util

package
v1.4.29 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 7, 2022 License: MIT Imports: 14 Imported by: 3

Documentation

Overview

Copyright 2018 Microsoft. All rights reserved. MIT License

Copyright 2018 Microsoft. All rights reserved. MIT License

Index

Constants

View Source
const (
	KubeSystemFlag             string = "kube-system"
	KubePodTemplateHashFlag    string = "pod-template-hash"
	KubeAllPodsFlag            string = "all-pod"
	KubeAllNamespacesFlag      string = "all-namespaces"
	KubeAppFlag                string = "k8s-app"
	KubeProxyFlag              string = "kube-proxy"
	KubePodStatusFailedFlag    string = "Failed"
	KubePodStatusSucceededFlag string = "Succeeded"
	KubePodStatusUnknownFlag   string = "Unknown"
)

kubernetes related constants.

View Source
const (
	PlaceAzureChainAfterKubeServices = false
	PlaceAzureChainFirst             = true

	Iptables                   string = "iptables"
	Ip6tables                  string = "ip6tables" //nolint (avoid warning to capitalize this p)
	IptablesSave               string = "iptables-save"
	IptablesRestore            string = "iptables-restore"
	IptablesRestoreNoFlushFlag string = "--noflush"
	IptablesRestoreTableFlag   string = "-T"
	IptablesRestoreCommit      string = "COMMIT"
	IptablesConfigFile         string = "/var/log/iptables.conf"
	IptablesTestConfigFile     string = "/var/log/iptables-test.conf"
	IptablesLockFile           string = "/run/xtables.lock"
	IptablesChainCreationFlag  string = "-N"
	IptablesInsertionFlag      string = "-I"
	IptablesAppendFlag         string = "-A"
	IptablesDeletionFlag       string = "-D"
	IptablesFlushFlag          string = "-F"
	IptablesCheckFlag          string = "-C"
	IptablesDestroyFlag        string = "-X"
	IptablesJumpFlag           string = "-j"
	IptablesWaitFlag           string = "-w"
	IptablesAccept             string = "ACCEPT"
	IptablesReject             string = "REJECT"
	IptablesDrop               string = "DROP"
	IptablesReturn             string = "RETURN"
	IptablesMark               string = "MARK"
	IptablesSrcFlag            string = "src"
	IptablesDstFlag            string = "dst"
	IptablesNamedPortFlag      string = "dst,dst"
	IptablesNotFlag            string = "!"
	IptablesProtFlag           string = "-p"
	IptablesSFlag              string = "-s"
	IptablesDFlag              string = "-d"
	IptablesDstPortFlag        string = "--dport"
	IptablesSrcPortFlag        string = "--sport"
	IptablesModuleFlag         string = "-m"
	IptablesSetModuleFlag      string = "set"
	IptablesMatchSetFlag       string = "--match-set"
	IptablesSetMarkFlag        string = "--set-mark"
	IptablesMarkFlag           string = "--mark"
	IptablesMarkVerb           string = "mark"
	IptablesStateModuleFlag    string = "state"
	IptablesStateFlag          string = "--state"
	IptablesCtstateModuleFlag  string = "conntrack" // state module is obsolete: https://unix.stackexchange.com/questions/108169/what-is-the-difference-between-m-conntrack-ctstate-and-m-state-state
	IptablesCtstateFlag        string = "--ctstate"
	IptablesMultiportFlag      string = "multiport"
	IptablesRelatedState       string = "RELATED"
	IptablesEstablishedState   string = "ESTABLISHED"
	IptablesNewState           string = "NEW"
	IptablesFilterTable        string = "filter"
	IptablesCommentModuleFlag  string = "comment"
	IptablesCommentFlag        string = "--comment"
	IptablesAddCommentFlag

	IptablesTableFlag       string = "-t"
	IptablesListFlag        string = "-L"
	IptablesNumericFlag     string = "-n"
	IptablesLineNumbersFlag string = "--line-numbers"

	IptablesKubeServicesChain          string = "KUBE-SERVICES"
	IptablesForwardChain               string = "FORWARD"
	IptablesInputChain                 string = "INPUT"
	IptablesAzureChain                 string = "AZURE-NPM"
	IptablesAzureAcceptChain           string = "AZURE-NPM-ACCEPT"
	IptablesAzureKubeSystemChain       string = "AZURE-NPM-KUBE-SYSTEM"
	IptablesAzureIngressChain          string = "AZURE-NPM-INGRESS"
	IptablesAzureIngressAllowMarkChain string = "AZURE-NPM-INGRESS-ALLOW-MARK"
	IptablesAzureEgressChain           string = "AZURE-NPM-EGRESS"

	// Chains used in NPM v1
	IptablesAzureIngressPortChain  string = "AZURE-NPM-INGRESS-PORT"
	IptablesAzureIngressFromChain  string = "AZURE-NPM-INGRESS-FROM"
	IptablesAzureEgressPortChain   string = "AZURE-NPM-EGRESS-PORT"
	IptablesAzureEgressToChain     string = "AZURE-NPM-EGRESS-TO"
	IptablesAzureIngressDropsChain string = "AZURE-NPM-INGRESS-DROPS"
	IptablesAzureEgressDropsChain  string = "AZURE-NPM-EGRESS-DROPS"

	// NPM v2 Chains
	IptablesAzureIngressPolicyChainPrefix string = "AZURE-NPM-INGRESS"
	IptablesAzureEgressPolicyChainPrefix  string = "AZURE-NPM-EGRESS"

	// Below chain exists only in NPM before v1.2.6
	IptablesAzureTargetSetsChain string = "AZURE-NPM-TARGET-SETS"
	// Below chain existing only in NPM before v1.2.7
	IptablesAzureIngressWrongDropsChain string = "AZURE-NPM-INRGESS-DROPS"
	// Below chains exists only for before Azure-NPM:v1.0.27
	// and should be removed after a baking period.
	IptablesAzureIngressFromNsChain  string = "AZURE-NPM-INGRESS-FROM-NS"
	IptablesAzureIngressFromPodChain string = "AZURE-NPM-INGRESS-FROM-POD"
	IptablesAzureEgressToNsChain     string = "AZURE-NPM-EGRESS-TO-NS"
	IptablesAzureEgressToPodChain    string = "AZURE-NPM-EGRESS-TO-POD"

	// Below are the skb->mark NPM will use for different criteria
	// for V1
	IptablesAzureClearMarkHex string = "0x0"
	// for v2, deprecated
	IptablesAzureClearMarkHexV2 string = "0x0/0xE00"

	// marks in NPM v2
	// NPM uses the 3rd word of the 32-bit mark for the purpose of
	// identifying the traffic direction and decision making.
	// NPM uses 9th, 10th and 11th bit for marking
	IptablesAzureIngressAllowMarkHex string = "0x200/0x200"
	IptablesAzureIngressDropMarkHex  string = "0x400/0x400"
	IptablesAzureEgressDropMarkHex   string = "0x800/0x800"

	// marks in NPM v1
	IptablesAzureIngressMarkHex string = "0x2000"
	// IptablesAzureEgressXMarkHex is used for us to not override but append to the existing MARK
	// https://unix.stackexchange.com/a/283455 comment contains the explanation on
	// MARK manipulations with offset.
	IptablesAzureEgressXMarkHex string = "0x1000/0x1000"
	// IptablesAzureEgressMarkHex is for checking the absolute value of the mark
	IptablesAzureEgressMarkHex string = "0x1000"
	IptablesAzureAcceptMarkHex string = "0x3000"
)

iptables related constants.

View Source
const (
	Ipset               string = "ipset"
	IpsetSaveFlag       string = "save"
	IpsetRestoreFlag    string = "restore"
	IpsetConfigFile     string = "/var/log/ipset.conf"
	IpsetTestConfigFile string = "/var/log/ipset-test.conf"
	IpsetCreationFlag   string = "-N"
	IpsetAppendFlag     string = "-A"
	IpsetDeletionFlag   string = "-D"
	IpsetFlushFlag      string = "-F"
	IpsetDestroyFlag    string = "-X"

	IpsetExistFlag     string = "-exist"
	IpsetFileFlag      string = "-file"
	IPsetCheckListFlag string = "list"
	IpsetTestFlag      string = "test"

	IpsetSetGenericFlag string = "setgeneric" // not used in ipset commands, used as an internal identifier for nethash/hash:ip,port
	IpsetSetListFlag    string = "setlist"
	IpsetNetHashFlag    string = "nethash"
	IpsetIPPortHashFlag string = "hash:ip,port"

	IpsetUDPFlag  string = "udp:"
	IpsetSCTPFlag string = "sctp:"
	IpsetTCPFlag  string = "tcp:"

	IpsetLabelDelimter string = ":"

	AzureNpmFlag   string = "azure-npm"
	AzureNpmPrefix string = "azure-npm-"

	IpsetMaxelemName string = "maxelem" // todo, what's using this?
	IpsetMaxelemNum  string = "4294967295"

	IpsetNomatch string = "nomatch"

	// Prefixes for ipsets
	NamedPortIPSetPrefix string = "namedport:"
	NamespacePrefix      string = "ns-"
	NamespaceLabelPrefix string = "nslabel-"
	PodLabelPrefix       string = "podlabel-"
	CIDRPrefix           string = "cidr-"
	NestedLabelPrefix    string = "nestedlabel-"
	EmptySetPrefix       string = "empty-"

	NegationPrefix string = "not-"

	SetPolicyDelimiter string = ","
)

ipset related constants.

View Source
const (
	AddNamespaceEvent    string = "Add Namespace"
	UpdateNamespaceEvent string = "Update Namespace"
	DeleteNamespaceEvent string = "Delete Namespace"

	AddPodEvent    string = "Add Pod"
	UpdatePodEvent string = "Update Pod"
	DeletePodEvent string = "Delete Pod"

	AddNetworkPolicyEvent    string = "Add network policy"
	UpdateNetworkPolicyEvent string = "Update network policy"
	DeleteNetworkPolicyEvent string = "Delete network policy"

	ErrorMetric  string = "ErrorMetric"
	PackageName  string = "PackageName"
	FunctionName string = "FunctionName"
	ErrorCode    string = "ErrorCode"

	// Default batch size in AI telemetry
	// Defined here https://docs.microsoft.com/en-us/azure/azure-monitor/app/pricing
	BatchSizeInBytes          int = 32768
	BatchIntervalInSecs       int = 30
	RefreshTimeoutInSecs      int = 15
	GetEnvRetryCount          int = 5
	GetEnvRetryWaitTimeInSecs int = 3
	AiInitializeRetryCount    int = 3
	AiInitializeRetryInMin    int = 1

	DebugMode bool = true

	ErrorValue float64 = 1
)

NPM telemetry constants.

View Source
const (
	NpmID  int = iota + 1
	IpsmID     // ipsetmanager in v2
	IptmID     // policymanager in v2
	NSID
	PodID
	NetpolID
	UtilID
	DaemonID
	ControllerID
	DaemonDataplaneID // for v2
	FanOutServerID    // for v2
)

These ID represents where did the error log generate from. It's for better query purpose. In Kusto these value are used in OperationID column

View Source
const AzureNetworkName = "azure"

AzureNetworkName is the default network Azure CNI creates

Variables

View Source
var IsNewNwPolicyVerFlag = false

IsNewNwPolicyVerFlag indicates if the current kubernetes version is newer than 1.11 or not

Functions

func AppendMap

func AppendMap(base, new map[string]string) map[string]string

AppendMap appends new to base.

func ClearAndAppendMap

func ClearAndAppendMap(base, new map[string]string) map[string]string

ClearAndAppendMap clears base and appends new to base.

func CompareK8sVer

func CompareK8sVer(firstVer *version.Info, secondVer *version.Info) int

CompareK8sVer compares two k8s versions. returns -1, 0, 1 if firstVer smaller, equals, bigger than secondVer respectively. returns -2 for error.

func CompareResourceVersions

func CompareResourceVersions(rvOld string, rvNew string) bool

CompareResourceVersions take in two resource versions and returns true if new is greater than old

func CompareSlices

func CompareSlices(list1, list2 []string) bool

func CompareUintResourceVersions

func CompareUintResourceVersions(rvOld uint64, rvNew uint64) bool

CompareUintResourceVersions take in two resource versions as uint and returns true if new is greater than old

func DropEmptyFields

func DropEmptyFields(s []string) []string

DropEmptyFields deletes empty entries from a slice.

func Exists

func Exists(filePath string) bool

Exists reports whether the named file or directory exists.

func GetClusterID

func GetClusterID(nodeName string) string

GetClusterID retrieves cluster ID through node name. (Azure-specific)

func GetHashedName

func GetHashedName(name string) string

GetHashedName returns hashed ipset name.

func GetIPSetListCompareLabels

func GetIPSetListCompareLabels(orig map[string]string, new map[string]string) ([]string, []string)

GetIPSetListCompareLabels compares Labels and returns a delete ipset list and add ipset list

func GetIPSetListFromLabels

func GetIPSetListFromLabels(labels map[string]string) []string

GetIPSetListFromLabels combine Labels into a single slice

func GetIpSetFromLabelKV

func GetIpSetFromLabelKV(k, v string) string

func GetLabelKVFromSet

func GetLabelKVFromSet(ipsetName string) (string, string)

func GetLabelsWithoutOperators

func GetLabelsWithoutOperators(labels []string) []string

GetLabelsWithoutOperators returns labels without operators.

func GetNSNameWithPrefix

func GetNSNameWithPrefix(nsName string) string

GetNSNameWithPrefix returns Namespace name with ipset prefix

func GetObjKeyFunc

func GetObjKeyFunc(obj interface{}) (string, error)

GetObjKeyFunc will return obj's key

func GetOperatorAndLabel

func GetOperatorAndLabel(label string) (string, string)

GetOperatorAndLabel returns the operator associated with the label and the label without operator.

func GetSetsFromLabels

func GetSetsFromLabels(labels map[string]string) []string

GetSetsFromLabels for a given map of labels will return ipset names

func Hash

func Hash(s string) string

Hash hashes a string to another string with length <= 32.

func IsIPV4

func IsIPV4(ip string) bool

func IsKeyValueLabelSetName

func IsKeyValueLabelSetName(k string) bool

func IsNewNwPolicyVer added in v1.0.18

func IsNewNwPolicyVer(ver *version.Info) (bool, error)

IsNewNwPolicyVer checks if the current k8s version >= 1.11, if so, then the networkPolicy should support 'AND' between namespaceSelector & podSelector.

func IsWindowsDP

func IsWindowsDP() bool

func ParseResourceVersion

func ParseResourceVersion(rv string) uint64

ParseResourceVersion get uint64 version of ResourceVersion

func SetIsNewNwPolicyVerFlag added in v1.0.18

func SetIsNewNwPolicyVerFlag(ver *version.Info) error

SetIsNewNwPolicyVerFlag sets IsNewNwPolicyVerFlag variable depending on version.

func SliceToString

func SliceToString(list []string) string

func SortMap

func SortMap(m *map[string]string) ([]string, []string)

SortMap sorts the map by key in alphabetical order. Note: even though the map is sorted, accessing it through range will still result in random order.

func StrExistsInSlice

func StrExistsInSlice(items []string, val string) bool

StrExistsInSlice check if a string already exists in a given slice

func UniqueStrSlice

func UniqueStrSlice(s []string) []string

UniqueStrSlice removes duplicate elements from the input string.

Types

type DeleteOption

type DeleteOption bool

DeleteOption is used to decide if a delete is force delete or soft delete

const (
	// For DeleteIPSet
	ForceDelete DeleteOption = true
	SoftDelete  DeleteOption = false
)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL