heliosPolicy

package
v0.0.0-...-bfd0bb2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// HostLocalSourceBit is the bit of the iptables fwmark space to mark locally generated packets.
	// Value must be within the range [0, 31].
	HostLocalSourceBit = 0
)

Variables

View Source 
var (
	// HostLocalSourceMark is the mark generated from HostLocalSourceBit.
	HostLocalSourceMark = uint32(1 << HostLocalSourceBit)

	// SNATIPMarkMask is the bits of packet mark that stores the ID of the
	// SNAT IP for a "Pod -> external" egress packet, that is to be SNAT'd.
	SNATIPMarkMask = uint32(0xFF)
)
View Source 
var (

	// IPTablesSyncInterval is exported so that sync interval can be configured for running integration test with
	// smaller values. It is meant to be used internally by Run.
	IPTablesSyncInterval = 60 * time.Second
)

Functions

This section is empty.

Types

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client takes care of routing container packets in host network, coordinating ip route, ip rule, iptables and ipset.

func NewClient 

func NewClient(serviceCIDR *net.IPNet, networkConfig *config.NetworkConfig, noSNAT bool) (*Client, error)

NewClient returns a route client. TODO: remove param serviceCIDR after kube-proxy is replaced by helios Proxy. This param is not used in this file; leaving it here is to be compatible with the implementation on Windows.

func (*Client) AddSNATRule 

func (c *Client) AddSNATRule(snatIP net.IP, mark uint32) error

func (*Client) DeleteSNATRule 

func (c *Client) DeleteSNATRule(mark uint32) error

func (*Client) Initialize 

func (c *Client) Initialize(nodeConfig *config.NodeConfig, done func()) error

Initialize initializes all infrastructures required to route container packets in host network. It is idempotent and can be safely called on every startup.

func (*Client) Reconcile 

func (c *Client) Reconcile(podCIDRs []string) error

Reconcile removes orphaned podCIDRs from ipset and removes routes to orphaned podCIDRs based on the desired podCIDRs.

func (*Client) Run 

func (c *Client) Run(stopCh <-chan struct{})

Run waits for iptables initialization, then periodically syncs iptables rules. It will not return until stopCh is closed.

type Interface 

type Interface interface {
	// Initialize should initialize all infrastructures required to route container packets in host network.
	// It should be idempotent and can be safely called on every startup.
	Initialize(nodeConfig *config.NodeConfig, done func()) error

	// Reconcile should remove orphaned routes and related configuration based on the desired podCIDRs. If IPv6 is enabled
	// in the cluster, Reconcile should also remove the orphaned IPv6 neighbors.
	Reconcile(podCIDRs []string) error

	// AddSNATRule should add rule to SNAT outgoing traffic with the mark, using the provided SNAT IP.
	AddSNATRule(snatIP net.IP, mark uint32) error

	// DeleteSNATRule should delete rule to SNAT outgoing traffic with the mark.
	DeleteSNATRule(mark uint32) error

	// Run starts the sync loop.
	Run(stopCh <-chan struct{})
}

Interface is the interface for routing container packets in host network.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.