Documentation
¶
Index ¶
- Constants
- Variables
- type Address
- type AddressCategory
- type AddressType
- type BitRange
- type ByPriority
- type IGMPNPRuleInfo
- type MatchKey
- type McastNetworkPolicyController
- type NodePolicyRule
- type PodUpdate
- type PolicyRule
- type Priority
- type RoundInfo
- type RuleMetric
- type ServiceConfig
- type TrafficControlFlowPriority
Constants ¶
View Source
const ( // NodeMACAddressAnnotationKey represents the key of the Node's MAC address in the Annotations of the Node. NodeMACAddressAnnotationKey string = "node.antrea.io/mac-address" // NodeTransportAddressAnnotationKey represents the key of the interface's IP addresses on which the Node transfers Pod traffic in the Annotations of the Node. NodeTransportAddressAnnotationKey string = "node.antrea.io/transport-addresses" // NodeWireGuardPublicAnnotationKey represents the key of the Node's WireGuard public key in the Annotations of the Node. NodeWireGuardPublicAnnotationKey string = "node.antrea.io/wireguard-public-key" // NodeMaxEgressIPsAnnotationKey represents the key of maximum Egress IP number in the Annotations of the Node. NodeMaxEgressIPsAnnotationKey string = "node.antrea.io/max-egress-ips" // ServiceExternalIPPoolAnnotationKey is the key of the Service annotation that specifies the Service's desired external IP pool. ServiceExternalIPPoolAnnotationKey string = "service.antrea.io/external-ip-pool" // ServiceLoadBalancerModeAnnotationKey is the key of the Service annotation that specifies the Service's load balancer mode. ServiceLoadBalancerModeAnnotationKey string = "service.antrea.io/load-balancer-mode" // L7FlowExporterAnnotationKey is the key of the L7 network flow export annotation that enables L7 network flow export for annotated Pod or Namespace based on the value of annotation which is direction of traffic. L7FlowExporterAnnotationKey string = "visibility.antrea.io/l7-export" )
View Source
const ( // MinEgressRouteTable to MaxEgressRouteTable are the route table IDs that can be configured on a Node for Egress traffic. // Each distinct subnet uses one route table. 20 subnets should be enough. MinEgressRouteTable = 101 MaxEgressRouteTable = 120 )
IP Route tables
View Source
const ( // HostLocalSourceBit is the bit of the iptables fwmark space to mark locally generated packets. // Value must be within the range [0, 31], and should not conflict with bits for other purposes. HostLocalSourceBit = 31 )
Variables ¶
View Source
var ( McastAllHosts = net.ParseIP("224.0.0.1").To4() IGMPv3Router = net.ParseIP("224.0.0.22").To4() _, McastCIDR, _ = net.ParseCIDR("224.0.0.0/4") )
View Source
var ( // HostLocalSourceMark is the mark generated from HostLocalSourceBit. HostLocalSourceMark = uint32(1 << HostLocalSourceBit) // SNATIPMarkMask is the bits of packet mark that stores the ID of the // SNAT IP for a "Pod -> external" egress packet, that is to be SNAT'd. SNATIPMarkMask = uint32(0xFF) )
Functions ¶
This section is empty.
Types ¶
type Address ¶
type Address interface {
GetMatchValue() string
GetMatchKey(addrType AddressType) *MatchKey
GetValue() interface{}
}
type AddressCategory ¶
type AddressCategory uint8
const ( IPAddr AddressCategory = iota IPNetAddr OFPortAddr L4PortAddr ICMPAddr ServiceGroupIDAddr IGMPAddr LabelIDAddr TCPFlagsAddr CTStateAddr UnSupported )
type BitRange ¶
A BitRange is a representation of a range of values from base value with a bitmask applied.
type ByPriority ¶
type ByPriority []Priority
ByPriority sorts a list of Priority by their relative TierPriority, PolicyPriority and RulePriority, in that order. It implements sort.Interface.
func (ByPriority) Len ¶
func (bp ByPriority) Len() int
func (ByPriority) Less ¶
func (bp ByPriority) Less(i, j int) bool
func (ByPriority) Swap ¶
func (bp ByPriority) Swap(i, j int)
type IGMPNPRuleInfo ¶ added in v1.8.0
type IGMPNPRuleInfo struct {
RuleAction v1beta1.RuleAction
UUID apitypes.UID
NPType *v1beta2.NetworkPolicyType
Name string
}
type MatchKey ¶
type MatchKey struct {
// contains filtered or unexported fields
}
func NewMatchKey ¶
func NewMatchKey(proto binding.Protocol, valueCategory AddressCategory, keyString string) *MatchKey
func (*MatchKey) GetKeyString ¶
func (*MatchKey) GetOFProtocol ¶
func (*MatchKey) GetValueCategory ¶
func (m *MatchKey) GetValueCategory() AddressCategory
type McastNetworkPolicyController ¶ added in v1.8.0
type McastNetworkPolicyController interface {
// GetIGMPNPRuleInfo looks up the IGMP NetworkPolicy rule that matches the given Pod and groupAddress,
// and returns the rule information if found.
GetIGMPNPRuleInfo(podname, podNamespace string, groupAddress net.IP, igmpType uint8) (*IGMPNPRuleInfo, error)
}
type NodePolicyRule ¶ added in v1.15.0
type PolicyRule ¶
type PolicyRule struct {
Direction v1beta2.Direction
From []Address
To []Address
Service []v1beta2.Service
L7Protocols []v1beta2.L7Protocol
L7RuleVlanID *uint32
Action *secv1beta1.RuleAction
Priority *uint16
Name string
FlowID uint32
TableID uint8
PolicyRef *v1beta2.NetworkPolicyReference
EnableLogging bool
LogLabel string
}
PolicyRule groups configurations to set up conjunctive match for egress/ingress policy rules.
func (*PolicyRule) IsAntreaNetworkPolicyRule ¶
func (r *PolicyRule) IsAntreaNetworkPolicyRule() bool
IsAntreaNetworkPolicyRule returns if a PolicyRule is created for Antrea NetworkPolicy types.
type Priority ¶
Priority is a struct that is composed of Antrea NetworkPolicy priority, rule priority and Tier priority. It is used as the basic unit for priority sorting.
func (*Priority) InSamePriorityZone ¶
InSamePriorityZone returns true if two Priorities are of the same Tier and same priority at policy level.
func (*Priority) IsConsecutive ¶
IsConsecutive returns true if two Priorties are immediately next to each other.
type RoundInfo ¶
type RoundInfo struct {
RoundNum uint64
// PrevRoundNum is nil if this is the first round or the previous round
// number could not be retrieved.
PrevRoundNum *uint64
}
RoundInfo identifies the current agent "round". Each round is indentified by a round number, which is incremented every time the agent is restarted. The round number is persisted on the Node in OVSDB.
type RuleMetric ¶
type RuleMetric struct {
Bytes, Packets, Sessions uint64
}
func (*RuleMetric) Merge ¶
func (m *RuleMetric) Merge(m1 *RuleMetric)
type ServiceConfig ¶ added in v1.13.0
type ServiceConfig struct {
ServiceIP net.IP
ServicePort uint16
Protocol openflow.Protocol
TrafficPolicyLocal bool
LocalGroupID openflow.GroupIDType
ClusterGroupID openflow.GroupIDType
AffinityTimeout uint16
// IsExternal indicates that whether the Service is externally accessible.
// It's true for NodePort, LoadBalancerIP and ExternalIP.
IsExternal bool
IsNodePort bool
// IsNested indicates the whether Service's Endpoints are ClusterIPs of other Services. It's used in multi-cluster.
IsNested bool
// IsDSR indicates that whether the Service works in Direct Server Return mode.
IsDSR bool
}
ServiceConfig contains the configuration needed to install flows for a given Service entrypoint.
func (*ServiceConfig) TrafficPolicyGroupID ¶ added in v1.13.0
func (c *ServiceConfig) TrafficPolicyGroupID() openflow.GroupIDType
type TrafficControlFlowPriority ¶ added in v1.15.0
type TrafficControlFlowPriority string
TrafficControlFlowPriority sets the priority for flows installed by OpenFlow client using InstallTrafficControlMarkFlows method.
const ( // TrafficControlFlowPriorityHigh is not used yet. TrafficControlFlowPriorityHigh TrafficControlFlowPriority = "high" // TrafficControlFlowPriorityMedium is for user-defined TrafficControl CRs. TrafficControlFlowPriorityMedium TrafficControlFlowPriority = "medium" // TrafficControlFlowPriorityLow is not used yet. TrafficControlFlowPriorityLow TrafficControlFlowPriority = "low" )
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.