labels

package
v1.16.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2024 License: Apache-2.0 Imports: 11 Imported by: 192

Documentation

Overview

Package api defines the API of the Cilium network policy interface

Index

Constants

View Source
const (
	// PathDelimiter is the delimiter used in the labels paths.
	PathDelimiter = "."

	// IDNameHost is the label used for the hostname ID.
	IDNameHost = "host"

	// IDNameRemoteNode is the label used to describe the
	// ReservedIdentityRemoteNode
	IDNameRemoteNode = "remote-node"

	// IDNameWorld is the label used for the world ID.
	IDNameWorld = "world"

	// IDNameWorldIPv4 is the label used for the world-ipv4 ID, to distinguish
	// it from world-ipv6 in dual-stack mode.
	IDNameWorldIPv4 = "world-ipv4"

	// IDNameWorldIPv6 is the label used for the world-ipv6 ID, to distinguish
	// it from world-ipv4 in dual-stack mode.
	IDNameWorldIPv6 = "world-ipv6"

	// IDNameCluster is the label used to identify an unspecified endpoint
	// inside the cluster
	IDNameCluster = "cluster"

	// IDNameHealth is the label used for the local cilium-health endpoint
	IDNameHealth = "health"

	// IDNameInit is the label used to identify any endpoint that has not
	// received any labels yet.
	IDNameInit = "init"

	// IDNameKubeAPIServer is the label used to identify the kube-apiserver. It
	// is part of the reserved identity 7 and it is also used in conjunction
	// with IDNameHost if the kube-apiserver is running on the local host.
	IDNameKubeAPIServer = "kube-apiserver"

	// IDNameEncryptedOverlay is the label used to identify encrypted overlay
	// traffic.
	//
	// It is part of the reserved identity 11 and signals that overlay traffic
	// with this identity must be IPSec encrypted before leaving the host.
	//
	// This identity should never be seen on the wire and is used only on the
	// local host.
	IDNameEncryptedOverlay = "overlay-to-encrypt"

	// IDNameIngress is the label used to identify Ingress proxies. It is part
	// of the reserved identity 8.
	IDNameIngress = "ingress"

	// IDNameNone is the label used to identify no endpoint or other L3 entity.
	// It will never be assigned and this "label" is here for consistency with
	// other Entities.
	IDNameNone = "none"

	// IDNameUnmanaged is the label used to identify unmanaged endpoints
	IDNameUnmanaged = "unmanaged"

	// IDNameUnknown is the label used to to identify an endpoint with an
	// unknown identity.
	IDNameUnknown = "unknown"
)
View Source
const (
	// LabelSourceUnspec is a label with unspecified source
	LabelSourceUnspec = "unspec"

	// LabelSourceAny is a label that matches any source
	LabelSourceAny = "any"

	// LabelSourceAnyKeyPrefix is prefix of a "any" label
	LabelSourceAnyKeyPrefix = LabelSourceAny + "."

	// LabelSourceK8s is a label imported from Kubernetes
	LabelSourceK8s = "k8s"

	// LabelSourceK8sKeyPrefix is prefix of a Kubernetes label
	LabelSourceK8sKeyPrefix = LabelSourceK8s + "."

	// LabelSourceContainer is a label imported from the container runtime
	LabelSourceContainer = "container"

	// LabelSourceCNI is a label imported from the CNI plugin
	LabelSourceCNI = "cni"

	// LabelSourceReserved is the label source for reserved types.
	LabelSourceReserved = "reserved"

	// LabelSourceCIDR is the label source for generated CIDRs.
	LabelSourceCIDR = "cidr"

	// LabelSourceNode is the label source for remote-nodes.
	LabelSourceNode = "node"

	// LabelSourceFQDN is the label source for IPs resolved by fqdn lookups
	LabelSourceFQDN = "fqdn"

	// LabelSourceReservedKeyPrefix is the prefix of a reserved label
	LabelSourceReservedKeyPrefix = LabelSourceReserved + "."

	// LabelSourceDirectory is the label source for policies read from files
	LabelSourceDirectory = "directory"

	// LabelKeyFixedIdentity is the label that can be used to define a fixed
	// identity.
	LabelKeyFixedIdentity = "io.cilium.fixed-identity"
)

Variables

View Source
var (
	// LabelHealth is the label used for health.
	LabelHealth = Labels{IDNameHealth: NewLabel(IDNameHealth, "", LabelSourceReserved)}

	// LabelHost is the label used for the host endpoint.
	LabelHost = Labels{IDNameHost: NewLabel(IDNameHost, "", LabelSourceReserved)}

	// LabelWorld is the label used for world.
	LabelWorld = Labels{IDNameWorld: NewLabel(IDNameWorld, "", LabelSourceReserved)}

	// LabelWorldIPv4 is the label used for world-ipv4.
	LabelWorldIPv4 = Labels{IDNameWorldIPv4: NewLabel(IDNameWorldIPv4, "", LabelSourceReserved)}

	// LabelWorldIPv6 is the label used for world-ipv6.
	LabelWorldIPv6 = Labels{IDNameWorldIPv6: NewLabel(IDNameWorldIPv6, "", LabelSourceReserved)}

	// LabelRemoteNode is the label used for remote nodes.
	LabelRemoteNode = Labels{IDNameRemoteNode: NewLabel(IDNameRemoteNode, "", LabelSourceReserved)}

	// LabelKubeAPIServer is the label used for the kube-apiserver. See comment
	// on IDNameKubeAPIServer.
	LabelKubeAPIServer = Labels{IDNameKubeAPIServer: NewLabel(IDNameKubeAPIServer, "", LabelSourceReserved)}

	// LabelIngress is the label used for Ingress proxies. See comment
	// on IDNameIngress.
	LabelIngress = Labels{IDNameIngress: NewLabel(IDNameIngress, "", LabelSourceReserved)}
)

Functions

func AddWorldLabel added in v1.16.0

func AddWorldLabel(addr netip.Addr, lbls Labels)

func GenerateK8sLabelString added in v0.15.7

func GenerateK8sLabelString(k, v string) string

GenerateK8sLabelString generates the string representation of a label with the provided source, key, and value in the format "LabelSourceK8s:key=value".

func GetCiliumKeyFrom added in v0.9.0

func GetCiliumKeyFrom(extKey string) string

GetCiliumKeyFrom returns the label's source and key from the an extended key in the format SOURCE:KEY.

func GetExtendedKeyFrom added in v0.9.0

func GetExtendedKeyFrom(str string) string

GetExtendedKeyFrom returns the extended key of a label string. For example: `k8s:foo=bar` returns `k8s.foo` `container:foo=bar` returns `container.foo` `foo=bar` returns `any.foo=bar`

func LabelToPrefix added in v1.16.0

func LabelToPrefix(key string) (netip.Prefix, error)

Types

type Label

type Label struct {
	Key   string `json:"key"`
	Value string `json:"value,omitempty"`
	// Source can be one of the above values (e.g.: LabelSourceContainer).
	//
	// +kubebuilder:validation:Optional
	Source string `json:"source"`
	// contains filtered or unexported fields
}

Label is the Cilium's representation of a container label.

func IPStringToLabel added in v1.15.0

func IPStringToLabel(ip string) (Label, error)

IPStringToLabel parses a string and returns it as a CIDR label.

If ip is not a valid IP address or CIDR Prefix, returns an error.

func NewLabel

func NewLabel(key string, value string, source string) Label

NewLabel returns a new label from the given key, value and source. If source is empty, the default value will be LabelSourceUnspec. If key starts with '$', the source will be overwritten with LabelSourceReserved. If key contains ':', the value before ':' will be used as source if given source is empty, otherwise the value before ':' will be deleted and unused.

func ParseLabel

func ParseLabel(str string) Label

ParseLabel returns the label representation of the given string. The str should be in the form of Source:Key=Value or Source:Key if Value is empty. It also parses short forms, for example: $host will be Label{Key: "host", Source: "reserved", Value: ""}.

func ParseSelectLabel added in v0.10.0

func ParseSelectLabel(str string) Label

ParseSelectLabel returns a selecting label representation of the given string. Unlike ParseLabel, if source is unspecified, the source defaults to LabelSourceAny

func (*Label) DeepEqual added in v0.15.7

func (in *Label) DeepEqual(other *Label) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (*Label) Equals

func (l *Label) Equals(b *Label) bool

Equals returns true if source, Key and Value are equal and false otherwise.

func (Label) FormatForKVStore added in v0.15.7

func (l Label) FormatForKVStore() []byte

FormatForKVStore returns the label as a formatted string, ending in a semicolon

DO NOT BREAK THE FORMAT OF THIS. THE RETURNED STRING IS USED AS PART OF THE KEY IN THE KEY-VALUE STORE.

Non-pointer receiver allows this to be called on a value in a map.

func (*Label) GetExtendedKey added in v0.9.0

func (l *Label) GetExtendedKey() string

GetExtendedKey returns the key of a label with the source encoded.

func (*Label) Has added in v1.16.0

func (l *Label) Has(target *Label) bool

Has returns true label L contains target. target may be "looser" w.r.t source or cidr, i.e. "k8s:foo=bar".Has("any:foo=bar") is true "any:foo=bar".Has("k8s:foo=bar") is false "cidr:10.0.0.1/32".Has("cidr:10.0.0.0/24") is true

func (*Label) HasKey added in v1.16.0

func (l *Label) HasKey(target *Label) bool

HasKey returns true if l has target's key. target may be "looser" w.r.t source or cidr, i.e. "k8s:foo=bar".HasKey("any:foo") is true "any:foo=bar".HasKey("k8s:foo") is false "cidr:10.0.0.1/32".HasKey("cidr:10.0.0.0/24") is true "cidr:10.0.0.0/24".HasKey("cidr:10.0.0.1/32") is false

func (*Label) IsAnySource added in v0.9.0

func (l *Label) IsAnySource() bool

IsAnySource return if the label was set with source "any".

func (*Label) IsReservedSource added in v0.15.7

func (l *Label) IsReservedSource() bool

IsReservedSource return if the label was set with source "Reserved".

func (*Label) IsValid

func (l *Label) IsValid() bool

IsValid returns true if Key != "".

func (*Label) String

func (l *Label) String() string

String returns the string representation of Label in the for of Source:Key=Value or Source:Key if Value is empty.

func (*Label) UnmarshalJSON

func (l *Label) UnmarshalJSON(data []byte) error

UnmarshalJSON TODO create better explanation about unmarshall with examples

type LabelArray added in v0.9.0

type LabelArray []Label

LabelArray is an array of labels forming a set

func NewLabelArrayFromSortedList added in v0.15.7

func NewLabelArrayFromSortedList(list string) LabelArray

NewLabelArrayFromSortedList returns labels based on the output of SortedList() Trailing ';' will result in an empty key that must be filtered out.

func NewSelectLabelArrayFromModel added in v0.10.0

func NewSelectLabelArrayFromModel(base []string) LabelArray

NewSelectLabelArrayFromModel parses a slice of strings and converts them into an array of selecting labels, sorted by the key.

func ParseLabelArray added in v0.9.0

func ParseLabelArray(labels ...string) LabelArray

ParseLabelArray parses a list of labels and returns a LabelArray

func ParseLabelArrayFromArray added in v0.9.0

func ParseLabelArrayFromArray(base []string) LabelArray

ParseLabelArrayFromArray converts an array of strings as labels and returns a LabelArray

func ParseSelectLabelArray added in v0.10.0

func ParseSelectLabelArray(labels ...string) LabelArray

ParseSelectLabelArray parses a list of select labels and returns a LabelArray

func ParseSelectLabelArrayFromArray added in v0.10.0

func ParseSelectLabelArrayFromArray(base []string) LabelArray

ParseSelectLabelArrayFromArray converts an array of strings as select labels and returns a LabelArray

func (LabelArray) Contains added in v0.9.0

func (ls LabelArray) Contains(needed LabelArray) bool

Contains returns true if all ls contains all the labels in needed. If needed contains no labels, Contains() will always return true

func (LabelArray) DeepCopy added in v0.15.7

func (ls LabelArray) DeepCopy() LabelArray

DeepCopy returns a deep copy of the labels.

func (*LabelArray) DeepEqual added in v0.15.7

func (in *LabelArray) DeepEqual(other *LabelArray) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (LabelArray) Equals added in v0.15.7

func (ls LabelArray) Equals(b LabelArray) bool

Equals returns true if the label arrays are the same, i.e., have the same labels in the same order.

func (LabelArray) Get added in v0.9.0

func (ls LabelArray) Get(key string) string

Get returns the value for the provided key. Implementation of the github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels.Labels interface.

The key can be of source "any", in which case the source is ignored. The inverse, however, is not true. ["k8s.foo=bar"].Get("any.foo") => "bar" ["any.foo=bar"].Get("k8s.foo") => ""

If the key is of source "cidr", this will also match broader keys. ["cidr:1.1.1.1/32"].Has("cidr.1.0.0.0/8") => true ["cidr:1.0.0.0/8"].Has("cidr.1.1.1.1/32") => false

func (LabelArray) GetModel added in v0.15.7

func (ls LabelArray) GetModel() []string

GetModel returns the LabelArray as a string array with fully-qualified labels. The output is parseable by ParseLabelArrayFromArray

func (LabelArray) Has added in v0.9.0

func (ls LabelArray) Has(key string) bool

Has returns whether the provided key exists in the label array. Implementation of the github.com/cilium/cilium/pkg/k8s/slim/k8s/apis/labels.Labels interface.

The key can be of source "any", in which case the source is ignored. The inverse, however, is not true. ["k8s.foo=bar"].Has("any.foo") => true ["any.foo=bar"].Has("k8s.foo") => false

If the key is of source "cidr", this will also match broader keys. ["cidr:1.1.1.1/32"].Has("cidr.1.0.0.0/8") => true ["cidr:1.0.0.0/8"].Has("cidr.1.1.1.1/32") => false

func (LabelArray) Intersects added in v1.16.0

func (ls LabelArray) Intersects(needed LabelArray) bool

Intersects returns true if ls contains at least one label in needed.

This has the same matching semantics as Has, namely, ["k8s:foo=bar"].Intersects(["any:foo=bar"]) == true ["any:foo=bar"].Intersects(["k8s:foo=bar"]) == false

func (LabelArray) Labels added in v0.15.7

func (ls LabelArray) Labels() Labels

Labels returns the LabelArray as Labels

func (LabelArray) Lacks added in v0.9.0

func (ls LabelArray) Lacks(needed LabelArray) LabelArray

Lacks is identical to Contains but returns all missing labels

func (LabelArray) Less added in v0.15.7

func (ls LabelArray) Less(b LabelArray) bool

Less returns true if ls comes before b in the lexicographical order. Assumes both ls and b are already sorted.

func (LabelArray) Sort added in v0.15.7

func (ls LabelArray) Sort() LabelArray

Sort is an internal utility to return all LabelArrays in sorted order, when the source material may be unsorted. 'ls' is sorted in-place, but also returns the sorted array for convenience.

func (LabelArray) String added in v0.15.7

func (ls LabelArray) String() string

func (LabelArray) StringMap added in v0.15.7

func (ls LabelArray) StringMap() map[string]string

StringMap converts LabelArray into map[string]string Note: The source is included in the keys with a ':' separator. Note: LabelArray does not deduplicate entries, as it is an array. It is possible for the output to contain fewer entries when the source and key are repeated in a LabelArray, as that is the key of the output. This scenario is not expected.

type LabelArrayList added in v0.15.7

type LabelArrayList []LabelArray

LabelArrayList is an array of LabelArrays. It is primarily intended as a simple collection

func (LabelArrayList) DeepCopy added in v0.15.7

func (ls LabelArrayList) DeepCopy() LabelArrayList

DeepCopy returns a deep copy of the LabelArray, with each element also copied.

func (*LabelArrayList) DeepEqual added in v0.15.7

func (in *LabelArrayList) DeepEqual(other *LabelArrayList) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (LabelArrayList) Equals added in v0.15.7

func (ls LabelArrayList) Equals(b LabelArrayList) bool

Equals returns true if the label arrays lists have the same label arrays in the same order.

func (LabelArrayList) GetModel added in v0.15.7

func (ls LabelArrayList) GetModel() [][]string

GetModel returns the LabelArrayList as a [][]string. Each member LabelArray becomes a []string.

func (*LabelArrayList) Merge added in v0.15.7

func (lsp *LabelArrayList) Merge(include ...LabelArray) LabelArrayList

Merge incorporates new LabelArrays into an existing LabelArrayList, without introducing duplicates, returning the result for convenience. Existing duplication in either list is not removed.

func (*LabelArrayList) MergeSorted added in v0.15.7

func (lsp *LabelArrayList) MergeSorted(include LabelArrayList) LabelArrayList

MergeSorted incorporates new labels from 'include' to the receiver, both of which must be already sorted. LabelArrays are inserted from 'include' to the receiver as needed.

func (LabelArrayList) Sort added in v0.15.7

func (ls LabelArrayList) Sort() LabelArrayList

Sort sorts the LabelArrayList in-place, but also returns the sorted list for convenience. The LabelArrays themselves must already be sorted. This is true for all constructors of LabelArray.

type Labels

type Labels map[string]Label

Labels is a map of labels where the map's key is the same as the label's key.

func FromSlice added in v1.12.16

func FromSlice(labels []Label) Labels

FromSlice creates labels from a slice of labels.

func GetCIDRLabels added in v1.15.0

func GetCIDRLabels(prefix netip.Prefix) Labels

GetCIDRLabels turns a CIDR in to a specially formatted label, and returns a Labels including the CIDR-specific label and the appropriate world label. e.g. "10.0.0.0/8" => ["cidr:10.0.0.0/8", "reserved:world-ipv4"]

IPv6 requires some special treatment, since ":" is special in the label selector grammar. For example, "::/0" becomes "cidr:0--0/0",

func Map2Labels

func Map2Labels(m map[string]string, source string) Labels

Map2Labels transforms in the form: map[key(string)]value(string) into Labels. The source argument will overwrite the source written in the key of the given map. Example: l := Map2Labels(map[string]string{"k8s:foo": "bar"}, "cilium") fmt.Printf("%+v\n", l)

map[string]Label{"foo":Label{Key:"foo", Value:"bar", Source:"cilium"}}

func NewFrom added in v0.15.7

func NewFrom(l Labels) Labels

NewFrom creates a new Labels from the given labels by creating a copy.

func NewLabelsFromModel

func NewLabelsFromModel(base []string) Labels

NewLabelsFromModel creates labels from string array.

func NewLabelsFromSortedList added in v0.15.7

func NewLabelsFromSortedList(list string) Labels

NewLabelsFromSortedList returns labels based on the output of SortedList()

func (Labels) CollectSources added in v1.16.0

func (l Labels) CollectSources() map[string]struct{}

CollectSources returns all distinct label sources found in l

func (*Labels) DeepEqual added in v0.15.7

func (in *Labels) DeepEqual(other *Labels) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (Labels) Equals added in v0.15.7

func (l Labels) Equals(other Labels) bool

Equals returns true if the two Labels contain the same set of labels.

func (Labels) FindReserved added in v0.15.7

func (l Labels) FindReserved() Labels

FindReserved locates all labels with reserved source in the labels and returns a copy of them. If there are no reserved labels, returns nil. TODO: return LabelArray as it is likely faster

func (Labels) GetFromSource added in v0.15.7

func (l Labels) GetFromSource(source string) Labels

GetFromSource returns all labels that are from the given source.

func (Labels) GetModel

func (l Labels) GetModel() []string

GetModel returns model with all the values of the labels.

func (Labels) GetPrintableModel added in v0.15.7

func (l Labels) GetPrintableModel() (res []string)

GetPrintableModel turns the Labels into a sorted list of strings representing the labels.

func (Labels) Has added in v0.15.7

func (l Labels) Has(label Label) bool

Has returns true if l contains the given label.

func (Labels) HasSource added in v1.16.0

func (l Labels) HasSource(source string) bool

HasSource returns true if l contains the given label source.

func (Labels) IsReserved added in v0.15.7

func (l Labels) IsReserved() bool

IsReserved returns true if any of the labels has a reserved source.

func (Labels) K8sStringMap added in v0.15.7

func (l Labels) K8sStringMap() map[string]string

StringMap converts Labels into map[string]string

func (Labels) LabelArray added in v0.15.7

func (l Labels) LabelArray() LabelArray

LabelArray returns the labels as label array, sorted by the key.

func (Labels) MergeLabels

func (l Labels) MergeLabels(from Labels)

MergeLabels merges labels from into to. It overwrites all labels with the same Key as from written into to. Example: to := Labels{Label{key1, value1, source1}, Label{key2, value3, source4}} from := Labels{Label{key1, value3, source4}} to.MergeLabels(from) fmt.Printf("%+v\n", to)

Labels{Label{key1, value3, source4}, Label{key2, value3, source4}}

func (Labels) Remove added in v0.15.7

func (l Labels) Remove(from Labels) Labels

Remove is similar to MergeLabels, but returns a new Labels object with the specified Labels removed. The received Labels is not modified.

func (Labels) SortedList added in v0.15.7

func (l Labels) SortedList() []byte

SortedList returns the labels as a sorted list, separated by semicolon

DO NOT BREAK THE FORMAT OF THIS. THE RETURNED STRING IS USED AS KEY IN THE KEY-VALUE STORE.

func (Labels) String added in v0.15.7

func (l Labels) String() string

String returns the map of labels as human readable string

func (Labels) StringMap added in v0.15.7

func (l Labels) StringMap() map[string]string

StringMap converts Labels into map[string]string

func (Labels) ToSlice

func (l Labels) ToSlice() []Label

ToSlice returns a slice of label with the values of the given Labels' map, sorted by the key.

type OpLabels

type OpLabels struct {
	// Active labels that are enabled and disabled but not deleted
	Custom Labels

	// Labels derived from orchestration system
	OrchestrationIdentity Labels

	// orchestrationIdentity labels which have been disabled
	Disabled Labels

	// orchestrationInfo - labels from orchestration which are not used in determining a security identity
	OrchestrationInfo Labels
}

OpLabels represents the possible types.

func NewOpLabels added in v0.15.7

func NewOpLabels() OpLabels

NewOpLabels creates new initialized OpLabels

func (*OpLabels) AllLabels added in v0.10.0

func (o *OpLabels) AllLabels() Labels

AllLabels returns all Labels within the provided OpLabels.

func (*OpLabels) DeepEqual added in v0.15.7

func (in *OpLabels) DeepEqual(other *OpLabels) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (*OpLabels) GetIdentityLabel added in v0.15.7

func (o *OpLabels) GetIdentityLabel(key string) (l Label, found bool)

GetIdentityLabel returns the value of the given Key from all IdentityLabels.

func (*OpLabels) IdentityLabels added in v0.10.0

func (o *OpLabels) IdentityLabels() Labels

IdentityLabels returns map of labels that are used when determining a security identity.

func (*OpLabels) ModifyIdentityLabels added in v0.15.7

func (o *OpLabels) ModifyIdentityLabels(addLabels, delLabels Labels) (changed bool, err error)

func (*OpLabels) ReplaceIdentityLabels added in v0.15.7

func (o *OpLabels) ReplaceIdentityLabels(sourceFilter string, l Labels, logger *logrus.Entry) bool

func (*OpLabels) ReplaceInformationLabels added in v0.15.7

func (o *OpLabels) ReplaceInformationLabels(sourceFilter string, l Labels, logger *logrus.Entry) bool

func (*OpLabels) SplitUserLabelChanges added in v0.15.7

func (o *OpLabels) SplitUserLabelChanges(lbls Labels) (add, del Labels)

SplitUserLabelChanges returns labels to 'add' and 'del'ete to make the custom labels match 'lbls' FIXME: Somewhere in the code we crash if the returned maps are non-nil but length 0. We retain this behaviour here because it's easier.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL