Documentation
¶
Index ¶
- Variables
- func OpenLocalPorts() map[uint16]struct{}
- func ReinstallRoutingRules(mtu int) error
- type CRDRedirect
- type Proxy
- func (p *Proxy) AckProxyPort(ctx context.Context, name string) error
- func (p *Proxy) AllocateCRDProxyPort(name string) (uint16, error)
- func (p *Proxy) ChangeLogLevel(level logrus.Level)
- func (p *Proxy) CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, ...) (uint16, error, revert.FinalizeFunc, revert.RevertFunc)
- func (p *Proxy) GetProxyPort(name string) (port uint16, isStatic bool, err error)
- func (p *Proxy) GetStatusModel() *models.ProxyStatus
- func (p *Proxy) ReinstallRoutingRules(mtu int) error
- func (p *Proxy) ReleaseProxyPort(name string) error
- func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
- func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)
- func (p *Proxy) SetProxyPort(name string, proxyType types.ProxyType, port uint16, ingress bool) error
- func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, vis *policy.VisibilityPolicy, ...) (error, func() error)
- type ProxyConfig
- type Redirect
- type RedirectImplementation
Constants ¶
This section is empty.
Variables ¶
var Cell = cell.Module( "l7-proxy", "L7 Proxy provides support for L7 network policies", cell.Provide(newProxy), cell.Provide(newEnvoyProxyIntegration), cell.Provide(newDNSProxyIntegration), cell.ProvidePrivate(endpoint.NewEndpointInfoRegistry), cell.Config(ProxyConfig{}), )
Cell provides the L7 Proxy which provides support for L7 network policies. It is manages the different L7 proxies (Envoy, CoreDNS, ...) and the traffic redirection to them.
var ( // DefaultDNSProxy is the global, shared, DNS Proxy singleton. DefaultDNSProxy proxy.DNSProxier )
Functions ¶
func OpenLocalPorts ¶ added in v0.15.7
func OpenLocalPorts() map[uint16]struct{}
OpenLocalPorts returns the set of L4 ports currently open locally.
func ReinstallRoutingRules ¶ added in v1.16.5
ReinstallRoutingRules ensures the presence of routing rules and tables needed to route packets to and from the L7 proxy.
Types ¶
type CRDRedirect ¶ added in v0.15.7
type CRDRedirect struct{}
Redirect type for custom Listeners, which are managed externally.
func (*CRDRedirect) Close ¶ added in v0.15.7
func (r *CRDRedirect) Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc)
func (*CRDRedirect) UpdateRules ¶ added in v0.15.7
func (r *CRDRedirect) UpdateRules(wg *completion.WaitGroup) (revert.RevertFunc, error)
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy maintains state about redirects
func (*Proxy) AckProxyPort ¶ added in v0.15.7
AckProxyPort() marks the proxy of the given type as successfully created and creates or updates the datapath rules accordingly. Takes a reference on the proxy port.
func (*Proxy) AllocateCRDProxyPort ¶ added in v1.14.17
AllocateCRDProxyPort() allocates a new port for listener 'name', or returns the current one if already allocated. Each call has to be paired with AckProxyPort(name) to update the datapath rules accordingly. Each allocated port must be eventually freed with ReleaseProxyPort().
func (*Proxy) ChangeLogLevel ¶ added in v0.15.7
ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.
func (*Proxy) CreateOrUpdateRedirect ¶
func (p *Proxy) CreateOrUpdateRedirect( ctx context.Context, l4 policy.ProxyPolicy, id string, localEndpoint endpoint.EndpointUpdater, wg *completion.WaitGroup, ) ( uint16, error, revert.FinalizeFunc, revert.RevertFunc, )
CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated. The proxy listening port is returned, but proxy configuration on that port may still be ongoing asynchronously. Caller should wait for successful completion on 'wg' before assuming the returned proxy port is listening. Caller must call exactly one of the returned functions: - finalizeFunc to make the changes stick, or - revertFunc to cancel the changes. Called with 'localEndpoint' locked!
func (*Proxy) GetProxyPort ¶ added in v0.15.7
GetProxyPort() returns the fixed listen port for a proxy, if any.
func (*Proxy) GetStatusModel ¶ added in v0.15.7
func (p *Proxy) GetStatusModel() *models.ProxyStatus
GetStatusModel returns the proxy status as API model
func (*Proxy) ReinstallRoutingRules ¶ added in v0.15.7
func (*Proxy) ReleaseProxyPort ¶ added in v0.15.7
func (*Proxy) RemoveNetworkPolicy ¶ added in v1.16.0
func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
func (*Proxy) RemoveRedirect ¶
func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)
RemoveRedirect removes an existing redirect that has been successfully created earlier.
func (*Proxy) SetProxyPort ¶ added in v0.15.7
func (*Proxy) UpdateNetworkPolicy ¶ added in v1.6.4
func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, vis *policy.VisibilityPolicy, policy *policy.L4Policy, ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)
type ProxyConfig ¶ added in v1.15.0
type ProxyConfig struct {
ProxyPortrangeMin uint16
ProxyPortrangeMax uint16
RestoredProxyPortsAgeLimit uint
}
func (ProxyConfig) Flags ¶ added in v1.16.0
func (r ProxyConfig) Flags(flags *pflag.FlagSet)
type RedirectImplementation ¶ added in v0.15.7
type RedirectImplementation interface {
// UpdateRules updates the rules for the given proxy redirect.
// The implementation should .Add to the WaitGroup if the update is
// asynchronous and the update should not return until it is complete.
// The returned RevertFunc must be non-nil.
// Note: UpdateRules is not called when a redirect is created.
UpdateRules(wg *completion.WaitGroup) (revert.RevertFunc, error)
// Close closes and cleans up resources associated with the redirect
// implementation. The implementation should .Add to the WaitGroup if the
// update is asynchronous and the update should not return until it is
// complete.
Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc)
}
RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement
Source Files
Directories