Documentation ¶
Overview ¶
This package contains the agent code used to configure the Wireguard tunnel between nodes. The code supports adding and removing peers at run-time and the peer information is retrieved via the CiliumNode object.
Index ¶
- type Agent
- func (a *Agent) AllNodeValidateImplementation()
- func (a *Agent) Close() error
- func (a *Agent) DeletePeer(nodeName string) error
- func (a *Agent) Init(ipcache *ipcache.IPCache, mtuConfig mtu.Configuration) error
- func (a *Agent) InitLocalNodeFromWireGuard(localNode *node.LocalNode)
- func (a *Agent) NodeAdd(newNode nodeTypes.Node) error
- func (a *Agent) NodeConfigurationChanged(config datapath.LocalNodeConfiguration) error
- func (a *Agent) NodeDelete(node nodeTypes.Node) error
- func (a *Agent) NodeUpdate(_, newNode nodeTypes.Node) error
- func (a *Agent) NodeValidateImplementation(node nodeTypes.Node) error
- func (a *Agent) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidrCluster cmtypes.PrefixCluster, ...)
- func (a *Agent) OnIPIdentityCacheGC()
- func (a *Agent) RestoreFinished(cm *clustermesh.ClusterMesh) error
- func (a *Agent) Status(withPeers bool) (*models.WireguardStatus, error)
- func (a *Agent) UpdatePeer(nodeName, pubKeyHex string, nodeIPv4, nodeIPv6 net.IP) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Agent ¶
Agent needs to be initialized with Init(). In Init(), the Wireguard tunnel device will be created and the proper routes set. During Init(), existing peer keys are placed into `restoredPubKeys`. Once RestoreFinished() is called obsolete keys and peers are removed. UpdatePeer() inserts or updates the public key of peer discovered via the node manager.
func (*Agent) AllNodeValidateImplementation ¶
func (a *Agent) AllNodeValidateImplementation()
AllNodeValidateImplementation is called to validate the implementation of all nodes in the datapath.
func (*Agent) DeletePeer ¶
func (*Agent) InitLocalNodeFromWireGuard ¶ added in v1.14.7
InitLocalNodeFromWireGuard configures the fields on the local node. Called from the LocalNodeSynchronizer _before_ the local node is published in the K8s CiliumNode CRD or the kvstore.
This method does the following:
- It sets the local WireGuard public key (to be read by other nodes).
- It reads the local node's labels to determine if the local node wants to opt-out of node-to-node encryption.
- If the local node opts out of node-to-node encryption, we set the localNode.EncryptKey to zero. This indicates to other nodes that they should not encrypt node-to-node traffic with us.
func (*Agent) NodeConfigurationChanged ¶
func (a *Agent) NodeConfigurationChanged(config datapath.LocalNodeConfiguration) error
NodeConfigurationChanged is called when the local node configuration has changed
func (*Agent) NodeDelete ¶
NodeDelete is called after a node has been deleted
func (*Agent) NodeUpdate ¶
NmdeUpdate is called when a node definition changes. Both the old and new node definition is provided. NodeUpdate() is never called before NodeAdd() is called for a particular node.
func (*Agent) NodeValidateImplementation ¶
NodeValidateImplementation is called to validate the implementation of the node in the datapath. This function is intended to be run on an interval to ensure that the datapath is consistently converged.
func (*Agent) OnIPIdentityCacheChange ¶
func (a *Agent) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidrCluster cmtypes.PrefixCluster, oldHostIP, newHostIP net.IP, _ *ipcache.Identity, _ ipcache.Identity, _ uint8, _ *ipcache.K8sMetadata)
OnIPIdentityCacheChange implements ipcache.IPIdentityMappingListener
func (*Agent) OnIPIdentityCacheGC ¶
func (a *Agent) OnIPIdentityCacheGC()
OnIPIdentityCacheGC implements ipcache.IPIdentityMappingListener
func (*Agent) RestoreFinished ¶
func (a *Agent) RestoreFinished(cm *clustermesh.ClusterMesh) error