util

package
v1.6.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 15, 2024 License: MIT Imports: 16 Imported by: 3

Documentation

Overview

Copyright 2018 Microsoft. All rights reserved. MIT License

Copyright 2018 Microsoft. All rights reserved. MIT License

Index

Constants

View Source
const (
	KubeSystemFlag             string = "kube-system"
	KubePodTemplateHashFlag    string = "pod-template-hash"
	KubeAllPodsFlag            string = "all-pod"
	KubeAllNamespacesFlag      string = "all-namespaces"
	KubeAppFlag                string = "k8s-app"
	KubeProxyFlag              string = "kube-proxy"
	KubePodStatusFailedFlag    string = "Failed"
	KubePodStatusSucceededFlag string = "Succeeded"
	KubePodStatusUnknownFlag   string = "Unknown"
)

kubernetes related constants.

View Source
const (
	PlaceAzureChainAfterKubeServices = false
	PlaceAzureChainFirst             = true

	IptablesNft                string = "iptables-nft"
	Ip6tablesLegacy            string = "ip6tables" //nolint (avoid warning to capitalize this p)
	IptablesSaveNft            string = "iptables-nft-save"
	IptablesRestoreNft         string = "iptables-nft-restore"
	IptablesLegacy             string = "iptables"
	IptablesSaveLegacy         string = "iptables-save"
	IptablesRestoreLegacy      string = "iptables-restore"
	IptablesRestoreNoFlushFlag string = "--noflush"
	IptablesRestoreTableFlag   string = "-T"
	IptablesRestoreCommit      string = "COMMIT"
	IptablesConfigFile         string = "/var/log/iptables.conf"
	IptablesTestConfigFile     string = "/var/log/iptables-test.conf"
	IptablesLockFile           string = "/run/xtables.lock"
	IptablesChainCreationFlag  string = "-N"
	IptablesInsertionFlag      string = "-I"
	IptablesAppendFlag         string = "-A"
	IptablesDeletionFlag       string = "-D"
	IptablesFlushFlag          string = "-F"
	IptablesCheckFlag          string = "-C"
	IptablesDestroyFlag        string = "-X"
	IptablesJumpFlag           string = "-j"
	IptablesWaitFlag           string = "-w"
	IptablesDefaultWaitTime    string = "60"
	IptablesAccept             string = "ACCEPT"
	IptablesReject             string = "REJECT"
	IptablesDrop               string = "DROP"
	IptablesReturn             string = "RETURN"
	IptablesMark               string = "MARK"
	IptablesSrcFlag            string = "src"
	IptablesDstFlag            string = "dst"
	IptablesNamedPortFlag      string = "dst,dst"
	IptablesNotFlag            string = "!"
	IptablesProtFlag           string = "-p"
	IptablesSFlag              string = "-s"
	IptablesDFlag              string = "-d"
	IptablesDstPortFlag        string = "--dport"
	IptablesSrcPortFlag        string = "--sport"
	IptablesModuleFlag         string = "-m"
	IptablesSetModuleFlag      string = "set"
	IptablesMatchSetFlag       string = "--match-set"
	IptablesSetMarkFlag        string = "--set-mark"
	IptablesMarkFlag           string = "--mark"
	IptablesMarkVerb           string = "mark"
	IptablesStateModuleFlag    string = "state"
	IptablesStateFlag          string = "--state"
	IptablesCtstateModuleFlag  string = "conntrack" // state module is obsolete: https://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
	IptablesCtstateFlag        string = "--ctstate"
	IptablesMultiportFlag      string = "multiport"
	IptablesRelatedState       string = "RELATED"
	IptablesEstablishedState   string = "ESTABLISHED"
	IptablesNewState           string = "NEW"
	IptablesFilterTable        string = "filter"
	IptablesMangleTable        string = "mangle"
	IptablesCommentModuleFlag  string = "comment"
	IptablesCommentFlag        string = "--comment"
	IptablesAddCommentFlag

	IptablesTableFlag       string = "-t"
	IptablesListFlag        string = "-L"
	IptablesNumericFlag     string = "-n"
	IptablesLineNumbersFlag string = "--line-numbers"

	IptablesKubeServicesChain          string = "KUBE-SERVICES"
	IptablesForwardChain               string = "FORWARD"
	IptablesInputChain                 string = "INPUT"
	IptablesAzureChain                 string = "AZURE-NPM"
	IptablesAzureAcceptChain           string = "AZURE-NPM-ACCEPT"
	IptablesAzureKubeSystemChain       string = "AZURE-NPM-KUBE-SYSTEM"
	IptablesAzureIngressChain          string = "AZURE-NPM-INGRESS"
	IptablesAzureIngressAllowMarkChain string = "AZURE-NPM-INGRESS-ALLOW-MARK"
	IptablesAzureEgressChain           string = "AZURE-NPM-EGRESS"

	// Chains used in NPM v1
	IptablesAzureIngressPortChain  string = "AZURE-NPM-INGRESS-PORT"
	IptablesAzureIngressFromChain  string = "AZURE-NPM-INGRESS-FROM"
	IptablesAzureEgressPortChain   string = "AZURE-NPM-EGRESS-PORT"
	IptablesAzureEgressToChain     string = "AZURE-NPM-EGRESS-TO"
	IptablesAzureIngressDropsChain string = "AZURE-NPM-INGRESS-DROPS"
	IptablesAzureEgressDropsChain  string = "AZURE-NPM-EGRESS-DROPS"

	// NPM v2 Chains
	IptablesAzureIngressPolicyChainPrefix string = "AZURE-NPM-INGRESS"
	IptablesAzureEgressPolicyChainPrefix  string = "AZURE-NPM-EGRESS"

	// Below chain exists only in NPM before v1.2.6
	IptablesAzureTargetSetsChain string = "AZURE-NPM-TARGET-SETS"
	// Below chain existing only in NPM before v1.2.7
	IptablesAzureIngressWrongDropsChain string = "AZURE-NPM-INRGESS-DROPS"
	// Below chains exists only for before Azure-NPM:v1.0.27
	// and should be removed after a baking period.
	IptablesAzureIngressFromNsChain  string = "AZURE-NPM-INGRESS-FROM-NS"
	IptablesAzureIngressFromPodChain string = "AZURE-NPM-INGRESS-FROM-POD"
	IptablesAzureEgressToNsChain     string = "AZURE-NPM-EGRESS-TO-NS"
	IptablesAzureEgressToPodChain    string = "AZURE-NPM-EGRESS-TO-POD"

	// Below are the skb->mark NPM will use for different criteria
	// for V1
	IptablesAzureClearMarkHex string = "0x0"
	// for v2, deprecated
	IptablesAzureClearMarkHexV2 string = "0x0/0xE00"

	// marks in NPM v2
	// NPM uses the 3rd word of the 32-bit mark for the purpose of
	// identifying the traffic direction and decision making.
	// NPM uses 9th, 10th and 11th bit for marking
	IptablesAzureIngressAllowMarkHex string = "0x200/0x200"
	IptablesAzureIngressDropMarkHex  string = "0x400/0x400"
	IptablesAzureEgressDropMarkHex   string = "0x800/0x800"

	// marks in NPM v1
	IptablesAzureIngressMarkHex string = "0x2000"
	// IptablesAzureEgressXMarkHex is used for us to not override but append to the existing MARK
	// https://unix.stackexchange.com/a/283455 comment contains the explanation on
	// MARK manipulations with offset.
	IptablesAzureEgressXMarkHex string = "0x1000/0x1000"
	// IptablesAzureEgressMarkHex is for checking the absolute value of the mark
	IptablesAzureEgressMarkHex string = "0x1000"
	IptablesAzureAcceptMarkHex string = "0x3000"
)

iptables related constants.

View Source
const (
	Ipset               string = "ipset"
	IpsetSaveFlag       string = "save"
	IpsetRestoreFlag    string = "restore"
	IpsetConfigFile     string = "/var/log/ipset.conf"
	IpsetTestConfigFile string = "/var/log/ipset-test.conf"
	IpsetCreationFlag   string = "-N"
	IpsetAppendFlag     string = "-A"
	IpsetDeletionFlag   string = "-D"
	IpsetFlushFlag      string = "-F"
	IpsetDestroyFlag    string = "-X"

	IpsetExistFlag     string = "-exist"
	IpsetFileFlag      string = "-file"
	IPsetCheckListFlag string = "list"
	IpsetTestFlag      string = "test"

	IpsetSetGenericFlag string = "setgeneric" // not used in ipset commands, used as an internal identifier for nethash/hash:ip,port
	IpsetSetListFlag    string = "setlist"
	IpsetNetHashFlag    string = "nethash"
	IpsetIPPortHashFlag string = "hash:ip,port"

	IpsetUDPFlag  string = "udp:"
	IpsetSCTPFlag string = "sctp:"
	IpsetTCPFlag  string = "tcp:"

	IpsetLabelDelimter string = ":"

	AzureNpmFlag   string = "azure-npm"
	AzureNpmPrefix string = "azure-npm-"

	IpsetMaxelemName string = "maxelem" // todo, what's using this?
	IpsetMaxelemNum  string = "4294967295"

	IpsetNomatch string = "nomatch"

	// Prefixes for ipsets
	NamedPortIPSetPrefix string = "namedport:"
	NamespacePrefix      string = "ns-"
	NamespaceLabelPrefix string = "nslabel-"
	PodLabelPrefix       string = "podlabel-"
	CIDRPrefix           string = "cidr-"
	NestedLabelPrefix    string = "nestedlabel-"
	EmptySetPrefix       string = "empty-"

	NegationPrefix string = "not-"

	SetPolicyDelimiter string = ","
)

ipset related constants.

View Source
const (
	BashCommand     string = "bash"
	BashCommandFlag string = "-c"
)
View Source
const (
	AddNamespaceEvent    string = "Add Namespace"
	UpdateNamespaceEvent string = "Update Namespace"
	DeleteNamespaceEvent string = "Delete Namespace"

	AddPodEvent    string = "Add Pod"
	UpdatePodEvent string = "Update Pod"
	DeletePodEvent string = "Delete Pod"

	AddNetworkPolicyEvent    string = "Add network policy"
	UpdateNetworkPolicyEvent string = "Update network policy"
	DeleteNetworkPolicyEvent string = "Delete network policy"

	ErrorMetric  string = "ErrorMetric"
	PackageName  string = "PackageName"
	FunctionName string = "FunctionName"
	ErrorCode    string = "ErrorCode"

	// Default batch size in AI telemetry
	// Defined here https://docs.microsoft.com/en-us/azure/azure-monitor/app/pricing
	BatchSizeInBytes          int = 32768
	BatchIntervalInSecs       int = 30
	RefreshTimeoutInSecs      int = 15
	GetEnvRetryCount          int = 5
	GetEnvRetryWaitTimeInSecs int = 3
	AiInitializeRetryCount    int = 3
	AiInitializeRetryInMin    int = 1

	DebugMode bool = true

	ErrorValue float64 = 1
)

NPM telemetry constants.

View Source
const (
	// AzureNetworkName is the default network Azure CNI creates
	AzureNetworkName = "azure"
	// CalicoNetworkName is the default network Calico CNI creates
	CalicoNetworkName = "Calico"
)
View Source
const (
	NpmID  int = iota + 1
	IpsmID     // ipsetmanager in v2
	IptmID     // policymanager in v2
	NSID
	PodID
	NetpolID
	UtilID
	DaemonID
	ControllerID
	DaemonDataplaneID // for v2
	FanOutServerID    // for v2
)

These ID represents where did the error log generate from. It's for better query purpose. In Kusto these value are used in OperationID column

Variables

View Source
var (
	Iptables        = IptablesNft
	Ip6tables       = Ip6tablesLegacy //nolint (avoid warning to capitalize this p)
	IptablesSave    = IptablesSaveNft
	IptablesRestore = IptablesRestoreNft
)
View Source
var ErrEmptyNodeIP = errors.New("error: node IP is empty")

Functions

func AppendMap

func AppendMap(base, new map[string]string) map[string]string

AppendMap appends new to base.

func ClearAndAppendMap

func ClearAndAppendMap(base, new map[string]string) map[string]string

ClearAndAppendMap clears base and appends new to base.

func CompareK8sVer

func CompareK8sVer(firstVer *version.Info, secondVer *version.Info) int

CompareK8sVer compares two k8s versions. returns -1, 0, 1 if firstVer smaller, equals, bigger than secondVer respectively. returns -2 for error.

func CompareResourceVersions

func CompareResourceVersions(rvOld string, rvNew string) bool

CompareResourceVersions take in two resource versions and returns true if new is greater than old

func CompareSlices

func CompareSlices(list1, list2 []string) bool

func CompareUintResourceVersions

func CompareUintResourceVersions(rvOld uint64, rvNew uint64) bool

CompareUintResourceVersions take in two resource versions as uint and returns true if new is greater than old

func DropEmptyFields

func DropEmptyFields(s []string) []string

DropEmptyFields deletes empty entries from a slice.

func Exists

func Exists(filePath string) bool

Exists reports whether the named file or directory exists.

func GetClusterID

func GetClusterID(nodeName string) string

GetClusterID retrieves cluster ID through node name. (Azure-specific)

func GetHashedName

func GetHashedName(name string) string

GetHashedName returns hashed ipset name.

func GetIPSetListCompareLabels

func GetIPSetListCompareLabels(orig map[string]string, new map[string]string) ([]string, []string)

GetIPSetListCompareLabels compares Labels and returns a delete ipset list and add ipset list

func GetIPSetListFromLabels

func GetIPSetListFromLabels(labels map[string]string) []string

GetIPSetListFromLabels combine Labels into a single slice

func GetIpSetFromLabelKV

func GetIpSetFromLabelKV(k, v string) string

func GetLabelKVFromSet

func GetLabelKVFromSet(ipsetName string) (string, string)

func GetLabelsWithoutOperators

func GetLabelsWithoutOperators(labels []string) []string

GetLabelsWithoutOperators returns labels without operators.

func GetNSNameWithPrefix

func GetNSNameWithPrefix(nsName string) string

GetNSNameWithPrefix returns Namespace name with ipset prefix

func GetObjKeyFunc

func GetObjKeyFunc(obj interface{}) (string, error)

GetObjKeyFunc will return obj's key

func GetOperatorAndLabel

func GetOperatorAndLabel(label string) (string, string)

GetOperatorAndLabel returns the operator associated with the label and the label without operator.

func GetSetsFromLabels

func GetSetsFromLabels(labels map[string]string) []string

GetSetsFromLabels for a given map of labels will return ipset names

func Hash

func Hash(s string) string

Hash hashes a string to another string with length <= 32.

func IsIPV4

func IsIPV4(ip string) bool

func IsKeyValueLabelSetName

func IsKeyValueLabelSetName(k string) bool

func IsWindowsDP

func IsWindowsDP() bool

func NodeIP

func NodeIP() (string, error)

Get preferred outbound ip of this machine source: https://stackoverflow.com/questions/23558425/how-do-i-get-the-local-ip-address-in-go

func ParseResourceVersion

func ParseResourceVersion(rv string) uint64

ParseResourceVersion get uint64 version of ResourceVersion

func SetIptablesToLegacy added in v1.5.39

func SetIptablesToLegacy()

func SetIptablesToNft added in v1.5.39

func SetIptablesToNft()

func SliceToString

func SliceToString(list []string) string

func SortMap

func SortMap(m *map[string]string) ([]string, []string)

SortMap sorts the map by key in alphabetical order. Note: even though the map is sorted, accessing it through range will still result in random order.

func StrExistsInSlice

func StrExistsInSlice(items []string, val string) bool

StrExistsInSlice check if a string already exists in a given slice

func UniqueStrSlice

func UniqueStrSlice(s []string) []string

UniqueStrSlice removes duplicate elements from the input string.

Types

type DeleteOption

type DeleteOption bool

DeleteOption is used to decide if a delete is force delete or soft delete

const (
	// For DeleteIPSet
	ForceDelete DeleteOption = true
	SoftDelete  DeleteOption = false
)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL