ecscni

package

v0.0.0-...-41d593c Latest Latest Go to latest Published: Dec 9, 2024 License: Apache-2.0 Imports: 19 Imported by: 47

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aws/amazon-ecs-agent

Documentation ¶

Rendered for

Index ¶

Constants
func NewAppMeshConfig(appMesh *appmesh.AppMesh, cfg *Config) (string, *libcni.NetworkConfig, error)
func NewBranchENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error)
func NewBridgeNetworkConfig(cfg *Config, includeIPAM bool) (string, *libcni.NetworkConfig, error)
func NewIPAMNetworkConfig(cfg *Config) (string, *libcni.NetworkConfig, error)
func NewServiceConnectNetworkConfig(scConfig *serviceconnect.Config, redirectMode RedirectMode, ...) (string, *libcni.NetworkConfig, error)
func NewVPCENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error)
type AppMeshConfig
type BranchENIConfig
type BridgeConfig
type CNIClient
- func NewClient(pluginsPath string) CNIClient
type Config
type EgressConfigJSON
type IPAMConfig
type IPAMNetworkConfig
type IngressConfigJSONEntry
type NamespaceHelper
- func NewNamespaceHelper(client dockerapi.DockerClient) NamespaceHelper
type NetworkConfig
type RedirectIPJson
type RedirectMode
type ServiceConnectConfig
type VIPConfigJSON
type VPCENIPluginConfig

Constants ¶

View Source

const (

	// TaskIAMRoleEndpoint is the endpoint of ecs-agent exposes credentials for
	// task IAM role
	TaskIAMRoleEndpoint = "169.254.170.2/32"
	// CapabilityAWSVPCNetworkingMode is the capability string, which when
	// present in the output of the '--capabilities' command of a CNI plugin
	// indicates that the plugin can support the ECS "awsvpc" network mode
	CapabilityAWSVPCNetworkingMode = "awsvpc-network-mode"
	// VPCENIPluginName is the binary of the vpc-eni plugin
	VPCENIPluginName = "vpc-eni"
)

View Source

const (

	// ECSIPAMPluginName is the binary of the ipam plugin
	ECSIPAMPluginName = "ecs-ipam"
	// ECSBridgePluginName is the binary of the bridge plugin
	ECSBridgePluginName = "ecs-bridge"
	// ECSAppMeshPluginName is the binary of aws-appmesh plugin
	ECSAppMeshPluginName = "aws-appmesh"
	// ECSBranchENIPluginName is the binary of the branch-eni plugin
	ECSBranchENIPluginName = "vpc-branch-eni"
	// ECSServiceConnectPluginName is the binary of the service connect plugin
	ECSServiceConnectPluginName = "ecs-serviceconnect"
	// NetnsFormat is used to construct the path to cotainer network namespace
	NetnsFormat = "/host/proc/%s/ns/net"
)

Variables ¶

This section is empty.

Functions ¶

func NewAppMeshConfig ¶

func NewAppMeshConfig(appMesh *appmesh.AppMesh, cfg *Config) (string, *libcni.NetworkConfig, error)

NewAppMeshConfig creates a new AppMesh CNI network configuration.

func NewBranchENINetworkConfig ¶

func NewBranchENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error)

NewBranchENINetworkConfig creates a new branch ENI CNI network configuration.

func NewBridgeNetworkConfig ¶

func NewBridgeNetworkConfig(cfg *Config, includeIPAM bool) (string, *libcni.NetworkConfig, error)

NewBridgeNetworkConfig creates the config of bridge for ADD command, where bridge plugin acquires the IP and route information from IPAM.

func NewIPAMNetworkConfig ¶

func NewIPAMNetworkConfig(cfg *Config) (string, *libcni.NetworkConfig, error)

NewIPAMNetworkConfig creates the IPAM configuration accepted by libcni.

func NewServiceConnectNetworkConfig ¶

func NewServiceConnectNetworkConfig(
	scConfig *serviceconnect.Config,
	redirectMode RedirectMode,
	shouldIncludeRedirectIP bool,
	enableIPv4 bool,
	enableIPv6 bool,
	cfg *Config) (string, *libcni.NetworkConfig, error)

NewServiceConnectNetworkConfig creates a new ServiceConnect CNI network configuration

func NewVPCENINetworkConfig ¶

func NewVPCENINetworkConfig(eni *ni.NetworkInterface, cfg *Config) (string, *libcni.NetworkConfig, error)

NewVPCENINetworkConfig creates a new vpc-eni CNI plugin configuration.

Types ¶

type AppMeshConfig ¶

type AppMeshConfig struct {
	// Type is the cni plugin name
	Type string `json:"type,omitempty"`
	// CNIVersion is the cni spec version to use
	CNIVersion string `json:"cniVersion,omitempty"`
	// IgnoredUID specifies egress traffic from the processes owned by the UID will be ignored
	IgnoredUID string `json:"ignoredUID,omitempty"`
	// IgnoredGID specifies egress traffic from the processes owned by the GID will be ignored
	IgnoredGID string `json:"ignoredGID,omitempty"`
	// ProxyIngressPort is the ingress port number that proxy is listening on
	ProxyIngressPort string `json:"proxyIngressPort"`
	// ProxyEgressPort is the egress port number that proxy is listening on
	ProxyEgressPort string `json:"proxyEgressPort"`
	// AppPorts specifies port numbers that application is listening on
	AppPorts []string `json:"appPorts"`
	// EgressIgnoredPorts is the list of ports for which egress traffic will be ignored
	EgressIgnoredPorts []string `json:"egressIgnoredPorts,omitempty"`
	// EgressIgnoredIPs is the list of IPs for which egress traffic will be ignored
	EgressIgnoredIPs []string `json:"egressIgnoredIPs,omitempty"`
}

AppMeshConfig contains all the information needed to invoke the app mesh plugin

type BranchENIConfig ¶

type BranchENIConfig struct {
	// CNIVersion is the CNI spec version to use
	CNIVersion string `json:"cniVersion,omitempty"`
	// Name is the CNI network name
	Name string `json:"name,omitempty"`
	// Type is the CNI plugin name
	Type string `json:"type,omitempty"`

	// TrunkMACAddress is the MAC address of the trunk ENI
	TrunkMACAddress string `json:"trunkMACAddress,omitempty"`
	// BranchVlanID is the VLAN ID of the branch ENI
	BranchVlanID string `json:"branchVlanID,omitempty"`
	// BranchMacAddress is the MAC address of the branch ENI
	BranchMACAddress string `json:"branchMACAddress"`
	// IPAddresses contains the IP addresses of the branch ENI.
	IPAddresses []string `json:"ipAddresses"`
	// GatewayIPAddresses contains the IP addresses of the default gateway in the subnet.
	GatewayIPAddresses []string `json:"gatewayIPAddresses"`
	// BlockInstanceMetdata specifies if InstanceMetadata endpoint should be blocked.
	BlockInstanceMetadata bool `json:"blockInstanceMetadata"`
	// InterfaceType is the type of the interface to connect the branch ENI to
	InterfaceType string `json:"interfaceType,omitempty"`
}

BranchENIConfig contains all the information needed to invoke the vpc-branch-eni plugin

type BridgeConfig ¶

type BridgeConfig struct {
	// Type is the cni plugin name
	Type string `json:"type,omitempty"`
	// CNIVersion is the cni spec version to use
	CNIVersion string `json:"cniVersion,omitempty"`
	// BridgeName is the name of bridge
	BridgeName string `json:"bridge"`
	// IsGw indicates whether the bridge act as a gateway, it determines whether
	// an ip address needs to assign to the bridge
	IsGW bool `json:"isGateway"`
	// IsDefaultGW indicates whether the bridge is the gateway of the container
	IsDefaultGW bool `json:"isDefaultGateway"`
	// ForceAddress indicates whether a new ip should be assigned if the bridge
	// has already a different ip
	ForceAddress bool `json:"forceAddress"`
	// IPMasq indicates whether to setup the IP Masquerade for traffic originating
	// from this network
	IPMasq bool `json:"ipMasq"`
	// MTU sets MTU of the bridge interface
	MTU int `json:"mtu"`
	// HairpinMode sets the hairpin mode of interface on the bridge
	HairpinMode bool `json:"hairpinMode"`
	// IPAM is the configuration to acquire ip/route from ipam plugin
	IPAM IPAMConfig `json:"ipam,omitempty"`
}

BridgeConfig contains all the information needed to invoke the bridge plugin

type CNIClient ¶

type CNIClient interface {
	// Version returns the version of the plugin
	Version(string) (string, error)
	// Capabilities returns the capabilities supported by a plugin
	Capabilities(string) ([]string, error)
	// SetupNS sets up the namespace of container
	SetupNS(context.Context, *Config, time.Duration) (*cniTypesCurrent.Result, error)
	// CleanupNS cleans up the container namespace
	CleanupNS(context.Context, *Config, time.Duration) error
	// ReleaseIPResource marks the ip available in the ipam db
	ReleaseIPResource(context.Context, *Config, time.Duration) error
}

CNIClient defines the method of setting/cleaning up container namespace

func NewClient ¶

func NewClient(pluginsPath string) CNIClient

NewClient creates a client of ecscni which is used to invoke the plugin

type Config ¶

type Config struct {
	// PluginsPath indicates the path where cni plugins are located
	PluginsPath string
	// MinSupportedCNIVersion is the minimum cni spec version supported
	MinSupportedCNIVersion string
	// ContainerID is the id of container of which to set up the network namespace
	ContainerID string
	// ContainerPID is the pid of the container
	ContainerPID string
	// ContainerNetNS is the container namespace
	ContainerNetNS string
	// BridgeName is the name used to create the bridge
	BridgeName string
	// IPAMV4Address is the ipv4 used to assign from ipam
	IPAMV4Address *cniTypes.IPNet
	// ID is the information associate with ip in ipam
	ID string
	// BlockInstanceMetadata specifies if InstanceMetadata endpoint should be blocked
	BlockInstanceMetadata bool
	// AdditionalLocalRoutes specifies additional routes to be added to the task namespace
	AdditionalLocalRoutes []cniTypes.IPNet
	// NetworkConfigs is the list of CNI network configurations to be invoked
	NetworkConfigs []*NetworkConfig
	// InstanceENIDNSServerList stores the list of dns servers for the primary instance ENI.
	// Currently, this field is only populated for Windows and is used during task networking setup.
	InstanceENIDNSServerList []string
}

Config contains all the information to set up the container namespace using the plugins

type EgressConfigJSON ¶

type EgressConfigJSON struct {
	ListenerPort uint16          `json:"listenerPort"`
	RedirectIP   *RedirectIPJson `json:"redirectIP"`
	RedirectMode string          `json:"redirectMode"`
	VIP          VIPConfigJSON   `json:"vip"`
}

EgressConfig defines the egress network config in JSON format for the ecs-serviceconnect CNI plugin.

type IPAMConfig ¶

type IPAMConfig struct {
	// Type is the cni plugin name
	Type string `json:"type,omitempty"`
	// ID is the information stored in the ipam along with ip as key-value pair
	ID string `json:"id,omitempty"`
	// CNIVersion is the cni spec version to use
	CNIVersion string `json:"cniVersion,omitempty"`
	// IPV4Subnet is the ip address range managed by ipam
	IPV4Subnet string `json:"ipv4-subnet,omitempty"`
	// IPV4Address is the ip address to deal with(assign or release) in ipam
	IPV4Address *cniTypes.IPNet `json:"ipv4-address,omitempty"`
	// IPV4Gateway is the gateway returned by ipam, defalut the '.1' in the subnet
	IPV4Gateway string `json:"ipv4-gateway,omitempty"`
	// IPV4Routes is the route to added in the containerr namespace
	IPV4Routes []*cniTypes.Route `json:"ipv4-routes,omitempty"`
}

IPAMConfig contains all the information needed to invoke the ipam plugin

type IPAMNetworkConfig ¶

type IPAMNetworkConfig struct {
	Name       string     `json:"name,omitempty"`
	Type       string     `json:"type,omitempty"`
	CNIVersion string     `json:"cniVersion,omitempty"`
	IPAM       IPAMConfig `json:"ipam"`
}

IPAMNetworkConfig is the config format accepted by the plugin

type IngressConfigJSONEntry ¶

type IngressConfigJSONEntry struct {
	ListenerPort  uint16 `json:"listenerPort"`
	InterceptPort uint16 `json:"interceptPort,omitempty"`
}

IngressConfig defines the ingress network config in JSON format for the ecs-serviceconnect CNI plugin.

type NamespaceHelper ¶

type NamespaceHelper interface {
	ConfigureTaskNamespaceRouting(ctx context.Context, taskENI *ni.NetworkInterface, config *Config, result *cniTypesCurrent.Result) error
}

NamespaceHelper defines the methods for performing additional actions to setup/clean the task namespace. Task namespace in awsvpc network mode is configured using pause container which is the first container launched for the task. These commands are executed inside that container.

func NewNamespaceHelper ¶

func NewNamespaceHelper(client dockerapi.DockerClient) NamespaceHelper

NewNamespaceHelper returns a new instance of NamespaceHelper interface.

type NetworkConfig ¶

type NetworkConfig struct {
	// IfName is the name of the network interface device, to be set within the
	// network namespace.
	IfName string
	// CNINetworkConfig is the network configuration required to invoke the CNI plugin
	CNINetworkConfig *libcni.NetworkConfig
}

NetworkConfig wraps CNI library's NetworkConfig object. It tracks the interface device name (the IfName param required to invoke AddNetwork) along with libcni's NetworkConfig object. The IfName is required to be set to invoke `AddNetwork` method when invoking plugins to set up the network namespace.

type RedirectIPJson ¶

type RedirectIPJson struct {
	IPv4 string `json:"ipv4,omitempty"`
	IPv6 string `json:"ipv6,omitempty"`
}

RedirectIPJson defines the IP to be redirected in JSON format for the ecs-serviceconnect CNI plugin.

type RedirectMode ¶

type RedirectMode string

RedirectMode defines the type of redirection of traffic to be used.

const (
	NAT    RedirectMode = "nat"
	TPROXY RedirectMode = "tproxy"
)

type ServiceConnectConfig ¶

type ServiceConnectConfig struct {
	// CNIVersion is the CNI spec version to use
	CNIVersion string `json:"cniVersion,omitempty"`
	// Name is the CNI network name
	Name string `json:"name,omitempty"`
	// Type is the CNI plugin name
	Type string `json:"type,omitempty"`

	// IngressConfig (optional) specifies the netfilter rules to be set for incoming requests.
	IngressConfig []IngressConfigJSONEntry `json:"ingressConfig,omitempty"`
	// EgressConfig (optional) specifies the netfilter rules to be set for outgoing requests.
	EgressConfig *EgressConfigJSON `json:"egressConfig,omitempty"`
	// EnableIPv4 (optional) specifies whether to set the rules in IPV4 table. Default value is false.
	EnableIPv4 bool `json:"enableIPv4,omitempty"`
	// EnableIPv6 (optional) specifies whether to set the rules in IPV6 table. Default value is false.
	EnableIPv6 bool `json:"enableIPv6,omitempty"`
}

type VIPConfigJSON ¶

type VIPConfigJSON struct {
	IPv4CIDR string `json:"ipv4Cidr,omitempty"`
	IPv6CIDR string `json:"ipv6Cidr,omitempty"`
}

VIPConfigJSON defines the EgressVIP network config in JSON format for the ecs-serviceconnect CNI plugin.

type VPCENIPluginConfig ¶

type VPCENIPluginConfig struct {
	// Type is the cni plugin name.
	Type string `json:"type,omitempty"`
	// CNIVersion is the cni spec version to use.
	CNIVersion string `json:"cniVersion,omitempty"`
	// DNS is used to pass DNS information to the plugin.
	DNS types.DNS `json:"dns"`
	// ENIName is the name of the eni on the instance.
	ENIName string `json:"eniName"`
	// ENIMACAddress is the MAC address of the eni.
	ENIMACAddress string `json:"eniMACAddress"`
	// ENIIPAddresses is the is the ipv4 of eni.
	ENIIPAddresses []string `json:"eniIPAddresses"`
	// GatewayIPAddresses specifies the IPv4 address of the subnet gateway for the eni.
	GatewayIPAddresses []string `json:"gatewayIPAddresses"`
	// UseExistingNetwork specifies if existing network should be used instead of creating a new one.
	UseExistingNetwork bool `json:"useExistingNetwork"`
	// BlockIMDS specifies if the IMDS should be blocked for the created endpoint.
	BlockIMDS bool `json:"blockInstanceMetadata"`
}

VPCENIPluginConfig contains all the information required to invoke the vpc-eni plugin.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mocks Package mock_ecscni is a generated GoMock package.	Package mock_ecscni is a generated GoMock package.
mocks_cnitypes Package mock_types is a generated GoMock package.	Package mock_types is a generated GoMock package.
mocks_libcni Package mock_libcni is a generated GoMock package.	Package mock_libcni is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL