kubelink

package
v0.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2021 License: Apache-2.0, BSD-3-Clause, MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const CHAIN_PREFIX = "KUBELINK-"
View Source 
const CLUSTER_DNS_IP = 10
View Source 
const DEFAULT_MESH = "<default>"
View Source 
const DEFAULT_PORT = 80
View Source 
const DNSMODE_DNS = "dns"
View Source 
const DNSMODE_KUBERNETES = "kubernetes"
View Source 
const DNSMODE_NONE = "none"
View Source 
const DROP_ACTION = "DROP" // MARK_DROP_CHAIN
View Source 
const DROP_CHAIN = CHAIN_PREFIX + "DROP"
View Source 
const EP_INBOUND = "Inbound"
View Source 
const EP_LOCAL = "LocalLink"
View Source 
const EP_NONE = "None"
View Source 
const FIREWALL_CHAIN = CHAIN_PREFIX + "FIREWALL"
View Source 
const FW_LINK_CHAIN_PREFIX = CHAIN_PREFIX + "FW-"
View Source 
const GW_LINK_CHAIN_PREFIX = CHAIN_PREFIX + "GW-"
View Source 
const KUBELINK_DNS_IP = 11
View Source 
const LINKNAME_SEP = "--"
View Source 
const LINKS_CHAIN = CHAIN_PREFIX + "LINKS"
View Source 
const MARK_BIT = "0x1000"
View Source 
const MARK_DROP_CHAIN = CHAIN_PREFIX + "MARK-DROP"
View Source 
const NAT_CHAIN = CHAIN_PREFIX + "NAT"
View Source 
const NAT_MESH_CHAIN_PREFIX = CHAIN_PREFIX + "NT-"
View Source 
const TABLE_DROP_CHAIN = TABLE_FIREWALL_CHAIN
View Source 
const TABLE_FIREWALL_CHAIN = "filter"
View Source 
const TABLE_LINKS_CHAIN = "mangle"
View Source 
const TABLE_LINK_CHAIN = TABLE_MARK_DROP_CHAIN
View Source 
const TABLE_MARK_DROP_CHAIN = TABLE_LINKS_CHAIN
View Source 
const TABLE_NAT = "nat"

Variables

This section is empty.

Functions

func ShowRoutes 

func ShowRoutes(name string) error

Types

type CIDR 

type CIDR struct {
	Broadcast net.IP
	*net.IPNet
}

func ParseCIDR 

func ParseCIDR(s string) (*CIDR, error)

type FirewallRule 

type FirewallRule struct {
	Allowed tcp.CIDRList
	Denied  tcp.CIDRList
}

func ParseFirewallRule 

func ParseFirewallRule(list []string) (*FirewallRule, error)

func (*FirewallRule) Contains 

func (this *FirewallRule) Contains(ip net.IP) bool

func (*FirewallRule) IsSet 

func (this *FirewallRule) IsSet() bool
type Link struct {
	Name           LinkName
	ServiceCIDR    *net.IPNet
	Egress         tcp.CIDRList
	Ingress        *FirewallRule
	ClusterAddress *net.IPNet
	GatewayLink    *LinkName
	GatewayFor     LinkNameSet
	Gateway        net.IP
	Host           string
	Port           int
	Endpoint       string
	PublicKey      *wgtypes.Key
	PresharedKey   *wgtypes.Key
	LinkForeignData
}

func LinkForSpec 

func LinkForSpec(name LinkName, spec *LinkSpec, defaultPort int, gw net.IP) (*Link, error)

func (*Link) AcceptIP 

func (this *Link) AcceptIP(ip net.IP) bool

func (*Link) AllowIngress 

func (this *Link) AllowIngress(ip net.IP) (granted bool, set bool)

