort().

func (*Proxy) CreateOrUpdateRedirect ¶

func (p *Proxy) CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, localEndpoint logger.EndpointUpdater,
	wg *completion.WaitGroup) (proxyPort uint16, err error, finalizeFunc revert.FinalizeFunc, revertFunc revert.RevertFunc)

CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated. The proxy listening port is returned, but proxy configuration on that port may still be ongoing asynchronously. Caller should wait for successful completion on 'wg' before assuming the returned proxy port is listening. Caller must call exactly one of the returned functions: - finalizeFunc to make the changes stick, or - revertFunc to cancel the changes. Called with 'localEndpoint' locked!

func (*Proxy) GetStatusModel ¶

func (p *Proxy) GetStatusModel() *models.ProxyStatus

GetStatusModel returns the proxy status as API model

func (*Proxy) ReinstallRules ¶

func (p *Proxy) ReinstallRules(ctx context.Context) error

ReinstallRules is called by daemon reconfiguration to re-install proxy ports rules that were removed during the removal of all Cilium rules.

func (*Proxy) ReleaseProxyPort ¶

func (p *Proxy) ReleaseProxyPort(name string) error

func (*Proxy) RemoveRedirect ¶

func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)

RemoveRedirect removes an existing redirect that has been successfully created earlier.

func (*Proxy) SetProxyPort ¶

func (p *Proxy) SetProxyPort(name string, proxyType ProxyType, port uint16, ingress bool) error

SetProxyPort() marks the proxy 'name' as successfully created with proxy port 'port'. Another call to AckProxyPort(name) is needed to update the datapath rules accordingly. This should only be called for proxies that have a static listener that is already listening on 'port'. May only be called once per proxy.

func (*Proxy) UpdateEnvoyResources ¶

func (p *Proxy) UpdateEnvoyResources(ctx context.Context, old, new envoy.Resources, portAllocator envoy.PortAllocator) error

Overload XDSServer.UpdateEnvoyResources to start Envoy on demand

func (*Proxy) UpdateNetworkPolicy ¶

func (p *Proxy) UpdateNetworkPolicy(ep logger.EndpointUpdater, vis *policy.VisibilityPolicy, policy *policy.L4Policy, ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)

UpdateNetworkPolicy must update the redirect configuration of an endpoint in the proxy

func (*Proxy) UpsertEnvoyResources ¶

func (p *Proxy) UpsertEnvoyResources(ctx context.Context, resources envoy.Resources, portAllocator envoy.PortAllocator) error

Overload XDSServer.UpsertEnvoyResources to start Envoy on demand

func (*Proxy) UseCurrentNetworkPolicy ¶

func (p *Proxy) UseCurrentNetworkPolicy(ep logger.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)

UseCurrentNetworkPolicy inserts a Completion to the WaitGroup if the current network policy has not yet been acked

type ProxyPort ¶

type ProxyPort struct {
	// contains filtered or unexported fields
}

type ProxyType ¶

type ProxyType string

const (
	// ProxyTypeAny represents the case where no proxy type is provided.
	ProxyTypeAny ProxyType = ""
	// ProxyTypeHTTP specifies the Envoy HTTP proxy type
	ProxyTypeHTTP ProxyType = "http"
	// ProxyTypeDNS specifies the staticly configured DNS proxy type
	ProxyTypeDNS ProxyType = "dns"
	// ProxyTypeCRD specifies a proxy configured via CiliumEnvoyConfig CRD
	ProxyTypeCRD ProxyType = "crd"

	DNSProxyName = "cilium-dns-egress"
)

func (ProxyType) String ¶

func (p ProxyType) String() string

type Redirect ¶

type Redirect struct {
	// contains filtered or unexported fields
}

type RedirectImplementation ¶

type RedirectImplementation interface {
	// UpdateRules updates the rules for the given proxy redirect.
	// The implementation should .Add to the WaitGroup if the update is
	// asynchronous and the update should not return until it is complete.
	// The returned RevertFunc must be non-nil.
	// Note: UpdateRules is not called when a redirect is created.
	UpdateRules(wg *completion.WaitGroup) (revert.RevertFunc, error)

	// Close closes and cleans up resources associated with the redirect
	// implementation. The implementation should .Add to the WaitGroup if the
	// update is asynchronous and the update should not return until it is
	// complete.
	Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc)
}

RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
accesslog
logger Package logger provides the accesslog logging logic for all proxies	Package logger provides the accesslog logging logic for all proxies
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL