agent

package
v1.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 24, 2024 License: Apache-2.0 Imports: 35 Imported by: 1

Documentation

Overview

This package contains the agent code used to configure the WireGuard tunnel between nodes. The code supports adding and removing peers at run-time and the peer information is retrieved via the CiliumNode object.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Agent

type Agent struct {
	lock.RWMutex
	// contains filtered or unexported fields
}

Agent needs to be initialized with Init(). In Init(), the WireGuard tunnel device will be created and the proper routes set. During Init(), existing peer keys are placed into `restoredPubKeys`. Once RestoreFinished() is called obsolete keys and peers are removed. UpdatePeer() inserts or updates the public key of peer discovered via the node manager.

func NewAgent

func NewAgent(privKeyPath string, sysctl sysctl.Sysctl) (*Agent, error)

NewAgent creates a new WireGuard Agent

func (*Agent) AllNodeValidateImplementation

func (a *Agent) AllNodeValidateImplementation()

AllNodeValidateImplementation is called to validate the implementation of all nodes in the datapath.

func (*Agent) Close

func (a *Agent) Close() error

Close is called when the agent stops

func (*Agent) DeletePeer

func (a *Agent) DeletePeer(nodeName string) error

func (*Agent) Init

func (a *Agent) Init(ipcache *ipcache.IPCache, mtuConfig mtu.MTU) error

Init creates and configures the local WireGuard tunnel device.

func (*Agent) InitLocalNodeFromWireGuard added in v1.14.7

func (a *Agent) InitLocalNodeFromWireGuard(localNode *node.LocalNode)

InitLocalNodeFromWireGuard configures the fields on the local node. Called from the LocalNodeSynchronizer _before_ the local node is published in the K8s CiliumNode CRD or the kvstore.

This method does the following:

  • It sets the local WireGuard public key (to be read by other nodes).
  • It reads the local node's labels to determine if the local node wants to opt-out of node-to-node encryption.
  • If the local node opts out of node-to-node encryption, we set the localNode.EncryptKey to zero. This indicates to other nodes that they should not encrypt node-to-node traffic with us.

func (*Agent) Name

func (a *Agent) Name() string

func (*Agent) NodeAdd

func (a *Agent) NodeAdd(newNode nodeTypes.Node) error

NodeAdd is called when a node is discovered for the first time.

func (*Agent) NodeConfigurationChanged

func (a *Agent) NodeConfigurationChanged(config datapath.LocalNodeConfiguration) error

NodeConfigurationChanged is called when the local node configuration has changed

func (*Agent) NodeDelete

func (a *Agent) NodeDelete(node nodeTypes.Node) error

NodeDelete is called after a node has been deleted

func (*Agent) NodeUpdate

func (a *Agent) NodeUpdate(_, newNode nodeTypes.Node) error

NmdeUpdate is called when a node definition changes. Both the old and new node definition is provided. NodeUpdate() is never called before NodeAdd() is called for a particular node.

func (*Agent) NodeValidateImplementation

func (a *Agent) NodeValidateImplementation(node nodeTypes.Node) error

NodeValidateImplementation is called to validate the implementation of the node in the datapath. This function is intended to be run on an interval to ensure that the datapath is consistently converged.

func (*Agent) OnIPIdentityCacheChange

func (a *Agent) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidrCluster cmtypes.PrefixCluster, oldHostIP, newHostIP net.IP,
	_ *ipcache.Identity, _ ipcache.Identity, _ uint8, _ *ipcache.K8sMetadata)

OnIPIdentityCacheChange implements ipcache.IPIdentityMappingListener

func (*Agent) RestoreFinished

func (a *Agent) RestoreFinished(cm *clustermesh.ClusterMesh) error

func (*Agent) Status

func (a *Agent) Status(withPeers bool) (*models.WireguardStatus, error)

Status returns the state of the WireGuard tunnel managed by this instance. If withPeers is true, then the details about each connected peer are are populated as well.

func (*Agent) UpdatePeer

func (a *Agent) UpdatePeer(nodeName, pubKeyHex string, nodeIPv4, nodeIPv6 net.IP) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL