supervisor

package
v10.358.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Config is the structure holding all information about the supervisor

func (*Config) ACLProvider

func (s *Config) ACLProvider() []provider.IptablesProvider

ACLProvider returns the ACL provider used by the supervisor that can be shared with other entities.

func (*Config) CleanUp

func (s *Config) CleanUp() error

CleanUp implements the cleanup interface

func (*Config) EnableIPTablesPacketTracing

func (s *Config) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enables ip tables packet tracing

func (*Config) Run

func (s *Config) Run(ctx context.Context) error

Run starts the supervisor

func (*Config) SetTargetNetworks

func (s *Config) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets the target networks of the supervisor

func (*Config) Supervise

func (s *Config) Supervise(contextID string, pu *policy.PUInfo) error

Supervise creates a mapping between an IP address and the corresponding labels. it invokes the various handlers that process the parameter policy.

func (*Config) Unsupervise

func (s *Config) Unsupervise(contextID string) error

Unsupervise removes the mapping from cache and cleans up the iptable rules. ALL remove operations will print errors by they don't return error. We want to force as much cleanup as possible to avoid stale state

type Implementor

type Implementor interface {

	// ConfigureRules configures the rules in the ACLs and datapath
	ConfigureRules(version int, contextID string, containerInfo *policy.PUInfo) error

	// UpdateRules updates the rules with a new version
	UpdateRules(version int, contextID string, containerInfo *policy.PUInfo, oldContainerInfo *policy.PUInfo) error

	// DeleteRules
	DeleteRules(version int, context string, tcpPorts, udpPorts string, mark string, uid string, containerInfo *policy.PUInfo) error

	// SetTargetNetworks sets the target networks of the supervisor
	SetTargetNetworks(cfg *runtime.Configuration) error

	// Start initializes any defaults
	Run(ctx context.Context) error

	// CleanUp requests the implementor to clean up all ACLs
	CleanUp() error

	// ACLProvider returns the ACL provider used by the implementor
	ACLProvider() []provider.IptablesProvider

	// CreateCustomRulesChain creates a custom rules chain if it doesnt exist
	CreateCustomRulesChain() error
}

Implementor is the interface of the implementation based on iptables, ipsets, remote etc

type Supervisor

type Supervisor interface {

	// Supervise adds a new supervised processing unit.
	Supervise(contextID string, puInfo *policy.PUInfo) error

	// Unsupervise unsupervises the given PU
	Unsupervise(contextID string) error

	// Start starts the Supervisor.
	Run(ctx context.Context) error

	// SetTargetNetworks sets the target networks of the supervisor
	SetTargetNetworks(cfg *runtime.Configuration) error

	// CleanUp requests the supervisor to clean up all ACLs
	CleanUp() error

	// EnableIPTablesPacketTracing enables ip tables packet tracing
	EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
}

A Supervisor is implementing the node control plane that captures the packets.

func NewSupervisor

func NewSupervisor(
	collector collector.EventCollector,
	enforcerInstance enforcer.Enforcer,
	mode constants.ModeType,
	cfg *runtime.Configuration,
	ipv6Enabled bool,
	iptablesLockfile string,
) (Supervisor, error)

NewSupervisor will create a new connection supervisor that uses IPTables to redirect specific packets to userspace. It instantiates multiple data stores to maintain efficient mappings between contextID, policy and IP addresses. This simplifies the lookup operations at the expense of memory.

Directories

Path Synopsis
Package mocksupervisor is a generated GoMock package.
Package mocksupervisor is a generated GoMock package.
Package supervisornoop implements the supervisor interface with no operations.
Package supervisornoop implements the supervisor interface with no operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL