cmd

package
v1.16.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 17, 2024 License: Apache-2.0 Imports: 235 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	// AutoCIDR indicates that a CIDR should be allocated
	AutoCIDR = "auto"

	// ConfigModifyQueueSize is the size of the event queue for serializing
	// configuration updates to the daemon
	ConfigModifyQueueSize = 10
)

Variables

View Source 
var (
	Agent = cell.Module(
		"agent",
		"Cilium Agent",

		Infrastructure,
		ControlPlane,
		datapath.Cell,
	)

	// Infrastructure provides access and services to the outside.
	// A cell should live here instead of ControlPlane if it is not needed by
	// integrations tests, or needs to be mocked.
	Infrastructure = cell.Module(
		"infra",
		"Infrastructure",

		pprof.Cell,
		cell.Config(pprof.Config{
			PprofAddress: option.PprofAddressAgent,
			PprofPort:    option.PprofPortAgent,
		}),

		gops.Cell(defaults.GopsPortAgent),

		k8sClient.Cell,

		cni.Cell,

		metrics.Cell,

		metricsmap.Cell,

		cell.Provide(func() *option.DaemonConfig { return option.Config }),

		server.Cell,
		cell.Invoke(configureAPIServer),

		cell.Provide(ciliumAPIHandlers),

		deletionQueueCell,

		store.Cell,
	)

	// ControlPlane implement the per-node control functions. These are pure
	// business logic and depend on datapath or infrastructure to perform
	// actions. This separation enables non-privileged integration testing of
	// the control-plane.
	ControlPlane = cell.Module(
		"controlplane",
		"Control Plane",

		node.LocalNodeStoreCell,

		cell.Provide(newLocalNodeSynchronizer),

		controller.Cell,

		agentK8s.ResourcesCell,

		k8sSynced.Cell,

		endpointmanager.Cell,

		endpointcleanup.Cell,

		nodeManager.Cell,

		certificatemanager.Cell,

		server.SpecCell,

		healthApi.SpecCell,

		daemonCell,

		service.Cell,

		proxy.Cell,

		envoy.Cell,

		ciliumenvoyconfig.Cell,

		restapi.Cell,

		bgpv1.Cell,

		speaker.Cell,

		signal.Cell,

		auth.Cell,

		cell.Provide(newPolicyTrifecta),

		ipamMetadata.Cell,

		egressgateway.Cell,

		k8s.ServiceCacheCell,

		policyK8s.Cell,

		policyDirectory.Cell,

		cell.Config(cmtypes.DefaultClusterInfo),
		clustermesh.Cell,

		l2announcer.Cell,

		endpoint.RegeneratorCell,

		redirectpolicy.Cell,

		cell.Invoke(registerDeviceReloader),

		nodediscovery.Cell,

		cgroup.Cell,

		natStats.Cell,

		dial.ServiceResolverCell,

		watchers.Cell,

		recorder.Cell,
	)
)

Functions

func Execute 

func Execute(cmd *cobra.Command)

func InitGlobalFlags 

func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper)

func NewAgentCmd 

func NewAgentCmd(h *hive.Hive) *cobra.Command

func NewDaemonCleanup 

func NewDaemonCleanup() *daemonCleanup

func NewGetClusterNodesHandler 

func NewGetClusterNodesHandler(dp promise.Promise[*Daemon]) *apiHandler[GetClusterNodesParams]

func NewGetMapNameEventsHandler 

func NewGetMapNameEventsHandler(d *Daemon, maps mapRefGetter) restapi.GetMapNameEventsHandler

Types

type CachingIdentityAllocator 

type CachingIdentityAllocator interface {
	cache.IdentityAllocator
	clustermesh.RemoteIdentityWatcher

	InitIdentityAllocator(versioned.Interface) <-chan struct{}

	// RestoreLocalIdentities reads in the checkpointed local allocator state
	// from disk and allocates a reference to every previously existing identity.
	//
	// Once all identity-allocating objects are synchronized (e.g. network policies,
	// remote nodes), call ReleaseRestoredIdentities to release the held references.
	RestoreLocalIdentities() (map[identity.NumericIdentity]*identity.Identity, error)

	// ReleaseRestoredIdentities releases any identities that were restored, reducing their reference
	// count and cleaning up as necessary.
	ReleaseRestoredIdentities()

	Close()
}

CachingIdentityAllocator provides an abstraction over the concrete type in pkg/identity/cache so that the underlying implementation can be mocked out in unit tests.

type ConfigModifyEvent 

type ConfigModifyEvent struct {
	// contains filtered or unexported fields
}

ConfigModifyEvent is a wrapper around the parameters for configModify.

func (*ConfigModifyEvent) Handle 

func (c *ConfigModifyEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type Daemon 

type Daemon struct {
	// contains filtered or unexported fields
}

Daemon is the cilium daemon that is in charge of perform all necessary plumbing, monitoring when a LXC starts.

func (*Daemon) Close 

func (d *Daemon) Close()

Close shuts down a daemon

func (*Daemon) Datapath 

func (d *Daemon) Datapath() datapath.Datapath

Datapath returns a reference to the datapath implementation.

func (*Daemon) DeleteEndpoint 

func (d *Daemon) DeleteEndpoint(id string) (int, error)

func (*Daemon) DumpIPAM 

func (d *Daemon) DumpIPAM() *models.IPAMStatus

DumpIPAM dumps in the form of a map, the list of reserved IPv4 and IPv6 addresses.

func (*Daemon) EndpointCreated 

func (d *Daemon) EndpointCreated(ep *endpoint.Endpoint)

EndpointCreated is a callback to satisfy EndpointManager.Subscriber, allowing the EndpointManager to be the primary implementer of the core endpoint management functionality while deferring other responsibilities to the daemon.

It is called after Daemon calls into d.endpointManager.AddEndpoint().

func (*Daemon) EndpointDeleted 

func (d *Daemon) EndpointDeleted(ep *endpoint.Endpoint, conf endpoint.DeleteConfig)

EndpointDeleted is a callback to satisfy EndpointManager.Subscriber, which works around the difficulties in initializing various subsystems involved in managing endpoints, such as the EndpointManager, IPAM and the Monitor.

It is called after Daemon calls into d.endpointManager.RemoveEndpoint().

func (*Daemon) EndpointRestored added in v1.16.0 

func (d *Daemon) EndpointRestored(ep *endpoint.Endpoint)

EndpointRestored implements endpointmanager.Subscriber.

func (*Daemon) EndpointUpdate 

func (d *Daemon) EndpointUpdate(id string, cfg *models.EndpointConfigurationSpec) error

EndpointUpdate updates the options of the given endpoint and regenerates the endpoint

func (*Daemon) GetCompilationLock 

func (d *Daemon) GetCompilationLock() datapath.CompilationLock

GetCompilationLock returns the mutex responsible for synchronizing compilation of BPF programs.

func (*Daemon) GetDNSRules 

func (d *Daemon) GetDNSRules(epID uint16) restore.DNSRules

func (*Daemon) GetEndpointInfo 

func (d *Daemon) GetEndpointInfo(ip netip.Addr) (endpoint hubbleGetters.EndpointInfo, ok bool)

GetEndpointInfo returns endpoint info for a given IP address. Hubble uses this function to populate fields like namespace and pod name for local endpoints.

func (*Daemon) GetEndpointInfoByID 

func (d *Daemon) GetEndpointInfoByID(id uint16) (endpoint hubbleGetters.EndpointInfo, ok bool)

GetEndpointInfoByID returns endpoint info for a given Cilium endpoint id. Used by Hubble.

func (*Daemon) GetEndpoints 

func (d *Daemon) GetEndpoints() map[policy.Endpoint]struct{}

func (*Daemon) GetIdentity 

func (d *Daemon) GetIdentity(securityIdentity uint32) (*identity.Identity, error)

GetIdentity looks up identity by ID from Cilium's identity cache. Hubble uses the identity info to populate source and destination labels of flows.

func (*Daemon) GetNamesOf 

func (d *Daemon) GetNamesOf(sourceEpID uint32, ip netip.Addr) []string

GetNamesOf implements DNSGetter.GetNamesOf. It looks up DNS names of a given IP from the FQDN cache of an endpoint specified by sourceEpID.

func (*Daemon) GetPolicyRepository 

func (d *Daemon) GetPolicyRepository() *policy.Repository

GetPolicyRepository returns the policy repository of the daemon

func (*Daemon) GetServiceByAddr 

func (d *Daemon) GetServiceByAddr(ip netip.Addr, port uint16) *flowpb.Service

GetServiceByAddr looks up service by IP/port. Hubble uses this function to annotate flows with service information.

func (*Daemon) PolicyAdd 

func (d *Daemon) PolicyAdd(rules policyAPI.Rules, opts *policy.AddOptions) (newRev uint64, err error)

PolicyAdd adds a slice of rules to the policy repository owned by the daemon. Eventual changes in policy rules are propagated to all locally managed endpoints. Returns the policy revision number of the repository after adding the rules into the repository, or an error if the updated policy was not able to be imported.

func (*Daemon) PolicyDelete 

func (d *Daemon) PolicyDelete(labels labels.LabelArray, opts *policy.DeleteOptions) (newRev uint64, err error)

PolicyDelete deletes the policy rules with the provided set of labels from the policy repository of the daemon. Returns the revision number and an error in case it was not possible to delete the policy.

func (*Daemon) QueueEndpointBuild 

func (d *Daemon) QueueEndpointBuild(ctx context.Context, epID uint64) (func(), error)

QueueEndpointBuild waits for a "build permit" for the endpoint identified by 'epID'. This function blocks until the endpoint can start building. The returned function must then be called to release the "build permit" when the most resource intensive parts of the build are done. The returned function is idempotent, so it may be called more than once. Returns a nil function if the caller should NOT start building the endpoint. This may happen due to a build being queued for the endpoint already, or due to the wait for the build permit being canceled. The latter case happens when the endpoint is being deleted. Returns an error if the build permit could not be acquired.

func (*Daemon) RemoveRestoredDNSRules 

func (d *Daemon) RemoveRestoredDNSRules(epID uint16)

func (*Daemon) SendNotification 

func (d *Daemon) SendNotification(notification monitorAPI.AgentNotifyMessage) error

SendNotification sends an agent notification to the monitor

func (*Daemon) TriggerDatapathRegen 

func (d *Daemon) TriggerDatapathRegen(force bool, reason string)

TriggerDatapathRegen triggers datapath rewrite for every daemon's endpoint. This is only called after agent configuration changes for now. Policy revision needs to be increased on PolicyEnforcement mode change.

func (*Daemon) TriggerReload added in v1.16.0 

func (d *Daemon) TriggerReload(reason string) (*sync.WaitGroup, error)

TriggerReload causes all BPF programs and maps to be reloaded. It first attempts to recompile the base programs, and if this fails returns an error. If base program load is successful, it subsequently triggers regeneration of all endpoints and returns a waitgroup that may be used by the caller to wait for all endpoint regeneration to complete.

If an error is returned, then no regeneration was successful. If no error is returned, then the base programs were successfully regenerated, but endpoints may or may not have successfully regenerated.

func (*Daemon) WaitForEndpointRestore added in v1.15.0 

func (d *Daemon) WaitForEndpointRestore(ctx context.Context)

type DaemonInterface 

type DaemonInterface interface {
	// contains filtered or unexported methods
}

DaemonInterface to help with testing.

type EndpointMapManager 

type EndpointMapManager struct {
	endpointmanager.EndpointManager
}

EndpointMapManager is a wrapper around an endpointmanager as well as the filesystem for removing maps related to endpoints from the filesystem.

func (*EndpointMapManager) RemoveDatapathMapping 

func (e *EndpointMapManager) RemoveDatapathMapping(endpointID uint16) error

RemoveDatapathMapping unlinks the endpointID from the global policy map, preventing packets that arrive on this node from being forwarded to the endpoint that used to exist with the specified ID.

func (*EndpointMapManager) RemoveMapPath 

func (e *EndpointMapManager) RemoveMapPath(path string)

RemoveMapPath removes the specified path from the filesystem.

type PolicyAddEvent 

type PolicyAddEvent struct {
	// contains filtered or unexported fields
}

PolicyAddEvent is a wrapper around the parameters for policyAdd.

func (*PolicyAddEvent) Handle 

func (p *PolicyAddEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type PolicyAddResult 

type PolicyAddResult struct {
	// contains filtered or unexported fields
}

PolicyAddResult is a wrapper around the values returned by policyAdd. It contains the new revision of a policy repository after adding a list of rules to it, and any error associated with adding rules to said repository.

type PolicyDeleteEvent 

type PolicyDeleteEvent struct {
	// contains filtered or unexported fields
}

PolicyDeleteEvent is a wrapper around deletion of policy rules with a given set of labels from the policy repository in the daemon.

func (*PolicyDeleteEvent) Handle 

func (p *PolicyDeleteEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type PolicyDeleteResult 

type PolicyDeleteResult struct {
	// contains filtered or unexported fields
}

PolicyDeleteResult is a wrapper around the values returned by policyDelete. It contains the new revision of a policy repository after deleting a list of rules to it, and any error associated with adding rules to said repository.

type PolicyReactionEvent 

type PolicyReactionEvent struct {
	// contains filtered or unexported fields
}

PolicyReactionEvent is an event which needs to be serialized after changes to a policy repository for a daemon. This currently consists of endpoint regenerations / policy revision incrementing for a given endpoint.

func (*PolicyReactionEvent) Handle 

func (r *PolicyReactionEvent) Handle(res chan interface{})

Handle implements pkg/eventqueue/EventHandler interface.

type ServiceInterface 

type ServiceInterface interface {
	GetLastUpdatedTs() time.Time
	GetCurrentTs() time.Time
}

ServiceInterface to help with testing.

Source Files

View all Source files

Directories

Path Synopsis
cni
fake

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.