Documentation ¶
Overview ¶
Package api defines the API of the Cilium network policy interface
Index ¶
- Constants
- Variables
- func GenerateK8sLabelString(k, v string) string
- func GetCiliumKeyFrom(extKey string) string
- func GetExtendedKeyFrom(str string) string
- type Label
- func (in *Label) DeepEqual(other *Label) bool
- func (l *Label) Equals(b *Label) bool
- func (l Label) FormatForKVStore() []byte
- func (l *Label) GetExtendedKey() string
- func (l *Label) IsAnySource() bool
- func (l *Label) IsReservedSource() bool
- func (l *Label) IsValid() bool
- func (l *Label) String() string
- func (l *Label) UnmarshalJSON(data []byte) error
- type LabelArray
- func NewLabelArrayFromSortedList(list string) LabelArray
- func NewSelectLabelArrayFromModel(base []string) LabelArray
- func ParseLabelArray(labels ...string) LabelArray
- func ParseLabelArrayFromArray(base []string) LabelArray
- func ParseSelectLabelArray(labels ...string) LabelArray
- func ParseSelectLabelArrayFromArray(base []string) LabelArray
- func (ls LabelArray) Contains(needed LabelArray) bool
- func (ls LabelArray) DeepCopy() LabelArray
- func (in *LabelArray) DeepEqual(other *LabelArray) bool
- func (ls LabelArray) Equals(b LabelArray) bool
- func (ls LabelArray) Get(key string) string
- func (ls LabelArray) GetModel() []string
- func (ls LabelArray) Has(key string) bool
- func (ls LabelArray) Labels() Labels
- func (ls LabelArray) Lacks(needed LabelArray) LabelArray
- func (ls LabelArray) Less(b LabelArray) bool
- func (ls LabelArray) Sort() LabelArray
- func (ls LabelArray) String() string
- func (ls LabelArray) StringMap() map[string]string
- type LabelArrayList
- func (ls LabelArrayList) DeepCopy() LabelArrayList
- func (in *LabelArrayList) DeepEqual(other *LabelArrayList) bool
- func (ls LabelArrayList) Equals(b LabelArrayList) bool
- func (ls LabelArrayList) GetModel() [][]string
- func (lsp *LabelArrayList) Merge(include ...LabelArray) LabelArrayList
- func (lsp *LabelArrayList) MergeSorted(include LabelArrayList) LabelArrayList
- func (ls LabelArrayList) Sort() LabelArrayList
- type Labels
- func (in *Labels) DeepEqual(other *Labels) bool
- func (l Labels) Equals(other Labels) bool
- func (l Labels) FindReserved() Labels
- func (l Labels) GetFromSource(source string) Labels
- func (l Labels) GetModel() []string
- func (l Labels) GetPrintableModel() (res []string)
- func (l Labels) Has(label Label) bool
- func (l Labels) IsReserved() bool
- func (l Labels) K8sStringMap() map[string]string
- func (l Labels) LabelArray() LabelArray
- func (l Labels) MergeLabels(from Labels)
- func (l Labels) Remove(from Labels) Labels
- func (l Labels) SortedList() []byte
- func (l Labels) String() string
- func (l Labels) StringMap() map[string]string
- func (l Labels) ToSlice() []Label
- type OpLabels
- func (o *OpLabels) AllLabels() Labels
- func (in *OpLabels) DeepEqual(other *OpLabels) bool
- func (o *OpLabels) GetIdentityLabel(key string) (l Label, found bool)
- func (o *OpLabels) IdentityLabels() Labels
- func (o *OpLabels) ModifyIdentityLabels(addLabels, delLabels Labels) (changed bool, err error)
- func (o *OpLabels) ReplaceIdentityLabels(sourceFilter string, l Labels, logger *logrus.Entry) bool
- func (o *OpLabels) ReplaceInformationLabels(sourceFilter string, l Labels, logger *logrus.Entry) bool
- func (o *OpLabels) SplitUserLabelChanges(lbls Labels) (add, del Labels)
Constants ¶
const ( // PathDelimiter is the delimiter used in the labels paths. PathDelimiter = "." // IDNameHost is the label used for the hostname ID. IDNameHost = "host" // IDNameRemoteNode is the label used to describe the // ReservedIdentityRemoteNode IDNameRemoteNode = "remote-node" // IDNameWorld is the label used for the world ID. IDNameWorld = "world" // IDNameWorldIPv4 is the label used for the world-ipv4 ID, to distinguish // it from world-ipv6 in dual-stack mode. IDNameWorldIPv4 = "world-ipv4" // IDNameWorldIPv6 is the label used for the world-ipv6 ID, to distinguish // it from world-ipv4 in dual-stack mode. IDNameWorldIPv6 = "world-ipv6" // IDNameCluster is the label used to identify an unspecified endpoint // inside the cluster IDNameCluster = "cluster" // IDNameHealth is the label used for the local cilium-health endpoint IDNameHealth = "health" // IDNameInit is the label used to identify any endpoint that has not // received any labels yet. IDNameInit = "init" // IDNameKubeAPIServer is the label used to identify the kube-apiserver. It // is part of the reserved identity 7 and it is also used in conjunction // with IDNameHost if the kube-apiserver is running on the local host. IDNameKubeAPIServer = "kube-apiserver" // IDNameIngress is the label used to identify Ingress proxies. It is part // of the reserved identity 8. IDNameIngress = "ingress" // IDNameNone is the label used to identify no endpoint or other L3 entity. // It will never be assigned and this "label" is here for consistency with // other Entities. IDNameNone = "none" // IDNameUnmanaged is the label used to identify unmanaged endpoints IDNameUnmanaged = "unmanaged" // IDNameUnknown is the label used to to identify an endpoint with an // unknown identity. IDNameUnknown = "unknown" )
const ( // LabelSourceUnspec is a label with unspecified source LabelSourceUnspec = "unspec" // LabelSourceAny is a label that matches any source LabelSourceAny = "any" // LabelSourceAnyKeyPrefix is prefix of a "any" label LabelSourceAnyKeyPrefix = LabelSourceAny + "." // LabelSourceK8s is a label imported from Kubernetes LabelSourceK8s = "k8s" // LabelSourceK8sKeyPrefix is prefix of a Kubernetes label LabelSourceK8sKeyPrefix = LabelSourceK8s + "." // LabelSourceContainer is a label imported from the container runtime LabelSourceContainer = "container" // LabelSourceCNI is a label imported from the CNI plugin LabelSourceCNI = "cni" // LabelSourceReserved is the label source for reserved types. LabelSourceReserved = "reserved" // LabelSourceCIDR is the label source for generated CIDRs. LabelSourceCIDR = "cidr" // LabelSourceReservedKeyPrefix is the prefix of a reserved label LabelSourceReservedKeyPrefix = LabelSourceReserved + "." // LabelKeyFixedIdentity is the label that can be used to define a fixed // identity. LabelKeyFixedIdentity = "io.cilium.fixed-identity" )
Variables ¶
var ( // LabelHealth is the label used for health. LabelHealth = Labels{IDNameHealth: NewLabel(IDNameHealth, "", LabelSourceReserved)} // LabelHost is the label used for the host endpoint. LabelHost = Labels{IDNameHost: NewLabel(IDNameHost, "", LabelSourceReserved)} // LabelWorld is the label used for world. LabelWorld = Labels{IDNameWorld: NewLabel(IDNameWorld, "", LabelSourceReserved)} // LabelWorldIPv4 is the label used for world-ipv4. LabelWorldIPv4 = Labels{IDNameWorldIPv4: NewLabel(IDNameWorldIPv4, "", LabelSourceReserved)} // LabelWorldIPv6 is the label used for world-ipv6. LabelWorldIPv6 = Labels{IDNameWorldIPv6: NewLabel(IDNameWorldIPv6, "", LabelSourceReserved)} // LabelRemoteNode is the label used for remote nodes. LabelRemoteNode = Labels{IDNameRemoteNode: NewLabel(IDNameRemoteNode, "", LabelSourceReserved)} // LabelKubeAPIServer is the label used for the kube-apiserver. See comment // on IDNameKubeAPIServer. LabelKubeAPIServer = Labels{IDNameKubeAPIServer: NewLabel(IDNameKubeAPIServer, "", LabelSourceReserved)} // LabelIngress is the label used for Ingress proxies. See comment // on IDNameIngress. LabelIngress = Labels{IDNameIngress: NewLabel(IDNameIngress, "", LabelSourceReserved)} )
Functions ¶
func GenerateK8sLabelString ¶ added in v0.15.7
GenerateK8sLabelString generates the string representation of a label with the provided source, key, and value in the format "LabelSourceK8s:key=value".
func GetCiliumKeyFrom ¶ added in v0.9.0
GetCiliumKeyFrom returns the label's source and key from the an extended key in the format SOURCE:KEY.
func GetExtendedKeyFrom ¶ added in v0.9.0
GetExtendedKeyFrom returns the extended key of a label string. For example: `k8s:foo=bar` returns `k8s.foo` `container:foo=bar` returns `container.foo` `foo=bar` returns `any.foo=bar`
Types ¶
type Label ¶
type Label struct { Key string `json:"key"` Value string `json:"value,omitempty"` // Source can be one of the above values (e.g.: LabelSourceContainer). // // +kubebuilder:validation:Optional Source string `json:"source"` }
Label is the Cilium's representation of a container label.
func IPStringToLabel ¶ added in v1.15.0
IPStringToLabel parses a string and returns it as a CIDR label.
If ip is not a valid IP address or CIDR Prefix, returns an error.
func NewLabel ¶
NewLabel returns a new label from the given key, value and source. If source is empty, the default value will be LabelSourceUnspec. If key starts with '$', the source will be overwritten with LabelSourceReserved. If key contains ':', the value before ':' will be used as source if given source is empty, otherwise the value before ':' will be deleted and unused.
func ParseLabel ¶
ParseLabel returns the label representation of the given string. The str should be in the form of Source:Key=Value or Source:Key if Value is empty. It also parses short forms, for example: $host will be Label{Key: "host", Source: "reserved", Value: ""}.
func ParseSelectLabel ¶ added in v0.10.0
ParseSelectLabel returns a selecting label representation of the given string. Unlike ParseLabel, if source is unspecified, the source defaults to LabelSourceAny
func (*Label) DeepEqual ¶ added in v0.15.7
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (Label) FormatForKVStore ¶ added in v0.15.7
FormatForKVStore returns the label as a formatted string, ending in a semicolon
DO NOT BREAK THE FORMAT OF THIS. THE RETURNED STRING IS USED AS PART OF THE KEY IN THE KEY-VALUE STORE.
Non-pointer receiver allows this to be called on a value in a map.
func (*Label) GetExtendedKey ¶ added in v0.9.0
GetExtendedKey returns the key of a label with the source encoded.
func (*Label) IsAnySource ¶ added in v0.9.0
IsAnySource return if the label was set with source "any".
func (*Label) IsReservedSource ¶ added in v0.15.7
IsReservedSource return if the label was set with source "Reserved".
func (*Label) String ¶
String returns the string representation of Label in the for of Source:Key=Value or Source:Key if Value is empty.
func (*Label) UnmarshalJSON ¶
UnmarshalJSON TODO create better explanation about unmarshall with examples
type LabelArray ¶ added in v0.9.0
type LabelArray []Label
LabelArray is an array of labels forming a set
func NewLabelArrayFromSortedList ¶ added in v0.15.7
func NewLabelArrayFromSortedList(list string) LabelArray
NewLabelArrayFromSortedList returns labels based on the output of SortedList() Trailing ';' will result in an empty key that must be filtered out.
func NewSelectLabelArrayFromModel ¶ added in v0.10.0
func NewSelectLabelArrayFromModel(base []string) LabelArray
NewSelectLabelArrayFromModel parses a slice of strings and converts them into an array of selecting labels, sorted by the key.
func ParseLabelArray ¶ added in v0.9.0
func ParseLabelArray(labels ...string) LabelArray
ParseLabelArray parses a list of labels and returns a LabelArray
func ParseLabelArrayFromArray ¶ added in v0.9.0
func ParseLabelArrayFromArray(base []string) LabelArray
ParseLabelArrayFromArray converts an array of strings as labels and returns a LabelArray
func ParseSelectLabelArray ¶ added in v0.10.0
func ParseSelectLabelArray(labels ...string) LabelArray
ParseSelectLabelArray parses a list of select labels and returns a LabelArray
func ParseSelectLabelArrayFromArray ¶ added in v0.10.0
func ParseSelectLabelArrayFromArray(base []string) LabelArray
ParseSelectLabelArrayFromArray converts an array of strings as select labels and returns a LabelArray
func (LabelArray) Contains ¶ added in v0.9.0
func (ls LabelArray) Contains(needed LabelArray) bool
Contains returns true if all ls contains all the labels in needed. If needed contains no labels, Contains() will always return true
func (LabelArray) DeepCopy ¶ added in v0.15.7
func (ls LabelArray) DeepCopy() LabelArray
DeepCopy returns a deep copy of the labels.
func (*LabelArray) DeepEqual ¶ added in v0.15.7
func (in *LabelArray) DeepEqual(other *LabelArray) bool
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (LabelArray) Equals ¶ added in v0.15.7
func (ls LabelArray) Equals(b LabelArray) bool
Equals returns true if the label arrays are the same, i.e., have the same labels in the same order.
func (LabelArray) Get ¶ added in v0.9.0
func (ls LabelArray) Get(key string) string
Get returns the value for the provided key. Implementation of the github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels.Labels interface.
func (LabelArray) GetModel ¶ added in v0.15.7
func (ls LabelArray) GetModel() []string
GetModel returns the LabelArray as a string array with fully-qualified labels. The output is parseable by ParseLabelArrayFromArray
func (LabelArray) Has ¶ added in v0.9.0
func (ls LabelArray) Has(key string) bool
Has returns whether the provided key exists. Implementation of the github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels.Labels interface.
func (LabelArray) Labels ¶ added in v0.15.7
func (ls LabelArray) Labels() Labels
Labels returns the LabelArray as Labels
func (LabelArray) Lacks ¶ added in v0.9.0
func (ls LabelArray) Lacks(needed LabelArray) LabelArray
Lacks is identical to Contains but returns all missing labels
func (LabelArray) Less ¶ added in v0.15.7
func (ls LabelArray) Less(b LabelArray) bool
Less returns true if ls comes before b in the lexicographical order. Assumes both ls and b are already sorted.
func (LabelArray) Sort ¶ added in v0.15.7
func (ls LabelArray) Sort() LabelArray
Sort is an internal utility to return all LabelArrays in sorted order, when the source material may be unsorted. 'ls' is sorted in-place, but also returns the sorted array for convenience.
func (LabelArray) String ¶ added in v0.15.7
func (ls LabelArray) String() string
func (LabelArray) StringMap ¶ added in v0.15.7
func (ls LabelArray) StringMap() map[string]string
StringMap converts LabelArray into map[string]string Note: The source is included in the keys with a ':' separator. Note: LabelArray does not deduplicate entries, as it is an array. It is possible for the output to contain fewer entries when the source and key are repeated in a LabelArray, as that is the key of the output. This scenario is not expected.
type LabelArrayList ¶ added in v0.15.7
type LabelArrayList []LabelArray
LabelArrayList is an array of LabelArrays. It is primarily intended as a simple collection
func (LabelArrayList) DeepCopy ¶ added in v0.15.7
func (ls LabelArrayList) DeepCopy() LabelArrayList
DeepCopy returns a deep copy of the LabelArray, with each element also copied.
func (*LabelArrayList) DeepEqual ¶ added in v0.15.7
func (in *LabelArrayList) DeepEqual(other *LabelArrayList) bool
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (LabelArrayList) Equals ¶ added in v0.15.7
func (ls LabelArrayList) Equals(b LabelArrayList) bool
Equals returns true if the label arrays lists have the same label arrays in the same order.
func (LabelArrayList) GetModel ¶ added in v0.15.7
func (ls LabelArrayList) GetModel() [][]string
GetModel returns the LabelArrayList as a [][]string. Each member LabelArray becomes a []string.
func (*LabelArrayList) Merge ¶ added in v0.15.7
func (lsp *LabelArrayList) Merge(include ...LabelArray) LabelArrayList
Merge incorporates new LabelArrays into an existing LabelArrayList, without introducing duplicates, returning the result for convenience. Existing duplication in either list is not removed.
func (*LabelArrayList) MergeSorted ¶ added in v0.15.7
func (lsp *LabelArrayList) MergeSorted(include LabelArrayList) LabelArrayList
MergeSorted incorporates new labels from 'include' to the receiver, both of which must be already sorted. LabelArrays are inserted from 'include' to the receiver as needed.
func (LabelArrayList) Sort ¶ added in v0.15.7
func (ls LabelArrayList) Sort() LabelArrayList
Sort sorts the LabelArrayList in-place, but also returns the sorted list for convenience. The LabelArrays themselves must already be sorted. This is true for all constructors of LabelArray.
type Labels ¶
Labels is a map of labels where the map's key is the same as the label's key.
func GetCIDRLabels ¶ added in v1.15.0
GetCIDRLabels turns a CIDR into a set of labels representing the cidr itself and all broader CIDRS which include the specified CIDR in them. For example: CIDR: 10.0.0.0/8 =>
"cidr:10.0.0.0/8", "cidr:10.0.0.0/7", "cidr:8.0.0.0/6", "cidr:8.0.0.0/5", "cidr:0.0.0.0/4, "cidr:0.0.0.0/3", "cidr:0.0.0.0/2", "cidr:0.0.0.0/1", "cidr:0.0.0.0/0"
The identity reserved:world is always added as it includes any CIDR.
func Map2Labels ¶
Map2Labels transforms in the form: map[key(string)]value(string) into Labels. The source argument will overwrite the source written in the key of the given map. Example: l := Map2Labels(map[string]string{"k8s:foo": "bar"}, "cilium") fmt.Printf("%+v\n", l)
map[string]Label{"foo":Label{Key:"foo", Value:"bar", Source:"cilium"}}
func NewFrom ¶ added in v0.15.7
NewFrom creates a new Labels from the given labels by creating a copy.
func NewLabelsFromModel ¶
NewLabelsFromModel creates labels from string array.
func NewLabelsFromSortedList ¶ added in v0.15.7
NewLabelsFromSortedList returns labels based on the output of SortedList()
func (*Labels) DeepEqual ¶ added in v0.15.7
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (Labels) Equals ¶ added in v0.15.7
Equals returns true if the two Labels contain the same set of labels.
func (Labels) FindReserved ¶ added in v0.15.7
FindReserved locates all labels with reserved source in the labels and returns a copy of them. If there are no reserved labels, returns nil. TODO: return LabelArray as it is likely faster
func (Labels) GetFromSource ¶ added in v0.15.7
GetFromSource returns all labels that are from the given source.
func (Labels) GetPrintableModel ¶ added in v0.15.7
GetPrintableModel turns the Labels into a sorted list of strings representing the labels, with CIDRs deduplicated (ie, only provide the most specific CIDRs).
func (Labels) IsReserved ¶ added in v0.15.7
IsReserved returns true if any of the labels has a reserved source.
func (Labels) K8sStringMap ¶ added in v0.15.7
StringMap converts Labels into map[string]string
func (Labels) LabelArray ¶ added in v0.15.7
func (l Labels) LabelArray() LabelArray
LabelArray returns the labels as label array, sorted by the key.
func (Labels) MergeLabels ¶
MergeLabels merges labels from into to. It overwrites all labels with the same Key as from written into to. Example: to := Labels{Label{key1, value1, source1}, Label{key2, value3, source4}} from := Labels{Label{key1, value3, source4}} to.MergeLabels(from) fmt.Printf("%+v\n", to)
Labels{Label{key1, value3, source4}, Label{key2, value3, source4}}
func (Labels) Remove ¶ added in v0.15.7
Remove is similar to MergeLabels, but returns a new Labels object with the specified Labels removed. The received Labels is not modified.
func (Labels) SortedList ¶ added in v0.15.7
SortedList returns the labels as a sorted list, separated by semicolon
DO NOT BREAK THE FORMAT OF THIS. THE RETURNED STRING IS USED AS KEY IN THE KEY-VALUE STORE.
type OpLabels ¶
type OpLabels struct { // Active labels that are enabled and disabled but not deleted Custom Labels // Labels derived from orchestration system OrchestrationIdentity Labels // orchestrationIdentity labels which have been disabled Disabled Labels // orchestrationInfo - labels from orchestration which are not used in determining a security identity OrchestrationInfo Labels }
OpLabels represents the the possible types.
func NewOpLabels ¶ added in v0.15.7
func NewOpLabels() OpLabels
NewOpLabels creates new initialized OpLabels
func (*OpLabels) AllLabels ¶ added in v0.10.0
AllLabels returns all Labels within the provided OpLabels.
func (*OpLabels) DeepEqual ¶ added in v0.15.7
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (*OpLabels) GetIdentityLabel ¶ added in v0.15.7
GetIdentityLabel returns the value of the given Key from all IdentityLabels.
func (*OpLabels) IdentityLabels ¶ added in v0.10.0
IdentityLabels returns map of labels that are used when determining a security identity.
func (*OpLabels) ModifyIdentityLabels ¶ added in v0.15.7
func (*OpLabels) ReplaceIdentityLabels ¶ added in v0.15.7
func (*OpLabels) ReplaceInformationLabels ¶ added in v0.15.7
func (*OpLabels) SplitUserLabelChanges ¶ added in v0.15.7
SplitUserLabelChanges returns labels to 'add' and 'del'ete to make the custom labels match 'lbls' FIXME: Somewhere in the code we crash if the returned maps are non-nil but length 0. We retain this behaviour here because it's easier.