func (*Link) GetIngressChain 

func (this *Link) GetIngressChain() *iptables.ChainRequest

func (*Link) GetRequired 

func (this *Link) GetRequired() LinkNameSet

func (*Link) HasEndpoint 

func (this *Link) HasEndpoint() bool

func (*Link) IsInbound 

func (this *Link) IsInbound() bool
func (this *Link) IsLocalLink() bool

func (*Link) IsWireguard 

func (this *Link) IsWireguard() bool

func (*Link) MatchMesh 

func (this *Link) MatchMesh(cidr *net.IPNet) bool

func (*Link) String 

func (this *Link) String() string

type LinkAccessInfo 

type LinkAccessInfo struct {
	CACert string
	Token  string
}

func (LinkAccessInfo) Equal 

func (this LinkAccessInfo) Equal(other LinkAccessInfo) bool

func (LinkAccessInfo) String 

func (this LinkAccessInfo) String() string

type LinkDNSInfo 

type LinkDNSInfo struct {
	ClusterDomain  string
	DnsIP          net.IP
	DNSPropagation bool
}

func (LinkDNSInfo) Equal 

func (this LinkDNSInfo) Equal(other LinkDNSInfo) bool

func (LinkDNSInfo) String 

func (this LinkDNSInfo) String() string

type LinkForeignData 

type LinkForeignData struct {
	UpdatePending bool
	LinkAccessInfo
	LinkDNSInfo
}

type LinkIndex 

type LinkIndex struct {
	// contains filtered or unexported fields
}

func NewLinkIndex 

func NewLinkIndex() *LinkIndex

func (*LinkIndex) Add 

func (this *LinkIndex) Add(link *Link)

func (*LinkIndex) All 

func (this *LinkIndex) All() map[LinkName]*Link

func (*LinkIndex) ByClusterAddress 

func (this *LinkIndex) ByClusterAddress(ip net.IP) *Link

func (*LinkIndex) ByEndpointHost 

func (this *LinkIndex) ByEndpointHost(name string) *Link

func (*LinkIndex) ByMesh 

func (this *LinkIndex) ByMesh(name string) LinkNameSet

func (*LinkIndex) ByName 

func (this *LinkIndex) ByName(name LinkName) *Link

func (*LinkIndex) HasWireguard 

func (this *LinkIndex) HasWireguard() bool
func (this *LinkIndex) IsGatewayLink(name LinkName) bool

func (*LinkIndex) IsGatewayNode 

func (this *LinkIndex) IsGatewayNode(ip net.IP) bool

func (*LinkIndex) LookupByEgressIP 

func (this *LinkIndex) LookupByEgressIP(ip net.IP) *Link

func (*LinkIndex) LookupGatewaysForMeshIP 

func (this *LinkIndex) LookupGatewaysForMeshIP(ip net.IP) tcp.IPList

func (*LinkIndex) MeshLinksFor 

func (this *LinkIndex) MeshLinksFor(name string) LinkNameSet

func (*LinkIndex) Remove 

func (this *LinkIndex) Remove(name LinkName)

func (*LinkIndex) ServedLinksFor 

func (this *LinkIndex) ServedLinksFor(name LinkName) LinkNameSet

func (*LinkIndex) Visit 

func (this *LinkIndex) Visit(visitor func(l *Link) bool)

type LinkName 

type LinkName struct {
	// contains filtered or unexported fields
}

func DecodeLinkNameFromString 

func DecodeLinkNameFromString(name string) LinkName

func NewLinkName 

func NewLinkName(mesh, name string) LinkName

func (LinkName) Mesh 

func (this LinkName) Mesh() string

func (LinkName) Name 

func (this LinkName) Name() string

func (LinkName) String 

func (this LinkName) String() string

type LinkNameSet 

type LinkNameSet map[LinkName]struct{}

func NewLinkNameSet 

func NewLinkNameSet(names ...LinkName) LinkNameSet

func (LinkNameSet) Add 

func (this LinkNameSet) Add(names ...LinkName)

func (LinkNameSet) AddAll 

func (this LinkNameSet) AddAll(sets ...LinkNameSet) LinkNameSet

func (LinkNameSet) Contains 

func (this LinkNameSet) Contains(n LinkName) bool

func (LinkNameSet) Copy 

func (this LinkNameSet) Copy() LinkNameSet

func (LinkNameSet) Remove 

func (this LinkNameSet) Remove(n LinkName)

type LinkSpec 

type LinkSpec = api.KubeLinkSpec
type Links interface {
	Setup(logger logger.LogContext, list []resources.Object)
	SetDefaultMesh(clusterName string, clusterAddress *net.IPNet, meshDNS LinkDNSInfo)

	SetGateway(ip net.IP)
	GetGateway() net.IP
	IsGateway(ifce *NodeInterface) bool

	IsGatewayLink(name LinkName) bool
	HasWireguard() bool
	RegisterLink(name LinkName, clusterCIDR *net.IPNet, fqdn string, cidr *net.IPNet) (*Link, error)

	GetLinks() map[LinkName]*Link
	GetLink(name LinkName) *Link
	LinkInfoUpdated(logger logger.LogContext, name LinkName, access *LinkAccessInfo, dns *LinkDNSInfo) *Link
	UpdateLinkInfo(logger logger.LogContext, name LinkName, access *LinkAccessInfo, dns *LinkDNSInfo, pending bool) (*Link, bool)
	ReplaceLink(link *Link) *Link
	UpdateLink(klink *api.KubeLink) (*Link, bool, error)
	RemoveLink(name LinkName)
	VisitLinks(visitor func(l *Link) bool)
	GetLinkForClusterAddress(ip net.IP) *Link
	GetLinkForIP(ip net.IP) *Link // TODO Rename
	GetLinkForEndpointHost(dnsname string) *Link

	ServedLinksFor(name LinkName) LinkNameSet

	GetMesh(name string) *Mesh
	GetMeshByLinkName(name LinkName) *Mesh
	GetMeshLink(name LinkName) *Link
	GetMeshLinks() map[LinkName]*Link
	GetMeshInfos() map[string]*Mesh
	GetMeshMembersFor(name string) LinkNameSet
	RemoveMesh(name string)
	MarkForDeletion(name LinkName)
	VisitMeshes(visitor func(m *Mesh, l *Link) bool)

	LookupMeshGatewaysFor(ip net.IP) tcp.IPList
	LookupClusterAddressByMeshAddress(ip net.IP) *net.IPNet
	LookupMeshByMeshAddress(ip net.IP) *Mesh

	GetRoutesToLink(ifce *NodeInterface, link netlink.Link) Routes
	GetRoutes(ifce *NodeInterface) Routes
	GetGatewayEgress(ifce *NodeInterface, meshCIDR *net.IPNet) tcp.CIDRList

	GetFirewallChains() iptables.Requests
	GetEgressChain(mesh *net.IPNet) *iptables.ChainRequest
	GetNatChains(clusterAddresses tcp.CIDRList, linkName string) iptables.Requests
	GetGatewayAddrs() tcp.CIDRList

	Locked(func(Links) error) error
}
func GetSharedLinks(controller controller.Interface, defaultport int) Links
func NewLinks(resc resources.Interface, defaultport int) Links

type Mesh 

type Mesh struct {
	// contains filtered or unexported fields
}

func NewMeshInfo 

func NewMeshInfo(link *Link, delete ...bool) *Mesh

func (*Mesh) CIDR 

func (this *Mesh) CIDR() *net.IPNet

func (*Mesh) ClusterAddress 

func (this *Mesh) ClusterAddress() *net.IPNet

func (*Mesh) ClusterDomain 

func (this *Mesh) ClusterDomain() string

func (*Mesh) ClusterName 

func (this *Mesh) ClusterName() string

func (*Mesh) DNSIP 

func (this *Mesh) DNSIP() net.IP

func (*Mesh) DeletePending 

func (this *Mesh) DeletePending() bool

func (*Mesh) LinkName 

func (this *Mesh) LinkName() LinkName

func (*Mesh) Name 

func (this *Mesh) Name() string

func (*Mesh) PropagateDNS 

func (this *Mesh) PropagateDNS() bool

type MeshIndex 

type MeshIndex struct {
	// contains filtered or unexported fields
}

func NewMeshIndex 

func NewMeshIndex() *MeshIndex

func (*MeshIndex) Add 

func (this *MeshIndex) Add(link *Link)

func (*MeshIndex) All 

func (this *MeshIndex) All() map[string]*Mesh

func (*MeshIndex) ByCIDR 

func (this *MeshIndex) ByCIDR(cidr *net.IPNet) *Mesh

func (*MeshIndex) ByLinkName 

func (this *MeshIndex) ByLinkName(name LinkName) *Mesh

func (*MeshIndex) ByLocalAddress 

func (this *MeshIndex) ByLocalAddress(ip net.IP) *Mesh

func (*MeshIndex) ByName 

func (this *MeshIndex) ByName(name string) *Mesh

func (*MeshIndex) GetMeshCIDRs 

func (this *MeshIndex) GetMeshCIDRs() tcp.CIDRList

func (*MeshIndex) GetMeshInfos 

func (this *MeshIndex) GetMeshInfos() map[string]*Mesh
func (this *MeshIndex) GetMeshLinks() map[LinkName]*Link

func (*MeshIndex) IsDeletePending 

func (this *MeshIndex) IsDeletePending(name string) bool

func (*MeshIndex) LinkByCIDR 

func (this *MeshIndex) LinkByCIDR(cidr *net.IPNet) *Link

func (*MeshIndex) LinkByLinkName 

func (this *MeshIndex) LinkByLinkName(name LinkName) *Link

func (*MeshIndex) LinkByName 

func (this *MeshIndex) LinkByName(name string) *Link

func (*MeshIndex) LookupByIP 

func (this *MeshIndex) LookupByIP(ip net.IP) *Mesh

func (*MeshIndex) MarkLinkForDeletion 

func (this *MeshIndex) MarkLinkForDeletion(name LinkName)

func (*MeshIndex) Remove 

func (this *MeshIndex) Remove(name LinkName)

func (*MeshIndex) RemoveByName 

func (this *MeshIndex) RemoveByName(name string)

func (*MeshIndex) SetDefaultMesh 

func (this *MeshIndex) SetDefaultMesh(link *Link)

func (*MeshIndex) Visit 

func (this *MeshIndex) Visit(visitor func(m *Mesh, l *Link) bool)

type NodeInterface 

type NodeInterface struct {
	Name  string
	Index int
	IP    net.IP
}

func LookupNodeIP 

func LookupNodeIP(logger logger.LogContext, cidr *net.IPNet) (*NodeInterface, error)

type Routes 

type Routes []netlink.Route

func ListRoutes 

func ListRoutes() (Routes, error)

func ListRoutesForInterface 

func ListRoutesForInterface(name string) (Routes, error)

func (*Routes) Add 

func (this *Routes) Add(route netlink.Route) Routes

func (Routes) Lookup 

func (this Routes) Lookup(route netlink.Route) int

func (Routes) LookupAndLogMismatchReason 

func (this Routes) LookupAndLogMismatchReason(logger logger.LogContext, route netlink.Route) int

type RuleDef 

type RuleDef struct {
	Table  string
	Chain  string
	Rule   iptables.Rule
	Before string
}

func FirewallEmbedding 

func FirewallEmbedding() ([]RuleDef, utils.StringSet)

func NatEmbedding 

func NatEmbedding() ([]RuleDef, utils.StringSet)

type StringList 

type StringList []string

func (StringList) Equals 

func (this StringList) Equals(r StringList) bool

func (StringList) Index 

func (this StringList) Index(val string) int

type StringLists 

type StringLists []StringList

func (StringLists) Index 

func (this StringLists) Index(l StringList) int

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.