ovn

package
v0.0.0-...-12c5f08 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2024 License: Apache-2.0 Imports: 84 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Default Meters created on GRs.
	OVNARPRateLimiter              = "arp"
	OVNARPResolveRateLimiter       = "arp-resolve"
	OVNBFDRateLimiter              = "bfd"
	OVNControllerEventsRateLimiter = "event-elb"
	OVNICMPV4ErrorsRateLimiter     = "icmp4-error"
	OVNICMPV6ErrorsRateLimiter     = "icmp6-error"
	OVNRejectRateLimiter           = "reject"
	OVNTCPRSTRateLimiter           = "tcp-reset"
	OVNServiceMonitorLimiter       = "svc-monitor"
)
View Source 
const (
	NodeIPAddrSetName             egressIpAddrSetName = "node-ips"
	EgressIPServedPodsAddrSetName egressIpAddrSetName = "egressip-served-pods"
)
View Source 
const (
	// IdledServiceAnnotationSuffix is a constant string representing the suffix of the Service annotation key
	// whose value indicates the time stamp in RFC3339 format when a Service was idled
	IdledServiceAnnotationSuffix   = "idled-at"
	OvnNodeAnnotationRetryInterval = 100 * time.Millisecond
	OvnNodeAnnotationRetryTimeout  = 1 * time.Second
)
View Source 
const (
	// TCP is the constant string for the string "TCP"
	TCP = "TCP"

	// UDP is the constant string for the string "UDP"
	UDP = "UDP"

	// SCTP is the constant string for the string "SCTP"
	SCTP = "SCTP"
)
View Source 
const DefaultNetworkControllerName = "default-network-controller"
View Source 
const (
	EgressQoSFlowStartPriority = 1000
)
View Source 
const PolicyForAnnotation = "k8s.v1.cni.cncf.io/policy-for"

Variables

This section is empty.

Functions

func DeleteLegacyDefaultNoRerouteNodePolicies 

func DeleteLegacyDefaultNoRerouteNodePolicies(nbClient libovsdbclient.Client, node string) error

DeleteLegacyDefaultNoRerouteNodePolicies deletes the older EIP node reroute policies called from syncFunction and is a one time operation sample: 101 ip4.src == 10.244.0.0/16 && ip4.dst == 172.18.0.2/32 allow

func EnsureDefaultCOPP 

func EnsureDefaultCOPP(nbClient libovsdbclient.Client) (string, error)

EnsureDefaultCOPP creates the default COPP that needs to be added to each GR if not already present. Also cleans up old COPP entries if required.

func InitClusterEgressPolicies 

func InitClusterEgressPolicies(nbClient libovsdbclient.Client, addressSetFactory addressset.AddressSetFactory,
	controllerName string) error

InitClusterEgressPolicies creates the global no reroute policies and address-sets required by the egressIP and egressServices features.

func NewNetworkPolicy 

func NewNetworkPolicy(policy *knet.NetworkPolicy) *networkPolicy

func PortGroupHasPorts 

func PortGroupHasPorts(nbClient libovsdbclient.Client, pgName string, portUUIDs []string) bool

PortGroupHasPorts returns true if a port group contains all given ports

func WithSyncDurationMetric 

func WithSyncDurationMetric(resourceName string, f func() error) error

func WithSyncDurationMetricNoError 

func WithSyncDurationMetricNoError(resourceName string, f func())

Types

type BaseNetworkController 

type BaseNetworkController struct {
	CommonNetworkControllerInfo

	// network information
	util.NetInfo
	// contains filtered or unexported fields
}

BaseNetworkController structure holds per-network fields and network specific configuration Note that all the methods with NetworkControllerInfo pointer receivers will be called by more than one type of network controllers.

func (*BaseNetworkController) AddConfigDurationRecord 

func (bnc *BaseNetworkController) AddConfigDurationRecord(kind, namespace, name string) (
	[]ovsdb.Operation, func(), time.Time, error)

func (*BaseNetworkController) DeletePodSelectorAddressSet 

func (bnc *BaseNetworkController) DeletePodSelectorAddressSet(addrSetKey, backRef string) error

func (*BaseNetworkController) EnsurePodSelectorAddressSet 

func (bnc *BaseNetworkController) EnsurePodSelectorAddressSet(podSelector, namespaceSelector *metav1.LabelSelector,
	namespace, backRef string) (addrSetKey, psAddrSetHashV4, psAddrSetHashV6 string, err error)

EnsurePodSelectorAddressSet returns address set for requested (podSelector, namespaceSelector, namespace). If namespaceSelector is nil, namespace will be used with podSelector statically. podSelector should not be nil, use metav1.LabelSelector{} to match all pods. namespaceSelector can only be nil when namespace is set, use metav1.LabelSelector{} to match all namespaces. podSelector = metav1.LabelSelector{} + static namespace may be replaced with namespace address set, podSelector = metav1.LabelSelector{} + namespaceSelector may be replaced with a set of namespace address sets, but both cases will work here too.

backRef is the key that should be used for cleanup. if err != nil, cleanup is required by calling DeletePodSelectorAddressSet or EnsurePodSelectorAddressSet again. psAddrSetHashV4, psAddrSetHashV6 may be set to empty string if address set for that ipFamily wasn't created.

func (*BaseNetworkController) GetLocalZoneNodes 

func (bnc *BaseNetworkController) GetLocalZoneNodes() ([]*kapi.Node, error)

GetLocalZoneNodes returns the list of local zone nodes A node is considered a local zone node if the zone name set in the node's annotation matches with the zone name set in the OVN Northbound database (to which this controller is connected to).

func (*BaseNetworkController) GetLogicalPortName 

func (bnc *BaseNetworkController) GetLogicalPortName(pod *kapi.Pod, nadName string) string

func (*BaseNetworkController) GetNamespaceACLLogging 

func (bnc *BaseNetworkController) GetNamespaceACLLogging(ns string) *libovsdbutil.ACLLoggingLevels

GetNamespaceACLLogging retrieves ACLLoggingLevels for the Namespace. nsInfo will be locked (and unlocked at the end) for given namespace if it exists.

func (*BaseNetworkController) WatchNamespaces 

func (bnc *BaseNetworkController) WatchNamespaces() error

WatchNamespaces starts the watching of namespace resource and calls back the appropriate handler logic

func (*BaseNetworkController) WatchNodes 

func (bnc *BaseNetworkController) WatchNodes() error

WatchNodes starts the watching of the nodes resource and calls back the appropriate handler logic

func (*BaseNetworkController) WatchPods 

func (bnc *BaseNetworkController) WatchPods() error

WatchPods starts the watching of the Pod resource and calls back the appropriate handler logic

type BaseSecondaryLayer2NetworkController 

type BaseSecondaryLayer2NetworkController struct {
	BaseSecondaryNetworkController
}

BaseSecondaryLayer2NetworkController structure holds per-network fields and network specific configuration for secondary layer2/localnet network controller

type BaseSecondaryNetworkController 

type BaseSecondaryNetworkController struct {
	BaseNetworkController
	// contains filtered or unexported fields
}

BaseSecondaryNetworkController structure holds per-network fields and network specific configuration for secondary network controller

func (*BaseSecondaryNetworkController) AddNamespaceForSecondaryNetwork 

func (bsnc *BaseSecondaryNetworkController) AddNamespaceForSecondaryNetwork(ns *kapi.Namespace) error

AddNamespaceForSecondaryNetwork creates corresponding addressset in ovn db for secondary network

func (*BaseSecondaryNetworkController) AddSecondaryNetworkResourceCommon 

func (bsnc *BaseSecondaryNetworkController) AddSecondaryNetworkResourceCommon(objType reflect.Type, obj interface{}) error

AddSecondaryNetworkResourceCommon adds the specified object to the cluster according to its type and returns the error, if any, yielded during object creation. This function is called for secondary network only.

func (*BaseSecondaryNetworkController) DeleteSecondaryNetworkResourceCommon 

func (bsnc *BaseSecondaryNetworkController) DeleteSecondaryNetworkResourceCommon(objType reflect.Type, obj, cachedObj interface{}) error

DeleteResource deletes the object from the cluster according to the delete logic of its resource type. Given an object and optionally a cachedObj; cachedObj is the internal cache entry for this object, used for now for pods. This function is called for secondary network only.

func (*BaseSecondaryNetworkController) GetInternalCacheEntryForSecondaryNetwork 

func (bsnc *BaseSecondaryNetworkController) GetInternalCacheEntryForSecondaryNetwork(objType reflect.Type, obj interface{}) interface{}

GetInternalCacheEntryForSecondaryNetwork returns the internal cache entry for this object, given an object and its type. This is now used only for pods, which will get their the logical port cache entry.

func (*BaseSecondaryNetworkController) UpdateSecondaryNetworkResourceCommon 

func (bsnc *BaseSecondaryNetworkController) UpdateSecondaryNetworkResourceCommon(objType reflect.Type, oldObj, newObj interface{}, inRetryCache bool) error

UpdateSecondaryNetworkResourceCommon updates the specified object in the cluster to its version in newObj according to its type and returns the error, if any, yielded during the object update. This function is called for secondary network only. Given an old and a new object; The inRetryCache boolean argument is to indicate if the given resource is in the retryCache or not.

func (*BaseSecondaryNetworkController) WatchIPAMClaims 

func (bsnc *BaseSecondaryNetworkController) WatchIPAMClaims() error

WatchIPAMClaims starts the watching of IPAMClaim resources and calls back the appropriate handler logic

func (*BaseSecondaryNetworkController) WatchMultiNetworkPolicy 

func (bsnc *BaseSecondaryNetworkController) WatchMultiNetworkPolicy() error

WatchMultiNetworkPolicy starts the watching of multinetworkpolicy resource and calls back the appropriate handler logic

type CommonNetworkControllerInfo 

type CommonNetworkControllerInfo struct {

	// has SCTP support
	SCTPSupport bool
	// contains filtered or unexported fields
}

CommonNetworkControllerInfo structure is place holder for all fields shared among controllers.

func NewCommonNetworkControllerInfo 

func NewCommonNetworkControllerInfo(client clientset.Interface, kube *kube.KubeOVN, wf *factory.WatchFactory,
	recorder record.EventRecorder, nbClient libovsdbclient.Client, sbClient libovsdbclient.Client,
	podRecorder *metrics.PodRecorder, SCTPSupport, multicastSupport, svcTemplateSupport bool) (*CommonNetworkControllerInfo, error)

NewCommonNetworkControllerInfo creates CommonNetworkControllerInfo shared by controllers

type DefaultNetworkController 

type DefaultNetworkController struct {
	BaseNetworkController
	// contains filtered or unexported fields
}

DefaultNetworkController structure is the object which holds the controls for starting and reacting upon the watched resources (e.g. pods, endpoints) for default l3 network

func NewDefaultNetworkController 

func NewDefaultNetworkController(cnci *CommonNetworkControllerInfo) (*DefaultNetworkController, error)

NewDefaultNetworkController creates a new OVN controller for creating logical network infrastructure and policy for default l3 network

func (*DefaultNetworkController) AddNamespace 

func (oc *DefaultNetworkController) AddNamespace(ns *kapi.Namespace) error

AddNamespace creates corresponding addressset in ovn db

func (*DefaultNetworkController) Init 

func (oc *DefaultNetworkController) Init(ctx context.Context) error

Init runs a subnet IPAM and a controller that watches arrival/departure of nodes in the cluster On an addition to the cluster (node create), a new subnet is created for it that will translate to creation of a logical switch (done by the node, but could be created here at the master process too) Upon deletion of a node, the switch will be deleted

TODO: Verify that the cluster was not already called with a different global subnet 

If true, then either quit or perform a complete reconfiguration of the cluster (recreate switches/routers with new subnet values)

func (*DefaultNetworkController) InitEgressServiceZoneController 

func (oc *DefaultNetworkController) InitEgressServiceZoneController() (*egresssvc_zone.Controller, error)

func (*DefaultNetworkController) Run 

func (oc *DefaultNetworkController) Run(ctx context.Context) error

Run starts the actual watching.

func (*DefaultNetworkController) SetupMaster 

func (oc *DefaultNetworkController) SetupMaster(existingNodeNames []string) error

SetupMaster creates the central router and load-balancers for the network

func (*DefaultNetworkController) Start 

func (oc *DefaultNetworkController) Start(ctx context.Context) error

Start starts the default controller; handles all events and creates all needed logical entities

func (*DefaultNetworkController) StartServiceController 

func (oc *DefaultNetworkController) StartServiceController(wg *sync.WaitGroup, runRepair bool) error

func (*DefaultNetworkController) Stop 

func (oc *DefaultNetworkController) Stop()

Stop gracefully stops the controller

func (*DefaultNetworkController) WatchEgressFirewall 

func (oc *DefaultNetworkController) WatchEgressFirewall() error

WatchEgressFirewall starts the watching of egressfirewall resource and calls back the appropriate handler logic

func (*DefaultNetworkController) WatchEgressFwNodes 

func (oc *DefaultNetworkController) WatchEgressFwNodes() error

WatchEgressFwNodes starts the watching of nodes for Egress Firewall where firewall rules may match nodes using a node selector

func (*DefaultNetworkController) WatchEgressIP 

func (oc *DefaultNetworkController) WatchEgressIP() error

WatchEgressIP starts the watching of egressip resource and calls back the appropriate handler logic. It also initiates the other dedicated resource handlers for egress IP setup: namespaces, pods.

func (*DefaultNetworkController) WatchEgressIPNamespaces 

func (oc *DefaultNetworkController) WatchEgressIPNamespaces() error

func (*DefaultNetworkController) WatchEgressIPPods 

func (oc *DefaultNetworkController) WatchEgressIPPods() error

func (*DefaultNetworkController) WatchEgressNodes 

func (oc *DefaultNetworkController) WatchEgressNodes() error

WatchEgressNodes starts the watching of egress assignable nodes and calls back the appropriate handler logic.

func (*DefaultNetworkController) WatchNetworkPolicy 

func (oc *DefaultNetworkController) WatchNetworkPolicy() error

WatchNetworkPolicy starts the watching of network policy resource and calls back the appropriate handler logic

type EgressDNS 

type EgressDNS struct {
	// contains filtered or unexported fields
}

func NewEgressDNS 

func NewEgressDNS(addressSetFactory addressset.AddressSetFactory, controllerName string,
	controllerStop <-chan struct{}) (*EgressDNS, error)

func (*EgressDNS) Add 

func (e *EgressDNS) Add(namespace, dnsName string) (addressset.AddressSet, error)

func (*EgressDNS) Delete 

func (e *EgressDNS) Delete(namespace string) error

func (*EgressDNS) Run 

func (e *EgressDNS) Run(defaultInterval time.Duration)

Run spawns a goroutine that handles updates to the dns entries for domain names used in EgressFirewalls. The loop runs after receiving one of three signals:

  1. time.NewTicker(durationTillNextQuery) times out and the dnsName with the lowest ttl is checked and the durationTillNextQuery is updated
  2. e.added is received and durationTillNextQuery is recomputed
  3. e.deleted is received and coincides with dnsName

func (*EgressDNS) Shutdown 

func (e *EgressDNS) Shutdown()

func (*EgressDNS) Update 

func (e *EgressDNS) Update(dns string) (bool, error)

type EgressIPPatchStatus 

type EgressIPPatchStatus struct {
	Op    string                    `json:"op"`
	Path  string                    `json:"path"`
	Value egressipv1.EgressIPStatus `json:"value"`
}

type NetworkPolicyExtraParameters 

type NetworkPolicyExtraParameters struct {
	// contains filtered or unexported fields
}

type PodSelectorAddrSetHandlerInfo 

type PodSelectorAddrSetHandlerInfo struct {
	// PodSelectorAddrSetHandlerInfo is updated by PodSelectorAddressSet's handler, and it may be deleted by
	// PodSelectorAddressSet.
	// To make sure pod handlers won't try to update deleted resources, this lock is used together with deleted field.
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*PodSelectorAddrSetHandlerInfo) GetASHashNames 

func (handlerInfo *PodSelectorAddrSetHandlerInfo) GetASHashNames() (string, string, error)

type PodSelectorAddressSet 

type PodSelectorAddressSet struct {
	// contains filtered or unexported fields
}

PodSelectorAddressSet should always be accessed with oc.podSelectorAddressSets key lock

type SecondaryLayer2NetworkController 

type SecondaryLayer2NetworkController struct {
	BaseSecondaryLayer2NetworkController
}

SecondaryLayer2NetworkController is created for logical network infrastructure and policy for a secondary layer2 network

func NewSecondaryLayer2NetworkController 

func NewSecondaryLayer2NetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo) *SecondaryLayer2NetworkController

NewSecondaryLayer2NetworkController create a new OVN controller for the given secondary layer2 nad

func (*SecondaryLayer2NetworkController) Cleanup 

func (oc *SecondaryLayer2NetworkController) Cleanup(netName string) error

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLayer2NetworkController) Init 

func (oc *SecondaryLayer2NetworkController) Init() error

func (*SecondaryLayer2NetworkController) Start 

func (oc *SecondaryLayer2NetworkController) Start(ctx context.Context) error

Start starts the secondary layer2 controller, handles all events and creates all needed logical entities

func (*SecondaryLayer2NetworkController) Stop 

func (oc *SecondaryLayer2NetworkController) Stop()

type SecondaryLayer3NetworkController 

type SecondaryLayer3NetworkController struct {
	BaseSecondaryNetworkController
	// contains filtered or unexported fields
}

SecondaryLayer3NetworkController is created for logical network infrastructure and policy for a secondary l3 network

func NewSecondaryLayer3NetworkController 

func NewSecondaryLayer3NetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo) *SecondaryLayer3NetworkController

NewSecondaryLayer3NetworkController create a new OVN controller for the given secondary layer3 NAD

func (*SecondaryLayer3NetworkController) Cleanup 

func (oc *SecondaryLayer3NetworkController) Cleanup(netName string) error

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLayer3NetworkController) Init 

func (oc *SecondaryLayer3NetworkController) Init(ctx context.Context) error

func (*SecondaryLayer3NetworkController) Run 

func (oc *SecondaryLayer3NetworkController) Run() error

func (*SecondaryLayer3NetworkController) Start 

func (oc *SecondaryLayer3NetworkController) Start(ctx context.Context) error

Start starts the secondary layer3 controller, handles all events and creates all needed logical entities

func (*SecondaryLayer3NetworkController) Stop 

func (oc *SecondaryLayer3NetworkController) Stop()

Stop gracefully stops the controller, and delete all logical entities for this network if requested

func (*SecondaryLayer3NetworkController) WatchNodes 

func (oc *SecondaryLayer3NetworkController) WatchNodes() error

WatchNodes starts the watching of node resource and calls back the appropriate handler logic

type SecondaryLocalnetNetworkController 

type SecondaryLocalnetNetworkController struct {
	BaseSecondaryLayer2NetworkController
}

SecondaryLocalnetNetworkController is created for logical network infrastructure and policy for a secondary localnet network

func NewSecondaryLocalnetNetworkController 

func NewSecondaryLocalnetNetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo) *SecondaryLocalnetNetworkController

NewSecondaryLocalnetNetworkController create a new OVN controller for the given secondary localnet NAD

func (*SecondaryLocalnetNetworkController) Cleanup 

func (oc *SecondaryLocalnetNetworkController) Cleanup(netName string) error

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLocalnetNetworkController) Init 

func (oc *SecondaryLocalnetNetworkController) Init() error

func (*SecondaryLocalnetNetworkController) Start 

func (oc *SecondaryLocalnetNetworkController) Start(ctx context.Context) error

Start starts the secondary localnet controller, handles all events and creates all needed logical entities

func (*SecondaryLocalnetNetworkController) Stop 

func (oc *SecondaryLocalnetNetworkController) Stop()

Source Files

View all Source files

Directories

Path Synopsis
mocks
controller
admin_network_policy
apbroute
apbroute/gateway_info
egressservice
services
unidling
external_ids_syncer
acl
address_set
port_group

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.