cmd

package
v1.13.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 11, 2024 License: Apache-2.0 Imports: 227 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// AutoCIDR indicates that a CIDR should be allocated
	AutoCIDR = "auto"

	// ConfigModifyQueueSize is the size of the event queue for serializing
	// configuration updates to the daemon
	ConfigModifyQueueSize = 10
)

Variables

View Source 
var (
	Agent = cell.Module(
		"agent",
		"Cilium Agent",

		Infrastructure,
		ControlPlane,
		Datapath,
	)

	// Infrastructure provides access and services to the outside.
	// A cell should live here instead of ControlPlane if it is not needed by
	// integrations tests, or needs to be mocked.
	Infrastructure = cell.Module(
		"infra",
		"Infrastructure",

		gops.Cell(defaults.GopsPortAgent),

		k8sClient.Cell,

		cell.Provide(func() *option.DaemonConfig { return option.Config }),
	)

	// ControlPlane implement the per-node control functions. These are pure
	// business logic and depend on datapath or infrastructure to perform
	// actions. This separation enables non-privileged integration testing of
	// the control-plane.
	ControlPlane = cell.Module(
		"controlplane",
		"Control Plane",

		node.LocalNodeStoreCell,

		daemonCell,

		bgpv1.Cell,
	)

	// Datapath provides the privileged operations to apply control-plane
	// decision to the kernel.
	Datapath = cell.Module(
		"datapath",
		"Datapath",

		cell.Provide(
			newWireguardAgent,
			newDatapath,
		),
	)
)
View Source 
var (
	RootCmd = &cobra.Command{
		Use:   "cilium-agent",
		Short: "Run the cilium agent",
		Run:   runApp,
	}
)
View Source 
var (
	Vp *viper.Viper
)

Functions

func Execute 

func Execute() error

func NewCachingIdentityAllocator added in v1.10.6 

func NewCachingIdentityAllocator(d *Daemon) cachingIdentityAllocator

func NewDaemonCleanup 

func NewDaemonCleanup() *daemonCleanup

func NewDeleteEndpointIDHandler added in v1.8.0 

func NewDeleteEndpointIDHandler(d *Daemon) DeleteEndpointIDHandler

func NewDeleteFqdnCacheHandler added in v1.8.0 

func NewDeleteFqdnCacheHandler(d *Daemon) DeleteFqdnCacheHandler

func NewDeleteIPAMIPHandler added in v1.8.0 

func NewDeleteIPAMIPHandler(d *Daemon) ipamapi.DeleteIpamIPHandler

NewDeleteIPAMIPHandler handle incoming requests to delete addresses.

func NewDeletePrefilterHandler added in v1.8.0 

func NewDeletePrefilterHandler(d *Daemon) DeletePrefilterHandler

NewDeletePrefilterHandler returns new patch handler for api

func NewDeleteRecorderIDHandler added in v1.10.0 

func NewDeleteRecorderIDHandler(rec *recorder.Recorder) DeleteRecorderIDHandler

func NewDeleteServiceIDHandler added in v1.8.0 

func NewDeleteServiceIDHandler(svc *service.Service) DeleteServiceIDHandler

func NewGetBGPHandler added in v1.13.2 

func NewGetBGPHandler(c *bgpv1.Controller) restapi.GetBgpPeersHandler

NewGetBGPHandler returns bgp peering status endpoint

func NewGetCgroupDumpMetadataHandler added in v1.13.1 

func NewGetCgroupDumpMetadataHandler(d *Daemon) restapi.GetCgroupDumpMetadataHandler

NewGetCgroupDumpMetadataHandler returns the cgroup dump metadata handler for the agent

func NewGetClusterNodesHandler 

func NewGetClusterNodesHandler(d *Daemon) GetClusterNodesHandler

func NewGetConfigHandler added in v1.8.0 

func NewGetConfigHandler(d *Daemon) GetConfigHandler

func NewGetDebugInfoHandler added in v1.8.0 

func NewGetDebugInfoHandler(d *Daemon) restapi.GetDebuginfoHandler

NewGetDebugInfoHandler returns the debug info endpoint handler for the agent

func NewGetEndpointHandler added in v1.8.0 

func NewGetEndpointHandler(d *Daemon) GetEndpointHandler

func NewGetEndpointIDConfigHandler added in v1.8.0 

func NewGetEndpointIDConfigHandler(d *Daemon) GetEndpointIDConfigHandler

func NewGetEndpointIDHandler added in v1.8.0 

func NewGetEndpointIDHandler(d *Daemon) GetEndpointIDHandler

func NewGetEndpointIDHealthzHandler added in v1.8.0 

func NewGetEndpointIDHealthzHandler(d *Daemon) GetEndpointIDHealthzHandler

func NewGetEndpointIDLabelsHandler added in v1.8.0 

func NewGetEndpointIDLabelsHandler(d *Daemon) GetEndpointIDLabelsHandler

func NewGetEndpointIDLogHandler added in v1.8.0 

func NewGetEndpointIDLogHandler(d *Daemon) GetEndpointIDLogHandler

func NewGetFqdnCacheHandler added in v1.8.0 

func NewGetFqdnCacheHandler(d *Daemon) GetFqdnCacheHandler

func NewGetFqdnCacheIDHandler added in v1.8.0 

func NewGetFqdnCacheIDHandler(d *Daemon) GetFqdnCacheIDHandler

func NewGetFqdnNamesHandler added in v1.8.0 

func NewGetFqdnNamesHandler(d *Daemon) GetFqdnNamesHandler

func NewGetHealthzHandler added in v1.8.0 

func NewGetHealthzHandler(d *Daemon) GetHealthzHandler

func NewGetIPHandler added in v1.8.0 

func NewGetIPHandler(d *Daemon) GetIPHandler

NewGetIPHandler for the global IP cache

func NewGetLrpHandler added in v1.9.0 

func NewGetLrpHandler(rpm *redirectpolicy.Manager) GetLrpHandler

func NewGetMapHandler added in v1.8.0 

func NewGetMapHandler(d *Daemon) restapi.GetMapHandler

func NewGetMapNameEventsHandler 

func NewGetMapNameEventsHandler(d *Daemon, maps mapRefGetter) restapi.GetMapNameEventsHandler

func NewGetMapNameHandler added in v1.8.0 

func NewGetMapNameHandler(d *Daemon) restapi.GetMapNameHandler

func NewGetMetricsHandler added in v1.8.0 

func NewGetMetricsHandler(d *Daemon) restapi.GetMetricsHandler

NewGetMetricsHandler returns the metrics handler

func NewGetNodeIDsHandler added in v1.11.14 

func NewGetNodeIDsHandler(h datapath.NodeIDHandler) GetNodeIdsHandler

func NewGetPolicyResolveHandler added in v1.8.0 

func NewGetPolicyResolveHandler(d *Daemon) GetPolicyResolveHandler

func NewGetPrefilterHandler added in v1.8.0 

func NewGetPrefilterHandler(d *Daemon) GetPrefilterHandler

NewGetPrefilterHandler returns new get handler for api

func NewGetRecorderHandler added in v1.10.0 

func NewGetRecorderHandler(rec *recorder.Recorder) GetRecorderHandler

func NewGetRecorderIDHandler added in v1.10.0 

func NewGetRecorderIDHandler(rec *recorder.Recorder) GetRecorderIDHandler

func NewGetRecorderMasksHandler added in v1.10.0 

func NewGetRecorderMasksHandler(rec *recorder.Recorder) GetRecorderMasksHandler

func NewGetServiceHandler added in v1.8.0 

func NewGetServiceHandler(svc *service.Service) GetServiceHandler

func NewGetServiceIDHandler added in v1.8.0 

func NewGetServiceIDHandler(svc *service.Service) GetServiceIDHandler

func NewPatchConfigHandler added in v1.8.0 

func NewPatchConfigHandler(d *Daemon) PatchConfigHandler

func NewPatchEndpointIDConfigHandler added in v1.8.0 

func NewPatchEndpointIDConfigHandler(d *Daemon) PatchEndpointIDConfigHandler

func NewPatchEndpointIDHandler added in v1.8.0 

func NewPatchEndpointIDHandler(d *Daemon) PatchEndpointIDHandler

func NewPatchEndpointIDLabelsHandler added in v1.8.0 

func NewPatchEndpointIDLabelsHandler(d *Daemon) PatchEndpointIDLabelsHandler

func NewPatchPrefilterHandler added in v1.8.0 

func NewPatchPrefilterHandler(d *Daemon) PatchPrefilterHandler

NewPatchPrefilterHandler returns new patch handler for api

func NewPostIPAMHandler added in v1.8.0 

func NewPostIPAMHandler(d *Daemon) ipamapi.PostIpamHandler

NewPostIPAMHandler creates a new postIPAM from the daemon.

func NewPostIPAMIPHandler added in v1.8.0 

func NewPostIPAMIPHandler(d *Daemon) ipamapi.PostIpamIPHandler

NewPostIPAMIPHandler creates a new postIPAM from the daemon.

func NewPutEndpointIDHandler added in v1.8.0 

func NewPutEndpointIDHandler(d *Daemon) PutEndpointIDHandler

func NewPutRecorderIDHandler added in v1.10.0 

func NewPutRecorderIDHandler(rec *recorder.Recorder) PutRecorderIDHandler

func NewPutServiceIDHandler added in v1.8.0 

func NewPutServiceIDHandler(svc *service.Service) PutServiceIDHandler

func WithCustomEndpointManager added in v1.8.1 

func WithCustomEndpointManager(s endpointmanager.EndpointResourceSynchronizer) *endpointmanager.EndpointManager

WithCustomEndpointManager creates the custom endpoint manager with the provided endpoint synchronizer. This is useful for tests which want to mock out the real endpoint synchronizer.

func WithDefaultEndpointManager added in v1.8.1 

func WithDefaultEndpointManager(ctx context.Context, clientset client.Clientset, checker endpointmanager.EndpointCheckerFunc) *endpointmanager.EndpointManager

WithDefaultEndpointManager creates the default endpoint manager with a functional endpoint synchronizer.

Types

type CachingIdentityAllocator 

type CachingIdentityAllocator interface {
	cache.IdentityAllocator
	clustermesh.RemoteIdentityWatcher

	InitIdentityAllocator(versioned.Interface, k8sCache.Store) <-chan struct{}
	Close()
}

CachingIdentityAllocator provides an abstraction over the concrete type in pkg/identity/cache so that the underlying implementation can be mocked out in unit tests.

type ConfigModifyEvent 

type ConfigModifyEvent struct {
	// contains filtered or unexported fields
}

ConfigModifyEvent is a wrapper around the parameters for configModify.

func (*ConfigModifyEvent) Handle 

func (c *ConfigModifyEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type Daemon 

type Daemon struct {
	// contains filtered or unexported fields
}

Daemon is the cilium daemon that is in charge of perform all necessary plumbing, monitoring when a LXC starts.

func (*Daemon) Close 

func (d *Daemon) Close()

Close shuts down a daemon

func (*Daemon) Datapath 

func (d *Daemon) Datapath() datapath.Datapath

Datapath returns a reference to the datapath implementation.

func (*Daemon) DebugEnabled 

func (d *Daemon) DebugEnabled() bool

DebugEnabled returns if debug mode is enabled.

func (*Daemon) DeleteEndpoint 

func (d *Daemon) DeleteEndpoint(id string) (int, error)

func (*Daemon) DumpIPAM 

func (d *Daemon) DumpIPAM() *models.IPAMStatus

DumpIPAM dumps in the form of a map, the list of reserved IPv4 and IPv6 addresses.

func (*Daemon) EndpointCreated 

func (d *Daemon) EndpointCreated(ep *endpoint.Endpoint)

EndpointCreated is a callback to satisfy EndpointManager.Subscriber, allowing the EndpointManager to be the primary implementer of the core endpoint management functionality while deferring other responsibilities to the daemon.

It is called after Daemon calls into d.endpointManager.AddEndpoint().

func (*Daemon) EndpointDeleted 

func (d *Daemon) EndpointDeleted(ep *endpoint.Endpoint, conf endpoint.DeleteConfig)

EndpointDeleted is a callback to satisfy EndpointManager.Subscriber, which works around the difficulties in initializing various subsystems involved in managing endpoints, such as the EndpointManager, IPAM and the Monitor.

It is called after Daemon calls into d.endpointManager.RemoveEndpoint().

func (*Daemon) EndpointUpdate 

func (d *Daemon) EndpointUpdate(id string, cfg *models.EndpointConfigurationSpec) error

EndpointUpdate updates the options of the given endpoint and regenerates the endpoint

func (*Daemon) GetCIDRPrefixLengths 

func (d *Daemon) GetCIDRPrefixLengths() (s6, s4 []int)

GetCIDRPrefixLengths returns the sorted list of unique prefix lengths used by CIDR policies.

func (*Daemon) GetCompilationLock 

func (d *Daemon) GetCompilationLock() *lock.RWMutex

GetCompilationLock returns the mutex responsible for synchronizing compilation of BPF programs.

func (*Daemon) GetDNSRules 

func (d *Daemon) GetDNSRules(epID uint16) restore.DNSRules

func (*Daemon) GetEndpointInfo 

func (d *Daemon) GetEndpointInfo(ip net.IP) (endpoint v1.EndpointInfo, ok bool)

GetEndpointInfo returns endpoint info for a given IP address. Hubble uses this function to populate fields like namespace and pod name for local endpoints.

func (*Daemon) GetEndpointInfoByID 

func (d *Daemon) GetEndpointInfoByID(id uint16) (endpoint v1.EndpointInfo, ok bool)

GetEndpointInfo returns endpoint info for a given Cilium endpoint id. Used by Hubble.

func (*Daemon) GetEndpoints 

func (d *Daemon) GetEndpoints() map[policy.Endpoint]struct{}

func (*Daemon) GetIdentity 

func (d *Daemon) GetIdentity(securityIdentity uint32) (*identity.Identity, error)

GetIdentity looks up identity by ID from Cilium's identity cache. Hubble uses the identity info to populate source and destination labels of flows.

func (*Daemon) GetK8sMetadata 

func (d *Daemon) GetK8sMetadata(ip net.IP) *ipcache.K8sMetadata

GetK8sMetadata returns the Kubernetes metadata for the given IP address. It implements hubble parser's IPGetter.GetK8sMetadata.

func (*Daemon) GetK8sStore 

func (d *Daemon) GetK8sStore(name string) k8scache.Store

GetK8sStore returns the k8s watcher cache store for the given resource name. It implements hubble parser's StoreGetter.GetK8sStore WARNING: the objects returned by these stores can't be used to create update objects into k8s as well as the objects returned by these stores should only be used for reading.

func (*Daemon) GetNamesOf 

func (d *Daemon) GetNamesOf(sourceEpID uint32, ip net.IP) []string

GetNamesOf implements DNSGetter.GetNamesOf. It looks up DNS names of a given IP from the FQDN cache of an endpoint specified by sourceEpID.

func (*Daemon) GetNodeSuffix added in v1.8.0 

func (d *Daemon) GetNodeSuffix() string

GetNodeSuffix returns the suffix to be appended to kvstore keys of this agent

func (*Daemon) GetOptions 

func (d *Daemon) GetOptions() *option.IntOptions

GetOptions returns the datapath configuration options of the daemon.

func (*Daemon) GetParentPodMetadata 

func (d *Daemon) GetParentPodMetadata(cgroupId uint64) *cgroupManager.PodMetadata

func (*Daemon) GetPolicyRepository 

func (d *Daemon) GetPolicyRepository() *policy.Repository

GetPolicyRepository returns the policy repository of the daemon

func (*Daemon) GetServiceByAddr 

func (d *Daemon) GetServiceByAddr(ip net.IP, port uint16) *flowpb.Service

GetServiceByAddr looks up service by IP/port. Hubble uses this function to annotate flows with service information.

func (*Daemon) K8sCacheIsSynced added in v1.10.6 

func (d *Daemon) K8sCacheIsSynced() bool

K8sCacheIsSynced returns true if the agent has fully synced its k8s cache with the API server

func (*Daemon) LocalConfig 

func (d *Daemon) LocalConfig() *datapath.LocalNodeConfiguration

LocalConfig returns the local configuration of the daemon's nodediscovery.

func (*Daemon) LookupSecIDByIP 

func (d *Daemon) LookupSecIDByIP(ip net.IP) (id ipcache.Identity, ok bool)

LookupSecIDByIP returns the security ID for the given IP. If the security ID cannot be found, ok is false. It implements hubble parser's IPGetter.LookupSecIDByIP.

func (*Daemon) NewProxyLogRecord added in v1.8.0 

func (d *Daemon) NewProxyLogRecord(l *logger.LogRecord) error

NewProxyLogRecord is invoked by the proxy accesslog on each new access log entry

func (*Daemon) PolicyAdd 

func (d *Daemon) PolicyAdd(rules policyAPI.Rules, opts *policy.AddOptions) (newRev uint64, err error)

PolicyAdd adds a slice of rules to the policy repository owned by the daemon. Eventual changes in policy rules are propagated to all locally managed endpoints. Returns the policy revision number of the repository after adding the rules into the repository, or an error if the updated policy was not able to be imported.

func (*Daemon) PolicyDelete 

func (d *Daemon) PolicyDelete(labels labels.LabelArray) (newRev uint64, err error)

PolicyDelete deletes the policy rules with the provided set of labels from the policy repository of the daemon. Returns the revision number and an error in case it was not possible to delete the policy.

func (*Daemon) QueueEndpointBuild 

func (d *Daemon) QueueEndpointBuild(ctx context.Context, epID uint64) (func(), error)

QueueEndpointBuild waits for a "build permit" for the endpoint identified by 'epID'. This function blocks until the endpoint can start building. The returned function must then be called to release the "build permit" when the most resource intensive parts of the build are done. The returned function is idempotent, so it may be called more than once. Returns a nil function if the caller should NOT start building the endpoint. This may happen due to a build being queued for the endpoint already, or due to the wait for the build permit being canceled. The latter case happens when the endpoint is being deleted. Returns an error if the build permit could not be acquired.

func (*Daemon) ReloadOnDeviceChange 

func (d *Daemon) ReloadOnDeviceChange(devices []string)

ReloadOnDeviceChange regenerates device related information and reloads the datapath. The devices is the new set of devices that replaces the old set.

func (*Daemon) RemoveRestoredDNSRules 

func (d *Daemon) RemoveRestoredDNSRules(epID uint16)

func (*Daemon) SendNotification 

func (d *Daemon) SendNotification(notification monitorAPI.AgentNotifyMessage) error

SendNotification sends an agent notification to the monitor

func (*Daemon) SetPrefilter 

func (d *Daemon) SetPrefilter(preFilter datapath.PreFilter)

SetPrefilter sets the preftiler for the given daemon.

func (*Daemon) TriggerDatapathRegen 

func (d *Daemon) TriggerDatapathRegen(force bool, reason string)

TriggerDatapathRegen triggers datapath rewrite for every daemon's endpoint. This is only called after agent configuration changes for now. Policy revision needs to be increased on PolicyEnforcement mode change.

func (*Daemon) TriggerPolicyUpdates 

func (d *Daemon) TriggerPolicyUpdates(force bool, reason string)

TriggerPolicyUpdates triggers policy updates by deferring to the policy.Updater to handle them.

func (*Daemon) TriggerReloadWithoutCompile 

func (d *Daemon) TriggerReloadWithoutCompile(reason string) (*sync.WaitGroup, error)

TriggerReloadWithoutCompile causes all BPF programs and maps to be reloaded, without recompiling the datapath logic for each endpoint. It first attempts to recompile the base programs, and if this fails returns an error. If base program load is successful, it subsequently triggers regeneration of all endpoints and returns a waitgroup that may be used by the caller to wait for all endpoint regeneration to complete.

If an error is returned, then no regeneration was successful. If no error is returned, then the base programs were successfully regenerated, but endpoints may or may not have successfully regenerated.

func (*Daemon) UpdateIdentities added in v1.8.0 

func (d *Daemon) UpdateIdentities(added, deleted cache.IdentityCache)

UpdateIdentities informs the policy package of all identity changes and also triggers policy updates.

The caller is responsible for making sure the same identity is not present in both 'added' and 'deleted'.

type DaemonInterface 

type DaemonInterface interface {
	// contains filtered or unexported methods
}

DaemonInterface to help with testing.

type EndpointMapManager 

type EndpointMapManager struct {
	*endpointmanager.EndpointManager
}

EndpointMapManager is a wrapper around an endpointmanager as well as the filesystem for removing maps related to endpoints from the filesystem.

func (*EndpointMapManager) RemoveDatapathMapping 

func (e *EndpointMapManager) RemoveDatapathMapping(endpointID uint16) error

RemoveDatapathMapping unlinks the endpointID from the global policy map, preventing packets that arrive on this node from being forwarded to the endpoint that used to exist with the specified ID.

func (*EndpointMapManager) RemoveMapPath 

func (e *EndpointMapManager) RemoveMapPath(path string)

RemoveMapPath removes the specified path from the filesystem.

type PolicyAddEvent 

type PolicyAddEvent struct {
	// contains filtered or unexported fields
}

PolicyAddEvent is a wrapper around the parameters for policyAdd.

func (*PolicyAddEvent) Handle 

func (p *PolicyAddEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type PolicyAddResult 

type PolicyAddResult struct {
	// contains filtered or unexported fields
}

PolicyAddResult is a wrapper around the values returned by policyAdd. It contains the new revision of a policy repository after adding a list of rules to it, and any error associated with adding rules to said repository.

type PolicyDeleteEvent 

type PolicyDeleteEvent struct {
	// contains filtered or unexported fields
}

PolicyDeleteEvent is a wrapper around deletion of policy rules with a given set of labels from the policy repository in the daemon.

func (*PolicyDeleteEvent) Handle 

func (p *PolicyDeleteEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type PolicyDeleteResult 

type PolicyDeleteResult struct {
	// contains filtered or unexported fields
}

PolicyDeleteResult is a wrapper around the values returned by policyDelete. It contains the new revision of a policy repository after deleting a list of rules to it, and any error associated with adding rules to said repository.

type PolicyReactionEvent 

type PolicyReactionEvent struct {
	// contains filtered or unexported fields
}

PolicyReactionEvent is an event which needs to be serialized after changes to a policy repository for a daemon. This currently consists of endpoint regenerations / policy revision incrementing for a given endpoint.

func (*PolicyReactionEvent) Handle 

func (r *PolicyReactionEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type ServiceInterface 

type ServiceInterface interface {
	GetLastUpdatedTs() time.Time
	GetCurrentTs() time.Time
}

ServiceInterface to help with testing.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.