config

package
v1.14.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 26, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Invalid ofport_request number is in range 1 to 65,279. For ofport_request number not in the range, OVS
	// ignore the it and automatically assign a port number.
	// Here we use an invalid port number "0" to request for automatically port allocation.
	AutoAssignedOFPort = 0
	DefaultTunOFPort   = 1
	HostGatewayOFPort  = 2
	UplinkOFPort       = 3
	// 0xfffffffe is a reserved port number in OpenFlow protocol, which is dedicated for the Bridge interface.
	BridgeOFPort = 0xfffffffe
)
View Source
const (

	// WireGuard overhead: 20-byte outer IPv4, 8-byte UDP header, 4-byte type, 4-byte key index, 8-byte nonce, 16-byte authentication tag
	WireGuardOverhead = 60
	// IPsec ESP can add a maximum of 38 bytes to the packet including the ESP
	// header and trailer.
	IPSecESPOverhead = 38
)
View Source
const (
	L7NetworkPolicyTargetPortName = "antrea-l7-tap0"
	L7NetworkPolicyReturnPortName = "antrea-l7-tap1"
)

Variables

View Source
var (
	// VirtualServiceIPv4 or VirtualServiceIPv6 is used in the following scenarios:
	// - The IP is used to perform SNAT for packets of Service sourced from Antrea gateway and destined for external
	//   network via Antrea gateway.
	// - The IP is used as destination IP in host routing entry to forward replied SNATed Service packets back to Antrea
	//   gateway.
	// - The IP is used as the next hop of host routing entry for ClusterIP and virtual NodePort DNAT IP.
	//   The IP cannot be one used in the network, and cannot be within the 169.254.1.0 - 169.254.254.255 range
	//   according to https://datatracker.ietf.org/doc/html/rfc3927#section-2.1
	VirtualServiceIPv4 = net.ParseIP("169.254.0.253")
	VirtualServiceIPv6 = net.ParseIP("fc01::aabb:ccdd:eeff")

	// VirtualNodePortDNATIPv4 or VirtualNodePortDNATIPv6 is used in the following scenarios:
	// - The IP is used to perform DNAT on host for packets of NodePort sourced from local Node or external network.
	// - The IP is used as destination IP in host routing entry to forward DNATed NodePort packets to Antrea gateway
	VirtualNodePortDNATIPv4 = net.ParseIP("169.254.0.252")
	VirtualNodePortDNATIPv6 = net.ParseIP("fc01::aabb:ccdd:eefe")
)

Functions

func IsIPv4Enabled

func IsIPv4Enabled(nodeConfig *NodeConfig, trafficEncapMode TrafficEncapModeType) (bool, error)

IsIPv4Enabled returns true if the cluster network supports IPv4. Legal cases are: - NetworkPolicyOnly, NodeIPv4Addr != nil, IPv4 is enabled - NetworkPolicyOnly, NodeIPv4Addr == nil, IPv4 is disabled - Non-NetworkPolicyOnly, PodIPv4CIDR != nil, NodeIPv4Addr != nil, IPv4 is enabled - Non-NetworkPolicyOnly, PodIPv4CIDR == nil, IPv4 is disabled

func IsIPv6Enabled

func IsIPv6Enabled(nodeConfig *NodeConfig, trafficEncapMode TrafficEncapModeType) (bool, error)

IsIPv6Enabled returns true if the cluster network supports IPv6. Legal cases are: - NetworkPolicyOnly, NodeIPv6Addr != nil, IPv6 is enabled - NetworkPolicyOnly, NodeIPv6Addr == nil, IPv6 is disabled - Non-NetworkPolicyOnly, PodIPv6CIDR != nil, NodeIPv6Addr != nil, IPv6 is enabled - Non-NetworkPolicyOnly, PodIPv6CIDR == nil, IPv6 is disabled

Types

type AdapterNetConfig

type AdapterNetConfig struct {
	Name       string
	Index      int
	MAC        net.HardwareAddr
	IPs        []*net.IPNet
	MTU        int
	Gateway    string
	DNSServers string
	Routes     []interface{}
	// OFPort is the OpenFlow port number of the uplink interface allocated by OVS.
	OFPort uint32
}

type EgressConfig added in v1.4.0

type EgressConfig struct {
	ExceptCIDRs []net.IPNet
}

type GatewayConfig

type GatewayConfig struct {
	// Name is the name of host gateway, e.g. antrea-gw0.
	Name string

	IPv4 net.IP
	IPv6 net.IP
	MAC  net.HardwareAddr
	// LinkIndex is the link index of host gateway.
	LinkIndex int

	// OFPort is the OpenFlow port number of host gateway allocated by OVS.
	OFPort uint32
}

func (*GatewayConfig) String

func (g *GatewayConfig) String() string

type IPsecAuthenticationMode added in v1.7.0

type IPsecAuthenticationMode int
const (
	IPsecAuthenticationModePSK IPsecAuthenticationMode = iota
	IPsecAuthenticationModeCert
	IPsecAuthenticationModeInvalid = -1
)

func GetIPsecAuthenticationModeFromStr added in v1.7.0

func GetIPsecAuthenticationModeFromStr(str string) (bool, IPsecAuthenticationMode)

GetIPsecAuthenticationModeFromStr returns true and IPsecAuthenticationModeType corresponding to input string. Otherwise, false and undefined value is returned

func GetIPsecConfigModes added in v1.7.0

func GetIPsecConfigModes() []IPsecAuthenticationMode

func (IPsecAuthenticationMode) String added in v1.7.0

func (am IPsecAuthenticationMode) String() string

String returns value in string.

type IPsecConfig added in v1.7.0

type IPsecConfig struct {
	AuthenticationMode IPsecAuthenticationMode
	PSK                string
}

IPsecConfig includes IPsec related configurations.

type L7NetworkPolicyConfig added in v1.10.0

type L7NetworkPolicyConfig struct {
	TargetOFPort uint32 // Matched L7 NetworkPolicy traffic is forwarded to an application-aware engine via this ofPort.
	ReturnOFPort uint32 // Scanned L7 NetworkPolicy traffic is returned from an application-aware engine via this ofPort.
}

L7NetworkPolicyConfig includes target and return ofPorts for L7 NetworkPolicy.

type LoadBalancerMode added in v1.13.0

type LoadBalancerMode int
const (
	LoadBalancerModeNAT LoadBalancerMode = iota
	LoadBalancerModeDSR
	LoadBalancerModeInvalid = -1
)

func GetLoadBalancerModeFromStr added in v1.13.0

func GetLoadBalancerModeFromStr(str string) (bool, LoadBalancerMode)

GetLoadBalancerModeFromStr returns true and LoadBalancerMode corresponding to input string. Otherwise, false and undefined value is returned

func (LoadBalancerMode) String added in v1.13.0

func (m LoadBalancerMode) String() string

String returns value in string.

type NetworkConfig

type NetworkConfig struct {
	TrafficEncapMode      TrafficEncapModeType
	TunnelType            ovsconfig.TunnelType
	TunnelPort            int32
	TunnelCsum            bool
	TrafficEncryptionMode TrafficEncryptionModeType
	IPsecConfig           IPsecConfig
	TransportIface        string
	TransportIfaceCIDRs   []string
	IPv4Enabled           bool
	IPv6Enabled           bool
	// MTUDeduction is the MTU deduction for encapsulation and encryption in cluster.
	MTUDeduction int
	// WireGuardMTUDeduction is the MTU deduction for WireGuard encryption.
	// It is calculated based on whether IPv6 is used.
	WireGuardMTUDeduction int
	// Set by the defaultMTU config option or auto discovered.
	// Auto discovery will use MTU value of the Node's transport interface.
	// For Encap and Hybrid mode, InterfaceMTU will be adjusted to account for
	// encap header.
	InterfaceMTU int

	EnableMulticlusterGW       bool
	MulticlusterEncryptionMode TrafficEncryptionModeType
}

NetworkConfig includes user provided network configuration parameters.

func (*NetworkConfig) CalculateMTUDeduction added in v1.11.0

func (nc *NetworkConfig) CalculateMTUDeduction(isIPv6 bool) int

func (*NetworkConfig) NeedsDirectRoutingToPeer added in v1.3.0

func (nc *NetworkConfig) NeedsDirectRoutingToPeer(peerIP net.IP, localIP *net.IPNet) bool

NeedsDirectRoutingToPeer returns true if Pod traffic to peer Node needs a direct route installed to the routing table.

func (*NetworkConfig) NeedsTunnelInterface added in v1.11.0

func (nc *NetworkConfig) NeedsTunnelInterface() bool

func (*NetworkConfig) NeedsTunnelToPeer added in v1.3.0

func (nc *NetworkConfig) NeedsTunnelToPeer(peerIP net.IP, localIP *net.IPNet) bool

NeedsTunnelToPeer returns true if Pod traffic to peer Node needs to be encapsulated by OVS tunneling.

type NodeConfig

type NodeConfig struct {
	// The Node's name used in Kubernetes.
	Name string
	// The type to identify it is a Kubernetes Node or an external Node.
	Type NodeType
	// The name of the OpenVSwitch bridge antrea-agent uses.
	OVSBridge string
	// The name of the default tunnel interface. Defaults to "antrea-tun0", but can
	// be overridden by the discovered tunnel interface name from the OVS bridge.
	DefaultTunName string
	// The CIDR block from which to allocate IPv4 address to Pod.
	// It's nil for the networkPolicyOnly trafficEncapMode which doesn't do IPAM.
	PodIPv4CIDR *net.IPNet
	// The CIDR block from where to allocate IPv6 address to Pod.
	// It's nil for the networkPolicyOnly trafficEncapMode which doesn't do IPAM.
	PodIPv6CIDR *net.IPNet
	// The Node's IPv4 address used in Kubernetes. It has the network mask information.
	NodeIPv4Addr *net.IPNet
	// The Node's IPv6 address used in Kubernetes. It has the network mask information.
	NodeIPv6Addr *net.IPNet
	// The name of the Node's transport interface. The transport interface defaults to the interface that has the K8s
	// Node IP, and can be overridden by the configuration parameters TransportInterface and TransportInterfaceCIDRs.
	NodeTransportInterfaceName string
	// The IPv4 address on the Node's transport interface. It is used for tunneling or routing the Pod traffic across Nodes.
	NodeTransportIPv4Addr *net.IPNet
	// The IPv6 address on the Node's transport interface. It is used for tunneling or routing the Pod traffic across Nodes.
	NodeTransportIPv6Addr *net.IPNet
	// The original MTU of the Node's transport interface.
	NodeTransportInterfaceMTU int
	// TunnelOFPort is the OpenFlow port number of tunnel interface allocated by OVS. With noEncap mode, the value is 0.
	TunnelOFPort uint32
	// HostInterfaceOFPort is the OpenFlow port number of the host interface allocated by OVS. The host interface is the
	// one which the IP/MAC of the uplink is moved to. If the host interface is the OVS bridge interface (br-int), the
	// value is config.BridgeOFPort.
	HostInterfaceOFPort uint32
	// The config of the gateway interface on the OVS bridge.
	GatewayConfig *GatewayConfig
	// The config of the OVS bridge uplink interface. Only for Windows Node.
	UplinkNetConfig *AdapterNetConfig
	// The config of the WireGuard interface.
	WireGuardConfig *WireGuardConfig
	// The config of the Egress interface.
	EgressConfig *EgressConfig
}

Local Node configurations retrieved from K8s API or host networking state.

func (*NodeConfig) String

func (n *NodeConfig) String() string

type NodeType added in v1.8.0

type NodeType uint8
const (
	K8sNode NodeType = iota
	ExternalNode
)

func (NodeType) String added in v1.8.0

func (t NodeType) String() string

type ServiceConfig added in v1.7.0

type ServiceConfig struct {
	ServiceCIDR           *net.IPNet // K8s Service ClusterIP CIDR
	ServiceCIDRv6         *net.IPNet // K8s Service ClusterIP CIDR in IPv6
	NodePortAddressesIPv4 []net.IP
	NodePortAddressesIPv6 []net.IP
}

ServiceConfig includes K8s Service CIDR and available IP addresses for NodePort.

type TrafficEncapModeType

type TrafficEncapModeType int
const (
	TrafficEncapModeEncap TrafficEncapModeType = iota
	TrafficEncapModeNoEncap
	TrafficEncapModeHybrid
	TrafficEncapModeNetworkPolicyOnly
	TrafficEncapModeInvalid = -1
)

func GetTrafficEncapModeFromStr

func GetTrafficEncapModeFromStr(str string) (bool, TrafficEncapModeType)

GetTrafficEncapModeFromStr returns true and TrafficEncapModeType corresponding to input string. Otherwise, false and undefined value is returned

func GetTrafficEncapModes

func GetTrafficEncapModes() []TrafficEncapModeType

func (TrafficEncapModeType) IsNetworkPolicyOnly

func (m TrafficEncapModeType) IsNetworkPolicyOnly() bool

IsNetworkPolicyOnly returns true if TrafficEncapModeType is network policy only.

func (TrafficEncapModeType) String

func (m TrafficEncapModeType) String() string

String returns value in string.

func (TrafficEncapModeType) SupportsEncap

func (m TrafficEncapModeType) SupportsEncap() bool

SupportsEncap returns true if TrafficEncapModeType supports encap.

func (TrafficEncapModeType) SupportsNoEncap

func (m TrafficEncapModeType) SupportsNoEncap() bool

SupportsNoEncap returns true if TrafficEncapModeType supports noEncap.

type TrafficEncryptionModeType added in v1.3.0

type TrafficEncryptionModeType int
const (
	TrafficEncryptionModeNone TrafficEncryptionModeType = iota
	TrafficEncryptionModeIPSec
	TrafficEncryptionModeWireGuard
	TrafficEncryptionModeInvalid = -1
)

func GetTrafficEncryptionModeFromStr added in v1.3.0

func GetTrafficEncryptionModeFromStr(str string) (bool, TrafficEncryptionModeType)

GetTrafficEncryptionModeFromStr returns true and TrafficEncryptionModeType corresponding to input string. Otherwise, false and undefined value is returned

func GetTrafficEncryptionModes added in v1.3.0

func GetTrafficEncryptionModes() []TrafficEncryptionModeType

func (TrafficEncryptionModeType) String added in v1.3.0

func (m TrafficEncryptionModeType) String() string

String returns value in string.

type WireGuardConfig added in v1.3.0

type WireGuardConfig struct {
	// Name is the name of WireGurad interface. e.g. antrea-wg0.
	Name string
	// LinkIndex is the link index of WireGuard interface.
	LinkIndex int
	// Port is the port for the WireGuard to receive traffic.
	Port int
	// The MTU of WireGuard interface.
	MTU int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL