route

package
v1.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// SyncInterval is exported so that sync interval can be configured for running integration test with
	// smaller values. It is meant to be used internally by Run.
	SyncInterval = 60 * time.Second
)

Functions

This section is empty.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client takes care of routing container packets in host network, coordinating ip route, ip rule, iptables and ipset.

func NewClient

func NewClient(networkConfig *config.NetworkConfig,
	noSNAT bool,
	proxyAll bool,
	connectUplinkToBridge bool,
	nodeNetworkPolicyEnabled bool,
	multicastEnabled bool,
	serviceCIDRProvider servicecidr.Interface) (*Client, error)

NewClient returns a route client.

func (*Client) AddEgressRoutes added in v1.15.0

func (c *Client) AddEgressRoutes(tableID uint32, dev int, gateway net.IP, prefixLength int) error

func (*Client) AddEgressRule added in v1.15.0

func (c *Client) AddEgressRule(tableID uint32, mark uint32) error

func (*Client) AddExternalIPRoute added in v1.12.0

func (c *Client) AddExternalIPRoute(externalIP net.IP) error

AddExternalIPRoute adds a route entry that forwards traffic destined for the external IP to the Antrea gateway interface.

func (*Client) AddLocalAntreaFlexibleIPAMPodRule added in v1.4.0

func (c *Client) AddLocalAntreaFlexibleIPAMPodRule(podAddresses []net.IP) error

AddLocalAntreaFlexibleIPAMPodRule is used to add IP to target ip set when an AntreaFlexibleIPAM Pod is added. An entry is added for every Pod IP.

func (*Client) AddNodePort added in v1.4.0

func (c *Client) AddNodePort(nodePortAddresses []net.IP, port uint16, protocol binding.Protocol) error

AddNodePort is used to add IP,port:protocol entries to target ip set when a NodePort Service is added. An entry is added for every NodePort IP.

func (*Client) AddOrUpdateNodeNetworkPolicyIPSet added in v1.15.0

func (c *Client) AddOrUpdateNodeNetworkPolicyIPSet(ipsetName string, ipsetEntries sets.Set[string], isIPv6 bool) error

func (*Client) AddOrUpdateNodeNetworkPolicyIPTables added in v1.15.0

func (c *Client) AddOrUpdateNodeNetworkPolicyIPTables(iptablesChains []string, iptablesRules [][]string, isIPv6 bool) error
func (c *Client) AddRouteForLink(cidr *net.IPNet, linkIndex int) error

func (*Client) AddRoutes

func (c *Client) AddRoutes(podCIDR *net.IPNet, nodeName string, nodeIP, nodeGwIP net.IP) error

AddRoutes adds routes to a new podCIDR. It overrides the routes if they already exist.

func (*Client) AddSNATRule

func (c *Client) AddSNATRule(snatIP net.IP, mark uint32) error

func (*Client) ClearConntrackEntryForService added in v1.13.0

func (c *Client) ClearConntrackEntryForService(svcIP net.IP, svcPort uint16, endpointIP net.IP, protocol binding.Protocol) error

func (*Client) DeleteEgressRoutes added in v1.15.0

func (c *Client) DeleteEgressRoutes(tableID uint32) error

func (*Client) DeleteEgressRule added in v1.15.0

func (c *Client) DeleteEgressRule(tableID uint32, mark uint32) error

func (*Client) DeleteExternalIPRoute added in v1.12.0

func (c *Client) DeleteExternalIPRoute(externalIP net.IP) error

DeleteExternalIPRoute deletes the route entry for the external IP.

func (*Client) DeleteLocalAntreaFlexibleIPAMPodRule added in v1.4.0

func (c *Client) DeleteLocalAntreaFlexibleIPAMPodRule(podAddresses []net.IP) error

DeletLocaleAntreaFlexibleIPAMPodRule is used to delete related IP set entries when an AntreaFlexibleIPAM Pod is deleted.

func (*Client) DeleteNodeNetworkPolicyIPSet added in v1.15.0

func (c *Client) DeleteNodeNetworkPolicyIPSet(ipsetName string, isIPv6 bool) error

func (*Client) DeleteNodeNetworkPolicyIPTables added in v1.15.0

func (c *Client) DeleteNodeNetworkPolicyIPTables(iptablesChains []string, isIPv6 bool) error

func (*Client) DeleteNodePort added in v1.4.0

func (c *Client) DeleteNodePort(nodePortAddresses []net.IP, port uint16, protocol binding.Protocol) error

DeleteNodePort is used to delete related IP set entries when a NodePort Service is deleted.

func (c *Client) DeleteRouteForLink(cidr *net.IPNet, linkIndex int) error

func (*Client) DeleteRoutes

func (c *Client) DeleteRoutes(podCIDR *net.IPNet) error

DeleteRoutes deletes routes to a PodCIDR. It does nothing if the routes doesn't exist.

func (*Client) DeleteSNATRule

func (c *Client) DeleteSNATRule(mark uint32) error

func (*Client) Initialize

func (c *Client) Initialize(nodeConfig *config.NodeConfig, done func()) error

Initialize initializes all infrastructures required to route container packets in host network. It is idempotent and can be safely called on every startup.

func (*Client) MigrateRoutesToGw

func (c *Client) MigrateRoutesToGw(linkName string) error

MigrateRoutesToGw moves routes (including assigned IP addresses if any) from link linkName to host gateway.

func (*Client) Reconcile

func (c *Client) Reconcile(podCIDRs []string) error

Reconcile removes orphaned podCIDRs from ipset and removes routes to orphaned podCIDRs based on the desired podCIDRs.

func (*Client) RestoreEgressRoutesAndRules added in v1.15.0

func (c *Client) RestoreEgressRoutesAndRules(minTableID, maxTableID int) error

RestoreEgressRoutesAndRules simply deletes all IP routes and rules created for Egresses for now. It may be better to keep the ones whose Egress IPs are still on this Node, but it's a bit hard to achieve it at the moment because the marks are not permanent and could change upon restart.

func (*Client) Run

func (c *Client) Run(stopCh <-chan struct{})

Run waits for iptables initialization, then periodically syncs iptables rules. It will not return until stopCh is closed.

func (*Client) UnMigrateRoutesFromGw

func (c *Client) UnMigrateRoutesFromGw(route *net.IPNet, linkName string) error

UnMigrateRoutesFromGw moves route from gw to link linkName if provided; otherwise route is deleted

type Interface

type Interface interface {
	// Initialize should initialize all infrastructures required to route container packets in host network.
	// It should be idempotent and can be safely called on every startup.
	Initialize(nodeConfig *config.NodeConfig, done func()) error

	// Reconcile should remove orphaned routes and related configuration based on the desired podCIDRs.
	// If IPv6 is enabled in the cluster, Reconcile should also remove the orphaned IPv6 neighbors.
	Reconcile(podCIDRs []string) error

	// AddRoutes should add routes to the provided podCIDR.
	// It should override the routes if they already exist, without error.
	AddRoutes(podCIDR *net.IPNet, peerNodeName string, peerNodeIP, peerGwIP net.IP) error

	// DeleteRoutes should delete routes to the provided podCIDR.
	// It should do nothing if the routes don't exist, without error.
	DeleteRoutes(podCIDR *net.IPNet) error

	// MigrateRoutesToGw should move routes from device linkname to local gateway.
	MigrateRoutesToGw(linkName string) error

	// UnMigrateRoutesFromGw should move routes back from local gateway to original device linkName
	// if linkName is nil, it should remove the routes.
	UnMigrateRoutesFromGw(route *net.IPNet, linkName string) error

	// AddSNATRule should add rule to SNAT outgoing traffic with the mark, using the provided SNAT IP.
	AddSNATRule(snatIP net.IP, mark uint32) error

	// DeleteSNATRule should delete rule to SNAT outgoing traffic with the mark.
	DeleteSNATRule(mark uint32) error

	// RestoreEgressRoutesAndRules restores the routes and rules configured on the system for Egresses to the cache.
	RestoreEgressRoutesAndRules(minTableID, maxTableID int) error

	// AddEgressRoutes creates a route table which routes Egress traffic to the provided gateway via the device.
	AddEgressRoutes(tableID uint32, dev int, gateway net.IP, prefixLength int) error

	// DeleteEgressRoutes deletes the routes installed by AddEgressRoute.
	DeleteEgressRoutes(tableID uint32) error

	// AddEgressRule creates an IP rule which makes Egress traffic with the provided mark look up the specified table.
	AddEgressRule(tableID uint32, mark uint32) error

	// DeleteEgressRule deletes the IP rule installed by AddEgressRule.
	DeleteEgressRule(tableID uint32, mark uint32) error

	// AddNodePort adds configurations when a NodePort Service is created.
	AddNodePort(nodePortAddresses []net.IP, port uint16, protocol binding.Protocol) error

	// DeleteNodePort deletes related configurations when a NodePort Service is deleted.
	DeleteNodePort(nodePortAddresses []net.IP, port uint16, protocol binding.Protocol) error

	// AddExternalIPRoute adds a route entry when an external IP is added.
	AddExternalIPRoute(externalIP net.IP) error

	// DeleteExternalIPRoute deletes the related route entry when an external IP is deleted.
	DeleteExternalIPRoute(externalIP net.IP) error

	// Run starts the sync loop.
	Run(stopCh <-chan struct{})

	// AddLocalAntreaFlexibleIPAMPodRule is used to add IP to target ip set when an AntreaFlexibleIPAM Pod is added. An entry is added
	// for every Pod IP.
	AddLocalAntreaFlexibleIPAMPodRule(podAddresses []net.IP) error

	// DeleteLocalAntreaFlexibleIPAMPodRule is used to delete related IP set entries when an AntreaFlexibleIPAM Pod is deleted.
	DeleteLocalAntreaFlexibleIPAMPodRule(podAddresses []net.IP) error

	// AddRouteForLink adds a route entry for a specific link in format:
	// "dstCIDR" dev "link" scope link
	AddRouteForLink(dstCIDR *net.IPNet, linkIndex int) error

	// DeleteRouteForLink deletes a route entry for a specific link.
	DeleteRouteForLink(dstCIDR *net.IPNet, linkIndex int) error

	// ClearConntrackEntryForService deletes a conntrack entry for a Service connection.
	ClearConntrackEntryForService(svcIP net.IP, svcPort uint16, endpointIP net.IP, protocol binding.Protocol) error

	// AddOrUpdateNodeNetworkPolicyIPSet adds or updates ipset created for NodeNetworkPolicy.
	AddOrUpdateNodeNetworkPolicyIPSet(ipsetName string, ipsetEntries sets.Set[string], isIPv6 bool) error

	// DeleteNodeNetworkPolicyIPSet deletes ipset created for NodeNetworkPolicy.
	DeleteNodeNetworkPolicyIPSet(ipsetName string, isIPv6 bool) error

	// AddOrUpdateNodeNetworkPolicyIPTables adds or updates iptables chains and rules within the chains for NodeNetworkPolicy.
	AddOrUpdateNodeNetworkPolicyIPTables(iptablesChains []string, iptablesRules [][]string, isIPv6 bool) error

	// DeleteNodeNetworkPolicyIPTables deletes iptables chains and rules within the chains for NodeNetworkPolicy.
	DeleteNodeNetworkPolicyIPTables(iptablesChains []string, isIPv6 bool) error
}

Interface is the interface for routing container packets in host network.

Directories

Path Synopsis
Code generated by MockGen.
Code generated by MockGen.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL