Documentation ¶
Overview ¶
Package k8s contains all k8s related logic. +groupName=pkg
Index ¶
- Constants
- Variables
- func AnnotateNode(cs kubernetes.Interface, nodeName string, nd nodeTypes.Node, encryptKey uint8) (nodeAnnotation, error)
- func AnnotationsEqual(relevantAnnotations []string, anno1, anno2 map[string]string) bool
- func CiliumBGPAdvertisementResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPAdvertisement], error)
- func CiliumBGPNodeConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPNodeConfig], error)
- func CiliumBGPPeerConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPPeerConfig], error)
- func CiliumBGPPeeringPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPPeeringPolicy], error)
- func CiliumCIDRGroupResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumCIDRGroup], error)
- func CiliumClusterwideEnvoyConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumClusterwideEnvoyConfig], error)
- func CiliumClusterwideNetworkPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumClusterwideNetworkPolicy], error)
- func CiliumEndpointSliceResource(params CiliumResourceParams, _ *node.LocalNodeStore, ...) (resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice], error)
- func CiliumEnvoyConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumEnvoyConfig], error)
- func CiliumExternalWorkloads(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumExternalWorkload], error)
- func CiliumIdentityResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumIdentity], error)
- func CiliumNetworkPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumNetworkPolicy], error)
- func CiliumNodeResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumNode], error)
- func CiliumPodIPPoolResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumPodIPPool], error)
- func CiliumSlimEndpointResource(params CiliumResourceParams, _ *node.LocalNodeStore, ...) (resource.Resource[*types.CiliumEndpoint], error)
- func ConvertCEPToCoreCEP(cep *cilium_v2.CiliumEndpoint) *cilium_v2alpha1.CoreCiliumEndpoint
- func ConvertCoreCiliumEndpointToTypesCiliumEndpoint(ccep *cilium_v2alpha1.CoreCiliumEndpoint, ns string) *types.CiliumEndpoint
- func ConvertToK8sV1LoadBalancerIngress(slimLBIngs []slim_corev1.LoadBalancerIngress) []v1.LoadBalancerIngress
- func ConvertToK8sV1ServiceAffinityConfig(saCfg *slim_corev1.SessionAffinityConfig) *v1.SessionAffinityConfig
- func ConvertToK8sV1ServicePorts(slimPorts []slim_corev1.ServicePort) []v1.ServicePort
- func ConvertToNetworkV1IngressLoadBalancerIngress(slimLBIngs []slim_corev1.LoadBalancerIngress) []networkingv1.IngressLoadBalancerIngress
- func EndpointsResource(lc cell.Lifecycle, cfg Config, cs client.Clientset, ...) (resource.Resource[*Endpoints], error)
- func GetIdentitiesByKeyFunc(keyFunc func(map[string]string) allocator.AllocatorKey) func(obj interface{}) ([]string, error)
- func GetPodMetadata(k8sNs *slim_corev1.Namespace, pod *slim_corev1.Pod) (containerPorts []slim_corev1.ContainerPort, lbls map[string]string, ...)
- func GetPolicyLabelsv1(np *slim_networkingv1.NetworkPolicy) labels.LabelArray
- func IsLocalCiliumNode(n *ciliumv2.CiliumNode) bool
- func K8sErrorHandler(e error)
- func LBIPPoolsResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumLoadBalancerIPPool], error)
- func NamespaceResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_corev1.Namespace], error)
- func NetworkPolicyResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_networkingv1.NetworkPolicy], error)
- func NewClusterService(id ServiceID, k8sService *Service, k8sEndpoints *Endpoints) serviceStore.ClusterService
- func NodeResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_corev1.Node], error)
- func ParseNetworkPolicy(np *slim_networkingv1.NetworkPolicy) (api.Rules, error)
- func ParseNode(k8sNode *slim_corev1.Node, source source.Source) *nodeTypes.Node
- func ParseNodeAddressType(k8sAddress slim_corev1.NodeAddressType) (addressing.AddressType, error)
- func ParseService(svc *slim_corev1.Service, nodePortAddrs []netip.Addr) (ServiceID, *Service)
- func PodResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_corev1.Pod], error)
- func RemoveNodeAnnotations(c kubernetes.Interface, nodeName string, annotation nodeAnnotation) error
- func ServiceResource(lc cell.Lifecycle, cfg Config, cs client.Clientset, ...) (resource.Resource[*slim_corev1.Service], error)
- func TransformToCCNP(obj interface{}) (interface{}, error)
- func TransformToCNP(obj interface{}) (interface{}, error)
- func TransformToCiliumEndpoint(obj interface{}) (interface{}, error)
- type Backend
- type CacheAction
- type CiliumResourceParams
- type Config
- type EndpointSliceID
- type EndpointSlices
- type Endpoints
- type FrontendList
- type JSONPatch
- type NodePortToFrontend
- type Service
- func (in *Service) DeepCopy() *Service
- func (in *Service) DeepCopyInto(out *Service)
- func (s *Service) DeepEqual(other *Service) bool
- func (s *Service) EqualsClusterService(svc *serviceStore.ClusterService) bool
- func (s Service) IsExternal() bool
- func (s *Service) String() string
- func (s *Service) UniquePorts() map[uint16]bool
- type ServiceCache
- func (s *ServiceCache) DebugStatus() string
- func (s *ServiceCache) DeleteEndpoints(svcID EndpointSliceID, swg *lock.StoppableWaitGroup) ServiceID
- func (s *ServiceCache) DeleteService(k8sSvc *slim_corev1.Service, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) EnsureService(svcID ServiceID, swg *lock.StoppableWaitGroup) bool
- func (s *ServiceCache) ForEachService(yield func(svcID ServiceID, svc *Service, eps *EndpointSlices) bool)
- func (s *ServiceCache) GetEndpointsOfService(svcID ServiceID) *Endpoints
- func (s *ServiceCache) GetServiceAddrsWithType(svcID ServiceID, svcType loadbalancer.SVCType) (map[loadbalancer.FEPortName][]*loadbalancer.L3n4Addr, int)
- func (s *ServiceCache) GetServiceFrontendIP(svcID ServiceID, svcType loadbalancer.SVCType) net.IP
- func (s *ServiceCache) GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
- func (s *ServiceCache) LocalServices() sets.Set[ServiceID]
- func (s *ServiceCache) MergeClusterServiceDelete(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) MergeClusterServiceUpdate(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) MergeExternalServiceDelete(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) MergeExternalServiceUpdate(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) Notifications() stream.Observable[ServiceNotification]
- func (s *ServiceCache) UniqueServiceFrontends() FrontendList
- func (s *ServiceCache) UpdateEndpoints(newEndpoints *Endpoints, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
- func (s *ServiceCache) UpdateService(k8sSvc *slim_corev1.Service, swg *lock.StoppableWaitGroup) ServiceID
- type ServiceCacheConfig
- type ServiceEvent
- type ServiceID
- type ServiceNotification
Constants ¶
const ( NamespaceIndex = "namespace" ByKeyIndex = "by-key-index" )
const ( // maximum number of operations a single json patch may contain. // See https://github.com/kubernetes/kubernetes/pull/74000 MaxJSONPatchOperations = 10000 )
const UseOriginalSourceAddressLabel = "cilium.io/use-original-source-address"
UseOriginalSourceAddressLabel is the k8s label that can be added to a `CiliumEnvoyConfig`. This way the Cilium BPF Metadata listener filter is configured to use the original source address when extracting the metadata for a request.
Variables ¶
var DefaultConfig = Config{ EnableK8sEndpointSlice: true, }
DefaultConfig represents the default k8s resources config values.
var ServiceCacheCell = cell.Module( "service-cache", "Service Cache", cell.Config(ServiceCacheConfig{}), cell.Provide(newServiceCache), )
ServiceCacheCell initializes the service cache holds the list of known services correlated with the matching endpoints
Functions ¶
func AnnotateNode ¶ added in v0.15.7
func AnnotateNode(cs kubernetes.Interface, nodeName string, nd nodeTypes.Node, encryptKey uint8) (nodeAnnotation, error)
AnnotateNode writes v4 and v6 CIDRs and health IPs in the given k8s node name. In case of failure while updating the node, this function while spawn a go routine to retry the node update indefinitely.
func AnnotationsEqual ¶ added in v0.15.7
AnnotationsEqual returns whether the annotation with any key in relevantAnnotations is equal in anno1 and anno2.
func CiliumBGPAdvertisementResource ¶ added in v1.16.0
func CiliumBGPAdvertisementResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPAdvertisement], error)
func CiliumBGPNodeConfigResource ¶ added in v1.16.0
func CiliumBGPNodeConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPNodeConfig], error)
func CiliumBGPPeerConfigResource ¶ added in v1.16.0
func CiliumBGPPeerConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPPeerConfig], error)
func CiliumBGPPeeringPolicyResource ¶ added in v1.16.0
func CiliumBGPPeeringPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumBGPPeeringPolicy], error)
func CiliumCIDRGroupResource ¶ added in v0.15.7
func CiliumCIDRGroupResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumCIDRGroup], error)
func CiliumClusterwideEnvoyConfigResource ¶ added in v1.16.0
func CiliumClusterwideEnvoyConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumClusterwideEnvoyConfig], error)
func CiliumClusterwideNetworkPolicyResource ¶ added in v0.15.7
func CiliumClusterwideNetworkPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumClusterwideNetworkPolicy], error)
func CiliumEndpointSliceResource ¶ added in v1.15.0
func CiliumEndpointSliceResource(params CiliumResourceParams, _ *node.LocalNodeStore, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice], error)
CiliumEndpointSliceResource uses the "localNode" IndexFunc to build the resource indexer. The IndexFunc accesses the local node info to get its IP, so it depends on the local node store to initialize it before the first access. To reflect this, the node.LocalNodeStore dependency is explicitly requested in the function signature.
func CiliumEnvoyConfigResource ¶ added in v1.16.0
func CiliumEnvoyConfigResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumEnvoyConfig], error)
func CiliumExternalWorkloads ¶ added in v1.15.0
func CiliumExternalWorkloads(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumExternalWorkload], error)
func CiliumIdentityResource ¶ added in v0.15.7
func CiliumIdentityResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumIdentity], error)
func CiliumNetworkPolicyResource ¶ added in v0.15.7
func CiliumNetworkPolicyResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumNetworkPolicy], error)
func CiliumNodeResource ¶ added in v0.15.7
func CiliumNodeResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2.CiliumNode], error)
func CiliumPodIPPoolResource ¶ added in v0.15.7
func CiliumPodIPPoolResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumPodIPPool], error)
func CiliumSlimEndpointResource ¶ added in v0.15.7
func CiliumSlimEndpointResource(params CiliumResourceParams, _ *node.LocalNodeStore, opts ...func(*metav1.ListOptions)) (resource.Resource[*types.CiliumEndpoint], error)
CiliumSlimEndpointResource uses the "localNode" IndexFunc to build the resource indexer. The IndexFunc accesses the local node info to get its IP, so it depends on the local node store to initialize it before the first access. To reflect this, the node.LocalNodeStore dependency is explicitly requested in the function signature.
func ConvertCEPToCoreCEP ¶ added in v0.15.7
func ConvertCEPToCoreCEP(cep *cilium_v2.CiliumEndpoint) *cilium_v2alpha1.CoreCiliumEndpoint
ConvertCEPToCoreCEP converts a CiliumEndpoint to a CoreCiliumEndpoint containing only a minimal set of entities used to
func ConvertCoreCiliumEndpointToTypesCiliumEndpoint ¶ added in v0.15.7
func ConvertCoreCiliumEndpointToTypesCiliumEndpoint(ccep *cilium_v2alpha1.CoreCiliumEndpoint, ns string) *types.CiliumEndpoint
ConvertCoreCiliumEndpointToTypesCiliumEndpoint converts CoreCiliumEndpoint object to types.CiliumEndpoint.
func ConvertToK8sV1LoadBalancerIngress ¶ added in v0.15.7
func ConvertToK8sV1LoadBalancerIngress(slimLBIngs []slim_corev1.LoadBalancerIngress) []v1.LoadBalancerIngress
func ConvertToK8sV1ServiceAffinityConfig ¶ added in v0.15.7
func ConvertToK8sV1ServiceAffinityConfig(saCfg *slim_corev1.SessionAffinityConfig) *v1.SessionAffinityConfig
func ConvertToK8sV1ServicePorts ¶ added in v0.15.7
func ConvertToK8sV1ServicePorts(slimPorts []slim_corev1.ServicePort) []v1.ServicePort
func ConvertToNetworkV1IngressLoadBalancerIngress ¶ added in v0.15.7
func ConvertToNetworkV1IngressLoadBalancerIngress(slimLBIngs []slim_corev1.LoadBalancerIngress) []networkingv1.IngressLoadBalancerIngress
func EndpointsResource ¶ added in v0.15.7
func GetIdentitiesByKeyFunc ¶ added in v1.16.0
func GetPodMetadata ¶ added in v0.15.7
func GetPodMetadata(k8sNs *slim_corev1.Namespace, pod *slim_corev1.Pod) (containerPorts []slim_corev1.ContainerPort, lbls map[string]string, retAnno map[string]string, retErr error)
GetPodMetadata returns the labels and annotations of the pod with the given namespace / name.
func GetPolicyLabelsv1 ¶ added in v0.15.7
func GetPolicyLabelsv1(np *slim_networkingv1.NetworkPolicy) labels.LabelArray
GetPolicyLabelsv1 extracts the name of np. It uses the name from the Cilium annotation if present. If the policy's annotations do not contain the Cilium annotation, the policy's name field is used instead.
func IsLocalCiliumNode ¶ added in v0.15.7
func IsLocalCiliumNode(n *ciliumv2.CiliumNode) bool
IsLocalCiliumNode returns true if the given CiliumNode object refers to the CiliumNode object representing the local node.
func K8sErrorHandler ¶ added in v0.15.7
func K8sErrorHandler(e error)
K8sErrorHandler handles the error messages in a non verbose way by omitting repeated instances of the same error message for a timeout defined with k8sErrLogTimeout.
func LBIPPoolsResource ¶ added in v0.15.7
func LBIPPoolsResource(params CiliumResourceParams, opts ...func(*metav1.ListOptions)) (resource.Resource[*cilium_api_v2alpha1.CiliumLoadBalancerIPPool], error)
func NamespaceResource ¶ added in v0.15.7
func NetworkPolicyResource ¶ added in v0.15.7
func NetworkPolicyResource(lc cell.Lifecycle, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_networkingv1.NetworkPolicy], error)
func NewClusterService ¶ added in v0.15.7
func NewClusterService(id ServiceID, k8sService *Service, k8sEndpoints *Endpoints) serviceStore.ClusterService
NewClusterService returns the serviceStore.ClusterService representing a Kubernetes Service
func NodeResource ¶ added in v0.15.7
func ParseNetworkPolicy ¶ added in v0.10.0
func ParseNetworkPolicy(np *slim_networkingv1.NetworkPolicy) (api.Rules, error)
ParseNetworkPolicy parses a k8s NetworkPolicy. Returns a list of Cilium policy rules that can be added, along with an error if there was an error sanitizing the rules.
func ParseNodeAddressType ¶ added in v0.15.7
func ParseNodeAddressType(k8sAddress slim_corev1.NodeAddressType) (addressing.AddressType, error)
ParseNodeAddressType converts a Kubernetes NodeAddressType to a Cilium NodeAddressType. If the Kubernetes NodeAddressType does not have a corresponding Cilium AddressType, returns an error.
func ParseService ¶ added in v0.15.7
ParseService parses a Kubernetes service and returns a Service.
func PodResource ¶ added in v0.15.7
func RemoveNodeAnnotations ¶ added in v0.15.7
func RemoveNodeAnnotations(c kubernetes.Interface, nodeName string, annotation nodeAnnotation) error
func ServiceResource ¶ added in v0.15.7
func ServiceResource(lc cell.Lifecycle, cfg Config, cs client.Clientset, opts ...func(*metav1.ListOptions)) (resource.Resource[*slim_corev1.Service], error)
ServiceResource builds the Resource[Service] object.
func TransformToCCNP ¶ added in v0.15.7
func TransformToCCNP(obj interface{}) (interface{}, error)
TransformToCCNP transforms a *cilium_v2.CiliumClusterwideNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If obj is a *types.SlimCNP or a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj, obj is returned without any transformations. If the given obj can't be cast into either *cilium_v2.CiliumClusterwideNetworkPolicy nor cache.DeletedFinalStateUnknown, an error is returned.
func TransformToCNP ¶ added in v0.15.7
func TransformToCNP(obj interface{}) (interface{}, error)
TransformToCNP transforms a *cilium_v2.CiliumNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If obj is a *types.SlimCNP or a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj, obj is returned without any transformations. If the given obj can't be cast into either *cilium_v2.CiliumNetworkPolicy nor cache.DeletedFinalStateUnknown, an error is returned.
func TransformToCiliumEndpoint ¶ added in v0.15.7
func TransformToCiliumEndpoint(obj interface{}) (interface{}, error)
TransformToCiliumEndpoint transforms a *cilium_v2.CiliumEndpoint into a *types.CiliumEndpoint or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.CiliumEndpoint in its Obj. If obj is a *types.CiliumEndpoint or a cache.DeletedFinalStateUnknown with a *types.CiliumEndpoint in its Obj, obj is returned without any transformations. If the given obj can't be cast into either *cilium_v2.CiliumEndpoint nor cache.DeletedFinalStateUnknown, an error is returned.
Types ¶
type Backend ¶ added in v0.15.7
type Backend struct { Ports serviceStore.PortConfiguration NodeName string Hostname string Terminating bool HintsForZones []string Preferred bool Zone string }
Backend contains all ports, terminating state, and the node name of a given backend
+k8s:deepcopy-gen=true +deepequal-gen=true
func (*Backend) DeepCopy ¶ added in v0.15.7
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend.
func (*Backend) DeepCopyInto ¶ added in v0.15.7
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CacheAction ¶ added in v0.15.7
type CacheAction int
CacheAction is the type of action that was performed on the cache
const ( // UpdateService reflects that the service was updated or added UpdateService CacheAction = iota // DeleteService reflects that the service was deleted DeleteService )
func (CacheAction) String ¶ added in v0.15.7
func (c CacheAction) String() string
String returns the cache action as a string
type CiliumResourceParams ¶ added in v1.16.0
type CiliumResourceParams struct { cell.In Lifecycle cell.Lifecycle ClientSet client.Clientset CRDSyncPromise promise.Promise[synced.CRDSync] `optional:"true"` }
Dependencies for Cilium resources that may be used by Cilium Agent. When CRDSyncPromise is provided, watchers of resources using this will block until all CRDs used by the agent have been registered. Agent will fail to start if Cilium Operator does not register all the CRDs in time.
type Config ¶ added in v1.15.0
type Config struct { EnableK8sEndpointSlice bool // K8sServiceProxyName is the value of service.kubernetes.io/service-proxy-name label, // that identifies the service objects Cilium should handle. // If the provided value is an empty string, Cilium will manage service objects when // the label is not present. For more details - // https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/2447-Make-kube-proxy-service-abstraction-optional K8sServiceProxyName string }
Config defines the configuration options for k8s resources.
type EndpointSliceID ¶ added in v0.15.7
EndpointSliceID identifies a Kubernetes EndpointSlice as well as the legacy v1.Endpoints.
func ParseEndpointSliceID ¶ added in v0.15.7
func ParseEndpointSliceID(es endpointSlice) EndpointSliceID
ParseEndpointSliceID parses a Kubernetes endpoints slice and returns a EndpointSliceID
func ParseEndpointsID ¶ added in v0.15.7
func ParseEndpointsID(ep *slim_corev1.Endpoints) EndpointSliceID
ParseEndpointsID parses a Kubernetes endpoints and returns the EndpointSliceID
type EndpointSlices ¶ added in v0.15.7
type EndpointSlices struct {
// contains filtered or unexported fields
}
EndpointSlices is the collection of all endpoint slices of a service. The map key is the name of the endpoint slice or the name of the legacy v1.Endpoint. The endpoints stored here are not namespaced since this structure is only used as a value of another map that is already namespaced. (see ServiceCache.endpoints).
+deepequal-gen=true
func NewEndpointsSlices ¶ added in v1.16.4
func NewEndpointsSlices() *EndpointSlices
NewEndpointsSlices returns a new EndpointSlices
func (*EndpointSlices) DeepEqual ¶ added in v0.15.7
func (in *EndpointSlices) DeepEqual(other *EndpointSlices) bool
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
func (*EndpointSlices) Delete ¶ added in v0.15.7
func (es *EndpointSlices) Delete(esName string) bool
Delete deletes the endpoint slice in the internal map. Returns true if there are not any more endpoints available in the map.
func (*EndpointSlices) GetEndpoints ¶ added in v0.15.7
func (es *EndpointSlices) GetEndpoints() *Endpoints
GetEndpoints returns a read only a single *Endpoints structure with all Endpoints' backends joined.
func (*EndpointSlices) Upsert ¶ added in v0.15.7
func (es *EndpointSlices) Upsert(esName string, e *Endpoints)
Upsert maps the 'esname' to 'e'. - 'esName': Name of the Endpoint Slice - 'e': Endpoints to store in the map
type Endpoints ¶ added in v0.15.7
type Endpoints struct { types.UnserializableObject slim_metav1.ObjectMeta EndpointSliceID // Backends is a map containing all backend IPs and ports. The key to // the map is the backend IP in string form. The value defines the list // of ports for that backend IP, plus an additional optional node name. // Backends map[cmtypes.AddrCluster]*Backend Backends map[cmtypes.AddrCluster]*Backend }
Endpoints is an abstraction for the Kubernetes endpoints object. Endpoints consists of a set of backend IPs in combination with a set of ports and protocols. The name of the backend ports must match the names of the frontend ports of the corresponding service.
The Endpoints object is parsed from either an EndpointSlice (preferred) or Endpoint Kubernetes objects depending on the Kubernetes version.
+k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +deepequal-gen=true +deepequal-gen:private-method=true
func ParseEndpointSliceV1 ¶ added in v0.15.7
func ParseEndpointSliceV1(ep *slim_discovery_v1.EndpointSlice) *Endpoints
ParseEndpointSliceV1 parses a Kubernetes EndpointSlice resource. It reads ready and terminating state of endpoints in the EndpointSlice to return an EndpointSlice ID and a filtered list of Endpoints for service load-balancing.
func ParseEndpointSliceV1Beta1 ¶ added in v0.15.7
func ParseEndpointSliceV1Beta1(ep *slim_discovery_v1beta1.EndpointSlice) *Endpoints
ParseEndpointSliceV1Beta1 parses a Kubernetes EndpointsSlice v1beta1 resource It reads ready and terminating state of endpoints in the EndpointSlice to return an EndpointSlice ID and a filtered list of Endpoints for service load-balancing.
func ParseEndpoints ¶ added in v0.15.7
func ParseEndpoints(ep *slim_corev1.Endpoints) *Endpoints
ParseEndpoints parses a Kubernetes Endpoints resource
func (*Endpoints) DeepCopyInto ¶ added in v0.15.7
func (*Endpoints) DeepCopyObject ¶ added in v0.15.7
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*Endpoints) DeepEqual ¶ added in v0.15.7
DeepEqual returns true if both endpoints are deep equal.
type FrontendList ¶ added in v0.15.7
type FrontendList map[string]struct{}
FrontendList is the list of all k8s service frontends
func (FrontendList) LooseMatch ¶ added in v0.15.7
func (l FrontendList) LooseMatch(frontend loadbalancer.L3n4Addr) (exists bool)
LooseMatch returns true if the provided frontend is found in the FrontendList. If the frontend has a protocol value set, it only matches a k8s service with a matching protocol. If no protocol is set, any k8s service matching frontend IP and port is considered a match, regardless of protocol.
type JSONPatch ¶ added in v0.15.7
type JSONPatch struct { OP string `json:"op,omitempty"` Path string `json:"path,omitempty"` Value interface{} `json:"value"` }
JSONPatch structure based on the RFC 6902
type NodePortToFrontend ¶ added in v0.15.7
type NodePortToFrontend map[string]*loadbalancer.L3n4AddrID
+deepequal-gen=true
func (*NodePortToFrontend) DeepEqual ¶ added in v0.15.7
func (in *NodePortToFrontend) DeepEqual(other *NodePortToFrontend) bool
DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.
type Service ¶ added in v0.15.7
type Service struct { // Until deepequal-gen adds support for net.IP we need to compare this field // manually. // Whenever creating a new service we should make sure that the FrontendIPs are // sorted, so we always generate the same string representation. // +deepequal-gen=false FrontendIPs []net.IP IsHeadless bool // IncludeExternal is true when external endpoints from other clusters // should be included IncludeExternal bool Shared bool // ServiceAffinity determines the preferred endpoint destination (e.g. local // vs remote clusters) // // Applicable values: local, remote, none (default). ServiceAffinity string // ExtTrafficPolicy controls how backends are selected for North-South traffic. // If set to "Local", only node-local backends are chosen. ExtTrafficPolicy loadbalancer.SVCTrafficPolicy // IntTrafficPolicy controls how backends are selected for East-West traffic. // If set to "Local", only node-local backends are chosen. IntTrafficPolicy loadbalancer.SVCTrafficPolicy // HealthCheckNodePort defines on which port the node runs a HTTP health // check server which may be used by external loadbalancers to determine // if a node has local backends. This will only have effect if both // LoadBalancerIPs is not empty and ExtTrafficPolicy is SVCTrafficPolicyLocal. HealthCheckNodePort uint16 Ports map[loadbalancer.FEPortName]*loadbalancer.L4Addr // NodePorts stores mapping for port name => NodePort frontend addr string => // NodePort fronted addr. The string addr => addr indirection is to avoid // storing duplicates. NodePorts map[loadbalancer.FEPortName]NodePortToFrontend // K8sExternalIPs stores mapping of the endpoint in a string format to the // externalIP in net.IP format. // // Until deepequal-gen adds support for net.IP we need to compare this field // manually. // +deepequal-gen=false K8sExternalIPs map[string]net.IP // LoadBalancerIPs stores LB IPs assigned to the service (string(IP) => IP). // // Until deepequal-gen adds support for net.IP we need to compare this field // manually. // +deepequal-gen=false LoadBalancerIPs map[string]net.IP LoadBalancerSourceRanges map[string]*cidr.CIDR Labels map[string]string Selector map[string]string // SessionAffinity denotes whether service has the clientIP session affinity SessionAffinity bool // SessionAffinityTimeoutSeconds denotes session affinity timeout SessionAffinityTimeoutSec uint32 // Type is the internal service type // +deepequal-gen=false Type loadbalancer.SVCType // TopologyAware denotes whether service endpoints might have topology aware // hints. This is used to determine if Services should be reconciled when // Node labels are updated. It is set to true if any of the following are // true: // * TrafficDistribution field is set to "PreferClose" // * service.kubernetes.io/topology-aware-hints annotation is set to "Auto" // or "auto" // * service.kubernetes.io/topology-mode annotation is set to any value // other than "Disabled" TopologyAware bool }
Service is an abstraction for a k8s service that is composed by the frontend IP addresses (FEIPs) and the map of the frontend ports (Ports).
+k8s:deepcopy-gen=true +deepequal-gen=true +deepequal-gen:private-method=true
func NewService ¶ added in v0.15.7
func NewService(ips []net.IP, externalIPs, loadBalancerIPs, loadBalancerSourceRanges []string, headless bool, extTrafficPolicy, intTrafficPolicy loadbalancer.SVCTrafficPolicy, healthCheckNodePort uint16, labels, selector map[string]string, namespace string, svcType loadbalancer.SVCType, ) *Service
NewService returns a new Service with the Ports map initialized.
func ParseClusterService ¶ added in v0.15.7
func ParseClusterService(svc *serviceStore.ClusterService) *Service
ParseClusterService parses a ClusterService and returns a Service. ClusterService is a subset of what a Service can express, especially, ClusterService does not have: - other service types than ClusterIP - an explicit traffic policy, SVCTrafficPolicyCluster is assumed - health check node ports - NodePorts - external IPs - LoadBalancerIPs - LoadBalancerSourceRanges - SessionAffinity
ParseClusterService() is paired with EqualsClusterService() that has the above wired in.
func (*Service) DeepCopy ¶ added in v0.15.7
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.
func (*Service) DeepCopyInto ¶ added in v0.15.7
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Service) DeepEqual ¶ added in v0.15.7
DeepEqual returns true if s and other are deeply equal.
func (*Service) EqualsClusterService ¶ added in v0.15.7
func (s *Service) EqualsClusterService(svc *serviceStore.ClusterService) bool
EqualsClusterService returns true the given ClusterService would parse into Service if ParseClusterService() would be called. This is necessary to avoid memory allocations that would be performed by ParseClusterService() when the service already exists.
func (Service) IsExternal ¶ added in v0.15.7
IsExternal returns true if the service is expected to serve out-of-cluster endpoints:
func (*Service) String ¶ added in v0.15.7
String returns the string representation of a service resource
func (*Service) UniquePorts ¶ added in v0.15.7
UniquePorts returns a map of all unique ports configured in the service
type ServiceCache ¶ added in v0.15.7
type ServiceCache struct { // Events may only be read by single consumer. The consumer must acknowledge // every event by calling Done() on the ServiceEvent.SWG. Events <-chan ServiceEvent ServiceMutators []func(svc *slim_corev1.Service, svcInfo *Service) // contains filtered or unexported fields }
ServiceCache is a list of services correlated with the matching endpoints. The Events member will receive events as services.
func NewServiceCache ¶ added in v0.15.7
func NewServiceCache(db *statedb.DB, nodeAddrs statedb.Table[datapathTables.NodeAddress]) *ServiceCache
NewServiceCache returns a new ServiceCache
func (*ServiceCache) DebugStatus ¶ added in v0.15.7
func (s *ServiceCache) DebugStatus() string
DebugStatus implements debug.StatusObject to provide debug status collection ability
func (*ServiceCache) DeleteEndpoints ¶ added in v0.15.7
func (s *ServiceCache) DeleteEndpoints(svcID EndpointSliceID, swg *lock.StoppableWaitGroup) ServiceID
DeleteEndpoints parses a Kubernetes endpoints and removes it from the ServiceCache
func (*ServiceCache) DeleteService ¶ added in v0.15.7
func (s *ServiceCache) DeleteService(k8sSvc *slim_corev1.Service, swg *lock.StoppableWaitGroup)
DeleteService parses a Kubernetes service and removes it from the ServiceCache
func (*ServiceCache) EnsureService ¶ added in v0.15.7
func (s *ServiceCache) EnsureService(svcID ServiceID, swg *lock.StoppableWaitGroup) bool
func (*ServiceCache) ForEachService ¶ added in v1.16.0
func (s *ServiceCache) ForEachService(yield func(svcID ServiceID, svc *Service, eps *EndpointSlices) bool)
ForEachService runs the yield callback for each service and its endpoints. If yield returns false, the iteration is terminated early. Services are iterated in random order. The ServiceCache is read-locked during this function call. The passed in Service and Endpoints references are read-only.
func (*ServiceCache) GetEndpointsOfService ¶ added in v0.15.7
func (s *ServiceCache) GetEndpointsOfService(svcID ServiceID) *Endpoints
GetEndpointsOfService returns all the endpoints that correlate with a service given a ServiceID.
func (*ServiceCache) GetServiceAddrsWithType ¶ added in v0.15.7
func (s *ServiceCache) GetServiceAddrsWithType(svcID ServiceID, svcType loadbalancer.SVCType) (map[loadbalancer.FEPortName][]*loadbalancer.L3n4Addr, int)
GetServiceAddrsWithType returns a map of all the ports and slice of L3n4Addr that are backing the given Service ID with given type. It also returns the number of frontend IPs associated with the service. Note: The returned IPs are with External scope.
func (*ServiceCache) GetServiceFrontendIP ¶ added in v0.15.7
func (s *ServiceCache) GetServiceFrontendIP(svcID ServiceID, svcType loadbalancer.SVCType) net.IP
GetServiceFrontendIP returns the frontend IP (aka clusterIP) for the given service with type.
func (*ServiceCache) GetServiceIP ¶ added in v0.15.7
func (s *ServiceCache) GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
GetServiceIP returns a random L3n4Addr that is backing the given Service ID. The returned IP is with external scope since its string representation might be used for net Dialer.
func (*ServiceCache) LocalServices ¶ added in v1.14.4
func (s *ServiceCache) LocalServices() sets.Set[ServiceID]
LocalServices returns the list of known services that are not marked as global (i.e., whose backends are all in the local cluster only).
func (*ServiceCache) MergeClusterServiceDelete ¶ added in v0.15.7
func (s *ServiceCache) MergeClusterServiceDelete(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
MergeClusterServiceDelete merges the deletion of a cluster service in a remote cluster into the local service cache, deleting the local service.
func (*ServiceCache) MergeClusterServiceUpdate ¶ added in v0.15.7
func (s *ServiceCache) MergeClusterServiceUpdate(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
MergeClusterServiceUpdate merges a cluster service of a local cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints(). Local service is created and/or updated if needed.
func (*ServiceCache) MergeExternalServiceDelete ¶ added in v0.15.7
func (s *ServiceCache) MergeExternalServiceDelete(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
MergeExternalServiceDelete merges the deletion of a cluster service in a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().
func (*ServiceCache) MergeExternalServiceUpdate ¶ added in v0.15.7
func (s *ServiceCache) MergeExternalServiceUpdate(service *serviceStore.ClusterService, swg *lock.StoppableWaitGroup)
MergeExternalServiceUpdate merges a cluster service of a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().
func (*ServiceCache) Notifications ¶ added in v1.16.0
func (s *ServiceCache) Notifications() stream.Observable[ServiceNotification]
Notifications allow multiple subscribers to observe changes to services and endpoints. Subscribers must register as soon as the service cache is created to ensure no notifications are missed, as notifications which happen before a consumer is subscribed will be lost.
func (*ServiceCache) UniqueServiceFrontends ¶ added in v0.15.7
func (s *ServiceCache) UniqueServiceFrontends() FrontendList
UniqueServiceFrontends returns all externally scoped services known to the service cache as a map, indexed by the string representation of a loadbalancer.L3n4Addr. This helper is only used in unit tests.
func (*ServiceCache) UpdateEndpoints ¶ added in v0.15.7
func (s *ServiceCache) UpdateEndpoints(newEndpoints *Endpoints, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
UpdateEndpoints parses a Kubernetes endpoints and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes endpoints could not be parsed and a bool to indicate whether the endpoints was changed in the cache or not.
func (*ServiceCache) UpdateService ¶ added in v0.15.7
func (s *ServiceCache) UpdateService(k8sSvc *slim_corev1.Service, swg *lock.StoppableWaitGroup) ServiceID
UpdateService parses a Kubernetes service and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes service could not be parsed and a bool to indicate whether the service was changed in the cache or not.
type ServiceCacheConfig ¶ added in v1.15.0
type ServiceCacheConfig struct {
EnableServiceTopology bool
}
ServiceCacheConfig defines the configuration options for the service cache.
func (ServiceCacheConfig) Flags ¶ added in v1.15.0
func (def ServiceCacheConfig) Flags(flags *pflag.FlagSet)
Flags implements the cell.Flagger interface.
type ServiceEvent ¶ added in v0.15.7
type ServiceEvent struct { // Action is the action that was performed in the cache Action CacheAction // ID is the identified of the service ID ServiceID // Service is the service structure Service *Service // OldService is the old service structure OldService *Service // Endpoints is the endpoints structured correlated with the service Endpoints *Endpoints // OldEndpoints is old endpoints structure. OldEndpoints *Endpoints // SWG provides a mechanism to detect if a service was synchronized with // the datapath. SWG *lock.StoppableWaitGroup }
ServiceEvent is emitted via the Events channel of ServiceCache and describes the change that occurred in the cache
type ServiceID ¶ added in v0.15.7
type ServiceID struct { Cluster string `json:"cluster,omitempty"` Name string `json:"serviceName,omitempty"` Namespace string `json:"namespace,omitempty"` }
ServiceID identifies the Kubernetes service
func ParseServiceID ¶ added in v0.15.7
func ParseServiceID(svc *slim_corev1.Service) ServiceID
ParseServiceID parses a Kubernetes service and returns the ServiceID
func ParseServiceIDFrom ¶ added in v0.15.7
ParseServiceIDFrom returns a ServiceID derived from the given kubernetes service FQDN.
type ServiceNotification ¶ added in v1.16.0
type ServiceNotification struct { Action CacheAction ID ServiceID Service *Service OldService *Service Endpoints *Endpoints OldEndpoints *Endpoints }
ServiceNotification is a slimmed down version of a ServiceEvent. In particular notifications are optional and thus do not contain a wait group to allow producers to wait for the notification to be consumed.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
cilium.io/v2
Package v2 is the v2 version of the API.
|
Package v2 is the v2 version of the API. |
cilium.io/v2alpha1
Package v2alpha1 is the v2alpha1 version of the API.
|
Package v2alpha1 is the v2alpha1 version of the API. |
clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
clientset/versioned/typed/cilium.io/v2
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
clientset/versioned/typed/cilium.io/v2/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
clientset/versioned/typed/cilium.io/v2alpha1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
clientset/versioned/typed/cilium.io/v2alpha1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
slim
|
|
k8s/api/core/v1
Package v1 is the v1 version of the core API.
|
Package v1 is the v1 version of the core API. |
k8s/api/discovery/v1
Package v1 contains slimmer versions of k8s discovery types.
|
Package v1 contains slimmer versions of k8s discovery types. |
k8s/api/discovery/v1beta1
Package v1beta1 contains slimmer versions of k8s discovery types.
|
Package v1beta1 contains slimmer versions of k8s discovery types. |
k8s/api/networking/v1
Package v1 contains slimmer versions of k8s networking types.
|
Package v1 contains slimmer versions of k8s networking types. |
k8s/apiextensions-client/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
k8s/apiextensions-client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
k8s/apiextensions-client/clientset/versioned/typed/apiextensions/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
k8s/apiextensions-client/clientset/versioned/typed/apiextensions/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
k8s/apis/apiextensions/v1
Package v1 is the v1 version of the API.
|
Package v1 is the v1 version of the API. |
k8s/apis/labels
Package labels implements a simple label system, parsing and matching selectors with sets of labels.
|
Package labels implements a simple label system, parsing and matching selectors with sets of labels. |
k8s/apis/meta/v1
Package types contains slimmer versions of k8s types.
|
Package types contains slimmer versions of k8s types. |
k8s/apis/meta/v1beta1
package v1beta1 is alpha objects from meta that will be introduced.
|
package v1beta1 is alpha objects from meta that will be introduced. |
k8s/apis/util/intstr
Package types contains slimmer versions of k8s types.
|
Package types contains slimmer versions of k8s types. |
k8s/client/clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
k8s/client/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
k8s/client/clientset/versioned/typed/core/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
k8s/client/clientset/versioned/typed/core/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
k8s/client/clientset/versioned/typed/discovery/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
k8s/client/clientset/versioned/typed/discovery/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
k8s/client/clientset/versioned/typed/discovery/v1beta1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
k8s/client/clientset/versioned/typed/discovery/v1beta1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
k8s/client/clientset/versioned/typed/networking/v1
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
k8s/client/clientset/versioned/typed/networking/v1/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
Package synced provides tools for tracking if k8s resources have been initially sychronized with the k8s apiserver.
|
Package synced provides tools for tracking if k8s resources have been initially sychronized with the k8s apiserver. |
Package types contains slimmer versions of k8s types.
|
Package types contains slimmer versions of k8s types. |
Package version keeps track of the Kubernetes version the client is connected to
|
Package version keeps track of the Kubernetes version the client is connected to |
resources
This package contains exported resource identifiers and metric resource labels related to K8s watchers.
|
This package contains exported resource identifiers and metric resource labels related to K8s watchers. |
subscriber
Package subscriber implements a mechanism to represent K8s watcher subscribers and allows K8s events to objects / resources to notify their respective subscribers.
|
Package subscriber implements a mechanism to represent K8s watcher subscribers and allows K8s events to objects / resources to notify their respective subscribers. |