endpoint

package
v1.17.0-pre.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2024 License: Apache-2.0 Imports: 88 Imported by: 137

Documentation

Index

Constants

View Source
const (
	// PropertyFakeEndpoint marks the endpoint as being "fake". By "fake" it
	// means that it doesn't have any datapath bpf programs regenerated.
	PropertyFakeEndpoint = "property-fake-endpoint"

	// PropertyAtHostNS is used for endpoints that are reached via the host networking
	// namespace, but have their own IP(s) from the node's pod CIDR range
	PropertyAtHostNS = "property-at-host-network-namespace"

	// PropertyWithouteBPFDatapath marks the endpoint that doesn't contain a
	// eBPF datapath program.
	PropertyWithouteBPFDatapath = "property-without-bpf-endpoint"

	// PropertySkipBPFPolicy will mark the endpoint to skip ebpf
	// policy regeneration.
	PropertySkipBPFPolicy = "property-skip-bpf-policy"

	// PropertySkipBPFRegeneration will mark the endpoint to skip ebpf
	// regeneration.
	PropertySkipBPFRegeneration = "property-skip-bpf-regeneration"

	// PropertyCEPOwner will be able to store the CEP owner for this endpoint.
	PropertyCEPOwner = "property-cep-owner"

	// PropertyCEPName contains the CEP name for this endpoint.
	PropertyCEPName = "property-cep-name"
)
View Source
const (
	// StateWaitingForIdentity is used to set if the endpoint is waiting
	// for an identity from the KVStore.
	StateWaitingForIdentity = State(models.EndpointStateWaitingDashForDashIdentity)

	// StateReady specifies if the endpoint is ready to be used.
	StateReady = State(models.EndpointStateReady)

	// StateWaitingToRegenerate specifies when the endpoint needs to be regenerated, but regeneration has not started yet.
	StateWaitingToRegenerate = State(models.EndpointStateWaitingDashToDashRegenerate)

	// StateRegenerating specifies when the endpoint is being regenerated.
	StateRegenerating = State(models.EndpointStateRegenerating)

	// StateDisconnecting indicates that the endpoint is being disconnected
	StateDisconnecting = State(models.EndpointStateDisconnecting)

	// StateDisconnected is used to set the endpoint is disconnected.
	StateDisconnected = State(models.EndpointStateDisconnected)

	// StateRestoring is used to set the endpoint is being restored.
	StateRestoring = State(models.EndpointStateRestoring)

	// StateInvalid is used when an endpoint failed during creation due to
	// invalid data.
	StateInvalid = State(models.EndpointStateInvalid)
)
View Source
const (
	// EndpointGenerationTimeout specifies timeout for proxy completion context
	EndpointGenerationTimeout = 330 * time.Second
)

Variables

View Source
var (
	EndpointMutableOptionLibrary = option.GetEndpointMutableOptionLibrary()
)
View Source
var (
	// ErrNotAlive is an error which indicates that the endpoint could not be
	// locked because it is currently being removed.
	// Same error is returned for both lock and rlock.
	ErrNotAlive = errors.New("lock failed: endpoint is in the process of being removed")
)
View Source
var (
	RegeneratorCell = cell.Module(
		"endpoint-regeneration",
		"Endpoints regeneration",

		cell.Provide(newRegenerator),
	)
)

Functions

func APICanModify added in v0.15.7

func APICanModify(e *Endpoint) error

APICanModify determines whether API requests from a user are allowed to modify this endpoint.

func CheckHealth added in v0.15.7

func CheckHealth(ep *Endpoint) error

CheckHealth verifies that the endpoint is alive and healthy by checking the link status. This satisfies endpointmanager.EndpointCheckerFunc.

func EndpointSyncControllerName added in v0.15.7

func EndpointSyncControllerName(epID uint16) string

EndpointSyncControllerName returns the controller name to synchronize endpoint in to kubernetes.

func FilterEPDir

func FilterEPDir(dirFiles []os.DirEntry) []string

FilterEPDir returns a list of directories' names that possible belong to an endpoint.

func NewDatapathConfiguration added in v0.15.7

func NewDatapathConfiguration() models.EndpointDatapathConfiguration

NewDatapathConfiguration return the default endpoint datapath configuration based on whether per-endpoint routes are enabled.

func ParseExternalRegenerationMetadata added in v0.15.7

func ParseExternalRegenerationMetadata(ctx context.Context, c context.CancelFunc, e *regeneration.ExternalRegenerationMetadata) *regenerationContext

func ReadEPsFromDirNames added in v0.15.7

func ReadEPsFromDirNames(ctx context.Context, owner regeneration.Owner, policyGetter policyRepoGetter,
	namedPortsGetter namedPortsGetter, basePath string, eptsDirNames []string) map[uint16]*Endpoint

ReadEPsFromDirNames returns a mapping of endpoint ID to endpoint of endpoints from a list of directory names that can possible contain an endpoint.

Types

type AnnotationsResolverCB added in v0.15.7

type AnnotationsResolverCB func(ns, podName string) (value string, err error)

AnnotationsResolverCB provides an implementation for resolving the pod annotations.

type CEPOwnerInterface added in v1.16.0

type CEPOwnerInterface interface {
	// IsNil returns true or false if the object is nil.
	IsNil() bool

	// GetAPIVersion returns the API version of the owner.
	GetAPIVersion() string

	// GetKind returns the Kind of the owner.
	GetKind() string

	// GetNamespace returns the namespace where the owner lives.
	GetNamespace() string

	// GetName returns the owners' name.
	GetName() string

	// GetLabels returns the labels of the owner.
	GetLabels() map[string]string

	// GetUID returns the owners' UID.
	GetUID() k8sTypes.UID

	// GetHostIP returns the owners' host IP.
	GetHostIP() string
}

CEPOwnerInterface contains the interface of an endpoint owner.

type DeleteConfig added in v0.15.7

type DeleteConfig struct {
	NoIPRelease       bool
	NoIdentityRelease bool
}

DeleteConfig is the endpoint deletion configuration

type Endpoint

type Endpoint struct {

	// ID of the endpoint, unique in the scope of the node
	ID uint16

	// OpLabels is the endpoint's label configuration
	//
	// FIXME: Rename this field to Labels
	OpLabels labels.OpLabels

	// IPv6 is the IPv6 address of the endpoint.
	// Constant after endpoint creation / restoration.
	IPv6 netip.Addr

	// IPv6IPAMPool is the IPAM address pool from which the IPv6 address has been allocated from.
	// Constant after endpoint creation / restoration.
	IPv6IPAMPool string

	// IPv4 is the IPv4 address of the endpoint.
	// Constant after endpoint creation / restoration.
	IPv4 netip.Addr

	// IPv4IPAMPool is the IPAM address pool from which the IPv4 address has been allocated from.
	// Constant after endpoint creation / restoration.
	IPv4IPAMPool string

	// SecurityIdentity is the security identity of this endpoint. This is computed from
	// the endpoint's labels.
	SecurityIdentity *identity.Identity `json:"SecLabel"`

	// PolicyMapPressureUpdater updates the policymap pressure metric.
	PolicyMapPressureUpdater policyMapPressureUpdater

	// Options determine the datapath configuration of the endpoint.
	Options *option.IntOptions

	// DNSRules is the collection of current endpoint-specific DNS proxy
	// rules that conform to using restore.PortProto V1 (that is, they do
	// **not** take protocol into account). These can be restored during
	// Cilium restart.
	// TODO: This can be removed when 1.16 is deprecated.
	DNSRules restore.DNSRules

	// DNSRulesV2 is the collection of current endpoint-specific DNS proxy
	// rules that conform to using restore.PortProto V2 (that is, they take
	// protocol into account). These can be restored during Cilium restart.
	DNSRulesV2 restore.DNSRules

	// DNSHistory is the collection of still-valid DNS responses intercepted for
	// this endpoint.
	DNSHistory *fqdn.DNSCache

	// DNSZombies is the collection of DNS IPs that have expired in or been
	// evicted from DNSHistory. They are held back from deletion until we can
	// confirm that no existing connection is using them.
	DNSZombies *fqdn.DNSZombieMappings

	// K8sPodName is the Kubernetes pod name of the endpoint.
	// Immutable after Endpoint creation.
	K8sPodName string

	// K8sNamespace is the Kubernetes namespace of the endpoint.
	// Immutable after Endpoint creation.
	K8sNamespace string

	// K8sUID is the Kubernetes UID of the pod. Passed directly from the CNI.
	// Immutable after Endpoint creation.
	K8sUID string

	// DatapathConfiguration is the endpoint's datapath configuration as
	// passed in via the plugin that created the endpoint, e.g. the CNI
	// plugin which performed the plumbing will enable certain datapath
	// features according to the mode selected.
	DatapathConfiguration models.EndpointDatapathConfiguration

	// NetNsCookie is the network namespace cookie of the Endpoint.
	NetNsCookie uint64
	// contains filtered or unexported fields
}

Endpoint represents a container or similar which can be individually addresses on L3 with its own IP addresses. This structured is managed by the endpoint manager in pkg/endpointmanager.

The representation of the Endpoint which is serialized to disk for restore purposes is the serializableEndpoint type in this package.

func CreateHostEndpoint added in v0.15.7

func CreateHostEndpoint(owner regeneration.Owner, policyGetter policyRepoGetter, namedPortsGetter namedPortsGetter, proxy EndpointProxy, allocator cache.IdentityAllocator) (*Endpoint, error)

CreateHostEndpoint creates the endpoint corresponding to the host.

func CreateIngressEndpoint added in v1.13.15

func CreateIngressEndpoint(owner regeneration.Owner, policyGetter policyRepoGetter, namedPortsGetter namedPortsGetter, proxy EndpointProxy, allocator cache.IdentityAllocator) (*Endpoint, error)

CreateIngressEndpoint creates the endpoint corresponding to Cilium Ingress.

func NewEndpointFromChangeModel

func NewEndpointFromChangeModel(ctx context.Context, owner regeneration.Owner, policyGetter policyRepoGetter, namedPortsGetter namedPortsGetter, proxy EndpointProxy, allocator cache.IdentityAllocator, base *models.EndpointChangeRequest) (*Endpoint, error)

NewEndpointFromChangeModel creates a new endpoint from a request

func NewTestEndpointWithState added in v1.16.0

func NewTestEndpointWithState(owner regeneration.Owner, policyGetter policyRepoGetter, namedPortsGetter namedPortsGetter, proxy EndpointProxy, allocator cache.IdentityAllocator, ID uint16, state State) *Endpoint

NewTestEndpointWithState creates a new endpoint useful for testing purposes

Note: This function is intended for testing purposes only and should not be used in production code.

func (*Endpoint) APICanModifyConfig added in v0.15.7

func (e *Endpoint) APICanModifyConfig(n models.ConfigurationMap) error

APICanModifyConfig determines whether API requests from users are allowed to modify the configuration of the endpoint.

func (*Endpoint) Allows

func (e *Endpoint) Allows(id identity.NumericIdentity) bool

Allows is only used for unit testing

func (*Endpoint) ApplyOpts

func (e *Endpoint) ApplyOpts(opts option.OptionMap) (bool, error)

ApplyOpts tries to lock endpoint, applies the given options to the endpoint's options and returns true if there were any options changed.

func (*Endpoint) ApplyPolicyMapChanges added in v0.15.7

func (e *Endpoint) ApplyPolicyMapChanges(proxyWaitGroup *completion.WaitGroup) error

ApplyPolicyMapChanges updates the Endpoint's PolicyMap with the changes that have accumulated for the PolicyMap via various outside events (e.g., identities added / deleted). 'proxyWaitGroup' may not be nil.

func (*Endpoint) ApplyUserLabelChanges added in v0.15.7

func (e *Endpoint) ApplyUserLabelChanges(lbls labels.Labels) (add, del labels.Labels, err error)

ApplyUserLabelChanges changes the label configuration of the endpoint per the provided labels. Returns labels that were added and deleted. Returns an error if the endpoint is being deleted.

func (*Endpoint) BuilderSetStateLocked added in v0.15.7

func (e *Endpoint) BuilderSetStateLocked(toState State, reason string) bool

BuilderSetStateLocked modifies the endpoint's state endpoint.mutex must be Lock()ed endpoint buildMutex must be held!

func (*Endpoint) Close added in v1.15.0

func (e *Endpoint) Close()

func (*Endpoint) ConntrackLocal added in v0.15.7

func (e *Endpoint) ConntrackLocal() bool

ConntrackLocal determines whether this endpoint is currently using a local table to handle connection tracking (true), or the global table (false).

func (*Endpoint) ConntrackLocalLocked added in v0.15.7

func (e *Endpoint) ConntrackLocalLocked() bool

ConntrackLocalLocked is the same as ConntrackLocal, but assumes that the endpoint is already locked for reading.

func (*Endpoint) ConntrackNameLocked added in v0.15.7

func (e *Endpoint) ConntrackNameLocked() string

ConntrackNameLocked returns the name suffix for the endpoint-specific bpf conntrack map, which is a 5-digit endpoint ID, or "global" when the global map should be used. Must be called with the endpoint locked.

func (*Endpoint) Delete added in v0.15.7

func (e *Endpoint) Delete(conf DeleteConfig) []error

Delete cleans up all resources associated with this endpoint, including the following: * all goroutines managed by this Endpoint (EventQueue, Controllers) * removal from the endpointmanager, resulting in new events not taking effect on this endpoint * cleanup of datapath state (BPF maps, proxy configuration, directories) * releasing of the reference to its allocated security identity

func (*Endpoint) DirectoryPath

func (e *Endpoint) DirectoryPath() string

DirectoryPath returns the directory name for this endpoint bpf program.

func (*Endpoint) FailedDirectoryPath added in v0.15.7

func (e *Endpoint) FailedDirectoryPath() string

FailedDirectoryPath returns the directory name for this endpoint bpf program failed builds.

func (*Endpoint) FormatGlobalEndpointID added in v0.15.7

func (e *Endpoint) FormatGlobalEndpointID() string

FormatGlobalEndpointID returns the global ID of endpoint in the format / <global ID Prefix>:<cluster name>:<node name>:<endpoint ID> as a string.

func (*Endpoint) GetCEPOwner added in v1.16.0

func (e *Endpoint) GetCEPOwner() CEPOwnerInterface

GetCEPOwner retrieves the cep owner related to this endpoint which will be, by default, the pod associated with this endpoint.

func (*Endpoint) GetCNIAttachmentID added in v0.15.7

func (e *Endpoint) GetCNIAttachmentID() string

GetCNIAttachmentID returns the endpoint's unique CNI attachment ID

func (*Endpoint) GetCiliumEndpointStatus added in v0.15.7

func (e *Endpoint) GetCiliumEndpointStatus() *cilium_v2.EndpointStatus

GetCiliumEndpointStatus creates a cilium_v2.EndpointStatus of an endpoint. See cilium_v2.EndpointStatus for a detailed explanation of each field.

func (*Endpoint) GetCiliumEndpointUID added in v0.15.7

func (e *Endpoint) GetCiliumEndpointUID() types.UID

GetCiliumEndpointUID returns the UID of the CiliumEndpoint.

func (*Endpoint) GetConfigurationStatus added in v0.15.7

func (e *Endpoint) GetConfigurationStatus() *models.EndpointConfigurationStatus

GetConfigurationStatus returns the Cilium API representation of the configuration of this endpoint.

func (*Endpoint) GetContainerID added in v0.15.7

func (e *Endpoint) GetContainerID() string

GetContainerID returns the endpoint's container ID

func (*Endpoint) GetContainerName added in v0.15.7

func (e *Endpoint) GetContainerName() string

GetContainerName returns the name of the container for the endpoint.

func (*Endpoint) GetCreatedAt added in v0.15.7

func (e *Endpoint) GetCreatedAt() time.Time

GetCreatedAt returns the endpoint creation time.

func (*Endpoint) GetDisableLegacyIdentifiers added in v1.16.0

func (e *Endpoint) GetDisableLegacyIdentifiers() bool

GetDisableLegacyIdentifiers returns the endpoint's disableLegacyIdentifiers.

func (*Endpoint) GetDockerEndpointID added in v0.15.7

func (e *Endpoint) GetDockerEndpointID() string

func (*Endpoint) GetEndpointNetNsCookie added in v1.16.3

func (e *Endpoint) GetEndpointNetNsCookie() uint64

GetEndpointNetNsCookie returns the endpoint's netns cookie.

func (*Endpoint) GetHealthModel added in v0.15.7

func (e *Endpoint) GetHealthModel() *models.EndpointHealth

GetHealthModel returns the endpoint's health object.

func (*Endpoint) GetID added in v0.10.0

func (e *Endpoint) GetID() uint64

GetID returns the endpoint's ID as a 64-bit unsigned integer.

func (*Endpoint) GetID16 added in v0.15.7

func (e *Endpoint) GetID16() uint16

GetID16 returns the endpoint's ID as a 16-bit unsigned integer.

func (*Endpoint) GetIPv4Address added in v0.10.0

func (e *Endpoint) GetIPv4Address() string

GetIPv4Address returns the IPv4 address of the endpoint as a string

func (*Endpoint) GetIPv6Address added in v0.10.0

func (e *Endpoint) GetIPv6Address() string

GetIPv6Address returns the IPv6 address of the endpoint as a string

func (*Endpoint) GetIdentity

func (e *Endpoint) GetIdentity() identity.NumericIdentity

GetIdentity returns the numeric security identity of the endpoint

func (*Endpoint) GetIdentityLocked added in v0.15.7

func (e *Endpoint) GetIdentityLocked() identity.NumericIdentity

GetIdentityLocked is identical to GetIdentity() but assumes that a.mutex is already held. This function is obsolete and should no longer be used.

func (*Endpoint) GetIfIndex added in v0.15.7

func (e *Endpoint) GetIfIndex() int

GetIfIndex returns the ifIndex for this endpoint.

func (*Endpoint) GetK8sCEPName added in v0.15.7

func (e *Endpoint) GetK8sCEPName() string

GetK8sCEPName returns the corresponding K8s CiliumEndpoint resource name for this endpoint (without the namespace) Returns an empty string if the endpoint does not belong to a pod.

func (*Endpoint) GetK8sNamespace added in v0.15.7

func (e *Endpoint) GetK8sNamespace() string

GetK8sNamespace returns the name of the pod if the endpoint represents a Kubernetes pod

func (*Endpoint) GetK8sNamespaceAndCEPName added in v0.15.7

func (e *Endpoint) GetK8sNamespaceAndCEPName() string

GetK8sNamespaceAndCEPName returns the corresponding namespace and K8s CiliumEndpoint resource name for this endpoint.

func (*Endpoint) GetK8sNamespaceAndPodName added in v0.15.7

func (e *Endpoint) GetK8sNamespaceAndPodName() string

GetK8sNamespaceAndPodName returns the corresponding namespace and pod name for this endpoint.

func (*Endpoint) GetK8sPodName added in v0.15.7

func (e *Endpoint) GetK8sPodName() string

GetK8sPodName returns the name of the pod if the endpoint represents a Kubernetes pod

func (*Endpoint) GetK8sPorts added in v0.15.7

func (e *Endpoint) GetK8sPorts() (k8sPorts types.NamedPortMap)

GetK8sPorts returns the k8sPorts, which must not be modified by the caller

func (*Endpoint) GetK8sUID added in v1.15.5

func (e *Endpoint) GetK8sUID() string

GetK8sUID returns the UID of the pod if the endpoint represents a Kubernetes pod.

func (*Endpoint) GetLabels added in v0.10.0

func (e *Endpoint) GetLabels() labels.Labels

GetLabels returns the labels.

func (*Endpoint) GetLabelsModel added in v0.15.7

func (e *Endpoint) GetLabelsModel() (*models.LabelConfiguration, error)

GetLabelsModel returns the labels of the endpoint in their representation for the Cilium API. Returns an error if the Endpoint is being deleted.

func (*Endpoint) GetModel

func (e *Endpoint) GetModel() *models.Endpoint

GetModel returns the API model of endpoint e.

func (*Endpoint) GetModelRLocked added in v0.15.7

func (e *Endpoint) GetModelRLocked() *models.Endpoint

GetModelRLocked returns the API model of endpoint e. e.mutex must be RLocked.

func (*Endpoint) GetNamedPort added in v0.15.7

func (e *Endpoint) GetNamedPort(ingress bool, name string, proto u8proto.U8proto) uint16

GetNamedPort returns the port for the given name.

func (*Endpoint) GetNamedPortsModel added in v0.15.7

func (e *Endpoint) GetNamedPortsModel() models.NamedPorts

GetNamedPortsModel returns the endpoint's NamedPorts object.

func (*Endpoint) GetNodeMAC added in v0.15.7

func (e *Endpoint) GetNodeMAC() mac.MAC

GetNodeMAC returns the MAC address of the node from this endpoint's perspective.

func (*Endpoint) GetOpLabels added in v0.15.7

func (e *Endpoint) GetOpLabels() []string

GetOpLabels returns the labels as slice

func (*Endpoint) GetOptions added in v0.15.7

func (e *Endpoint) GetOptions() *option.IntOptions

GetOptions returns the datapath configuration options of the endpoint.

func (*Endpoint) GetPod added in v0.15.7

func (e *Endpoint) GetPod() *slim_corev1.Pod

GetPod retrieves the pod related to this endpoint

func (*Endpoint) GetPolicyModel added in v0.15.7

func (e *Endpoint) GetPolicyModel() *models.EndpointPolicyStatus

GetPolicyModel returns the endpoint's policy as an API model.

Must be called with e.mutex RLock()ed.

func (*Endpoint) GetPolicyVerdictLogFilter added in v0.15.7

func (e *Endpoint) GetPolicyVerdictLogFilter() uint32

GetPolicyVerdictLogFilter returns the PolicyVerdictLogFilter that would control the creation of policy verdict logs. Value of VerdictLogFilter needs to be consistent with how it is used in policy_verdict_filter_allow() in bpf/lib/policy_log.h

func (*Endpoint) GetPolicyVersionHandle

func (e *Endpoint) GetPolicyVersionHandle() *versioned.VersionHandle

func (*Endpoint) GetPropertyValue added in v1.16.0

func (e *Endpoint) GetPropertyValue(key string) interface{}

GetPropertyValue returns the metadata value for this key.

func (*Endpoint) GetRealizedPolicyRuleLabelsForKey added in v0.15.7

func (e *Endpoint) GetRealizedPolicyRuleLabelsForKey(key policyTypes.Key) (
	derivedFrom labels.LabelArrayList,
	revision uint64,
	ok bool,
)

GetRealizedPolicyRuleLabelsForKey returns the list of policy rule labels which match a given flow key (in host byte-order). The returned LabelArrayList is shallow-copied and therefore must not be mutated. This function explicitly exported to be accessed by code outside of the Cilium source code tree and for testing.

func (*Endpoint) GetReporter added in v1.15.0

func (e *Endpoint) GetReporter(name string) cell.Health

func (*Endpoint) GetSecurityIdentity added in v0.15.7

func (e *Endpoint) GetSecurityIdentity() (*identity.Identity, error)

GetSecurityIdentity returns the security identity of the endpoint. It assumes the endpoint's mutex is held.

func (*Endpoint) GetShortContainerID added in v0.15.7

func (e *Endpoint) GetShortContainerID() string

GetShortContainerID returns the endpoint's shortened container ID

func (*Endpoint) GetState added in v0.15.7

func (e *Endpoint) GetState() State

GetState returns the endpoint's state endpoint.mutex may only be rlockAlive()ed

func (*Endpoint) GetStatusModel added in v0.15.7

func (e *Endpoint) GetStatusModel() []*models.EndpointStatusChange

GetStatusModel returns the model of the status of this endpoint.

func (*Endpoint) HasLabels added in v0.10.0

func (e *Endpoint) HasLabels(l labels.Labels) bool

HasLabels returns whether endpoint e contains all labels l. Will return 'false' if any label in l is not in the endpoint's labels.

func (*Endpoint) HaveK8sMetadata added in v0.15.7

func (e *Endpoint) HaveK8sMetadata() (metadataSet bool)

HaveK8sMetadata returns true once hasK8sMetadata was set

func (*Endpoint) HostInterface added in v0.15.7

func (e *Endpoint) HostInterface() string

HostInterface returns the name of the link-layer interface used for communicating with the endpoint from the host (if available).

In some datapath modes, it may return an empty string as there is no unique host netns network interface for this endpoint.

func (*Endpoint) HumanString added in v0.15.7

func (e *Endpoint) HumanString() string

HumanString returns the endpoint's most human readable identifier as string

func (*Endpoint) IPv4Address added in v0.15.7

func (e *Endpoint) IPv4Address() netip.Addr

IPv4Address returns the IPv4 address of the endpoint

func (*Endpoint) IPv6Address added in v0.15.7

func (e *Endpoint) IPv6Address() netip.Addr

IPv6Address returns the IPv6 address of the endpoint

func (*Endpoint) Identifiers added in v0.15.7

func (e *Endpoint) Identifiers() id.Identifiers

Identifiers fetches the set of attributes that uniquely identify the endpoint.

func (*Endpoint) InitEndpointHealth added in v1.16.0

func (e *Endpoint) InitEndpointHealth(parent cell.Health)

func (*Endpoint) InitEventQueue added in v0.15.7

func (e *Endpoint) InitEventQueue()

InitEventQueue initializes the endpoint's event queue. Note that this function does not begin processing events off the queue, as that's left up to the caller to call Expose in order to allow other subsystems to access the endpoint. This function assumes that the endpoint ID has already been allocated!

Having this be a separate function allows us to prepare the event queue while the endpoint is being validated (during restoration) so that when its metadata is resolved, events can be enqueued (such as bandwidth policy).

func (*Endpoint) InitMap added in v0.15.7

func (e *Endpoint) InitMap() error

InitMap creates the policy map in the kernel.

func (*Endpoint) InitWithIngressLabels added in v1.13.15

func (e *Endpoint) InitWithIngressLabels(ctx context.Context, launchTime time.Duration)

InitWithIngressLabels initializes the endpoint with reserved:ingress. It should only be used for the host endpoint.

func (*Endpoint) InitWithNodeLabels added in v0.15.7

func (e *Endpoint) InitWithNodeLabels(ctx context.Context, nodeLabels map[string]string, launchTime time.Duration)

InitWithNodeLabels initializes the endpoint with the known node labels as well as reserved:host. It should only be used for the host endpoint.

func (*Endpoint) IsAtHostNS

func (e *Endpoint) IsAtHostNS() bool

func (*Endpoint) IsDisconnecting added in v0.15.7

func (e *Endpoint) IsDisconnecting() bool

IsDisconnecting returns true if the endpoint is being disconnected or already disconnected

This function must be called after re-acquiring the endpoint mutex to verify that the endpoint has not been removed in the meantime.

endpoint.mutex must be held in read mode at least

func (*Endpoint) IsHost added in v0.15.7

func (e *Endpoint) IsHost() bool

func (*Endpoint) IsInit added in v0.15.7

func (e *Endpoint) IsInit() bool

IsInit returns true if the endpoint still hasn't received identity labels, i.e. has the special identity with label reserved:init.

func (*Endpoint) IsProperty added in v1.16.0

func (e *Endpoint) IsProperty(propertyKey string) bool

IsProperty checks if the value of the properties map is set, it's a boolean and its value is 'true'.

func (*Endpoint) IsProxyDisabled added in v0.15.7

func (e *Endpoint) IsProxyDisabled() bool

func (*Endpoint) K8sNamespaceAndPodNameIsSet added in v0.15.7

func (e *Endpoint) K8sNamespaceAndPodNameIsSet() bool

K8sNamespaceAndPodNameIsSet returns true if the namespace and the pod name are both set.

func (*Endpoint) LXCMac added in v0.15.7

func (e *Endpoint) LXCMac() mac.MAC

LXCMac returns the LXCMac for this endpoint.

func (*Endpoint) LogStatus

func (e *Endpoint) LogStatus(typ StatusType, code StatusCode, msg string)

func (*Endpoint) LogStatusOK

func (e *Endpoint) LogStatusOK(typ StatusType, msg string)

func (*Endpoint) LogStatusOKLocked added in v0.15.7

func (e *Endpoint) LogStatusOKLocked(typ StatusType, msg string)

LogStatusOKLocked will log an OK message of the given status type with the given msg string. Must be called with endpoint.mutex RLock()ed.

func (*Endpoint) Logger added in v0.15.7

func (e *Endpoint) Logger(subsystem string) *logrus.Entry

Logger returns a logrus object with EndpointID, containerID and the Endpoint revision fields. The caller must specify their subsystem.

func (*Endpoint) MarkCTGCTime added in v0.15.7

func (e *Endpoint) MarkCTGCTime(prev, next time.Time)

MarkCTGCTime is the START time of a GC run. It is used by the DNS garbage collector to determine whether a DNS zombie can be deleted. This is done by comparing the timestamp of the start CT GC run with the alive timestamps of specific DNS zombies IPs marked with MarkDNSCTEntry. NOTE: While the timestamp is the start of the run, it should be set AFTER the run completes. This avoids a race between the DNS garbage collector and the CT GC. This would occur when a DNS zombie that has not been visited by the CT GC run is seen by a concurrent DNS garbage collector run, and then deleted. The DNS garbage collector is in daemon/fqdn.go and the CT GC is in pkg/maps/ctmap/gc/gc.go

func (*Endpoint) MarkDNSCTEntry added in v0.15.7

func (e *Endpoint) MarkDNSCTEntry(dstIP netip.Addr, now time.Time)

MarkDNSCTEntry records that dstIP is in use by a connection that is allowed by toFQDNs policy. The reverse lookup is attempted in both DNSHistory and DNSCTHistory, allowing short DNS TTLs but long-lived connections to persist there.DNSCTHistory is used to suppress delete handling of expired DNS lookups (in DNSHistory) and it relies on pkg/maps/ctmap/gc to call this function. Internally, the lookupTime is used to checkpoint this update so that dns-garbage-collector-job can correctly clear older connection data.

func (*Endpoint) MarshalJSON added in v0.15.7

func (ep *Endpoint) MarshalJSON() ([]byte, error)

MarshalJSON marshals the Endpoint as its serializableEndpoint representation.

func (*Endpoint) ModifyIdentityLabels added in v0.15.7

func (e *Endpoint) ModifyIdentityLabels(source string, addLabels, delLabels labels.Labels) error

ModifyIdentityLabels changes the custom and orchestration identity labels of an endpoint. Labels can be added or deleted. If a label change is performed, the endpoint will receive a new identity and will be regenerated. Both of these operations will happen in the background.

func (*Endpoint) NextDirectoryPath added in v0.15.7

func (e *Endpoint) NextDirectoryPath() string

NextDirectoryPath returns the directory name for this endpoint bpf program next bpf builds.

func (*Endpoint) OnDNSPolicyUpdateLocked added in v0.15.7

func (e *Endpoint) OnDNSPolicyUpdateLocked(rules restore.DNSRules)

OnDNSPolicyUpdateLocked is called when the Endpoint's DNS policy has been updated

func (*Endpoint) OnProxyPolicyUpdate added in v0.15.7

func (e *Endpoint) OnProxyPolicyUpdate(revision uint64)

OnProxyPolicyUpdate is a callback used to update the Endpoint's proxyPolicyRevision when the specified revision has been applied in the proxy.

func (*Endpoint) PolicyDebug added in v0.15.7

func (e *Endpoint) PolicyDebug(fields logrus.Fields, msg string)

PolicyDebug logs the 'msg' with 'fields' if policy debug logging is enabled.

func (*Endpoint) PolicyRevisionBumpEvent added in v0.15.7

func (e *Endpoint) PolicyRevisionBumpEvent(rev uint64)

PolicyRevisionBumpEvent queues an event for the given endpoint to set its realized policy revision to rev. This may block depending on if events have been queued up for the given endpoint. It blocks until the event has succeeded, or if the event has been cancelled.

func (*Endpoint) ProcessChangeRequest added in v0.15.7

func (e *Endpoint) ProcessChangeRequest(newEp *Endpoint, validPatchTransitionState bool) (string, error)

ProcessChangeRequest handles the update logic for performing a PATCH operation on a given Endpoint. Returns the reason which will be used for informational purposes should a caller choose to try to regenerate this endpoint, as well as an error if the Endpoint is being deleted, since there is no point in changing an Endpoint if it is going to be deleted.

Before adding any new fields here, check to see if they are assumed to be mutable after endpoint creation!

func (*Endpoint) Regenerate

func (e *Endpoint) Regenerate(regenMetadata *regeneration.ExternalRegenerationMetadata) <-chan bool

Regenerate forces the regeneration of endpoint programs & policy Should only be called with e.state at StateWaitingToRegenerate, StateWaitingForIdentity, or StateRestoring

func (*Endpoint) RegenerateAfterRestore added in v0.15.7

func (e *Endpoint) RegenerateAfterRestore(regenerator *Regenerator, bwm dptypes.BandwidthManager, resolveMetadata MetadataResolverCB) error

RegenerateAfterRestore performs the following operations on the specified Endpoint: * allocates an identity for the Endpoint * fetches the latest labels from the pod. * regenerates the endpoint Returns an error if any operation fails while trying to perform the above operations.

func (*Endpoint) RegenerateIfAlive added in v0.15.7

func (e *Endpoint) RegenerateIfAlive(regenMetadata *regeneration.ExternalRegenerationMetadata) <-chan bool

RegenerateIfAlive queue a regeneration of this endpoint into the build queue of the endpoint and returns a channel that is closed when the regeneration of the endpoint is complete. The channel returns:

  • false if the regeneration failed
  • true if the regeneration succeed
  • nothing and the channel is closed if the regeneration did not happen

func (*Endpoint) RequireARPPassthrough added in v0.15.7

func (e *Endpoint) RequireARPPassthrough() bool

RequireARPPassthrough returns true if the datapath must implement ARP passthrough for this endpoint

func (*Endpoint) RequireEgressProg added in v0.15.7

func (e *Endpoint) RequireEgressProg() bool

RequireEgressProg returns true if the endpoint requires bpf_lxc with section "to-container" to be attached at egress on the host facing veth pair

func (*Endpoint) RequireEndpointRoute added in v0.15.7

func (e *Endpoint) RequireEndpointRoute() bool

RequireEndpointRoute returns if the endpoint wants a per endpoint route

func (*Endpoint) RequireRouting added in v0.15.7

func (e *Endpoint) RequireRouting() (required bool)

RequireRouting returns true if the endpoint requires BPF routing to be enabled, when disabled, routing is delegated to Linux routing

func (*Endpoint) RunMetadataResolver added in v0.15.7

func (e *Endpoint) RunMetadataResolver(restoredEndpoint, blocking bool, baseLabels labels.Labels, bwm dptypes.BandwidthManager, resolveMetadata MetadataResolverCB) (regenTriggered bool)

RunMetadataResolver starts a controller associated with the received endpoint which will periodically attempt to resolve the metadata for the endpoint and update the endpoint with the related. It stops resolving after either the first successful metadata resolution or when the endpoint is removed.

baseLabels contains the list of labels use as "base" for the endpoint. The labels retrieved from 'MetadataResolverCB' will be merged into the baseLabels and put into the endpoint. If this list is empty, the labels set on the endpoint will be replaced by the labels returned 'MetadataResolverCB' as long their source matches the source of the labels already present on the endpoint.

restoredEndpoint should be set to 'true' if the endpoint is being restored. If this is set to false and the resolver is unable to retrieve the endpoint labels from k8s, the endpoint will be set with the 'init' identity.

blocking - will block this function until the endpoint receives a new security identity, and it is regenerated. If 'false', this operation will be done in the background and 'regenTriggered' will always be 'false'.

This assumes that after the initial successful resolution, other mechanisms will handle updates (such as pkg/k8s/watchers informers).

func (*Endpoint) RunRestoredMetadataResolver added in v1.14.5

func (e *Endpoint) RunRestoredMetadataResolver(bwm dptypes.BandwidthManager, resolveMetadata MetadataResolverCB)

RunRestoredMetadataResolver starts a controller associated with the received endpoint which will periodically attempt to resolve the metadata for the endpoint and update the endpoint with the related. It stops resolving after either the first successful metadata resolution or when the endpoint is removed.

This assumes that after the initial successful resolution, other mechanisms will handle updates (such as pkg/k8s/watchers informers).

func (*Endpoint) SetAllocator added in v0.15.7

func (e *Endpoint) SetAllocator(allocator cache.IdentityAllocator)

SetAllocator sets the identity allocator for this endpoint.

func (*Endpoint) SetCiliumEndpointUID added in v0.15.7

func (e *Endpoint) SetCiliumEndpointUID(uid types.UID)

SetCiliumEndpointUID modifies the endpoint's CiliumEndpoint UID.

func (*Endpoint) SetDefaultConfiguration added in v0.15.7

func (e *Endpoint) SetDefaultConfiguration()

SetDefaultConfiguration sets the default configuration options for its boolean configuration options and for policy enforcement based off of the global policy enforcement configuration options. If the configuration option to keep endpoint configuration during endpoint restore is enabled, this is a no-op.

func (*Endpoint) SetDefaultOpts

func (e *Endpoint) SetDefaultOpts(opts *option.IntOptions)

SetDefaultOpts configures all options for the endpoint, getting the values from 'opts'.

func (*Endpoint) SetIdentity

func (e *Endpoint) SetIdentity(identity *identityPkg.Identity, newEndpoint bool)

SetIdentity resets endpoint's policy identity to 'id'. Caller triggers policy regeneration if needed. Called with e.mutex Lock()ed

func (*Endpoint) SetIsHost added in v1.14.14

func (ep *Endpoint) SetIsHost(isHost bool)

SetIsHost is a convenient method to create host endpoints for testing.

func (*Endpoint) SetK8sMetadata added in v0.15.7

func (e *Endpoint) SetK8sMetadata(containerPorts []slim_corev1.ContainerPort)

SetK8sMetadata sets the k8s container ports specified by kubernetes. Note that once put in place, the new k8sPorts is never changed, so that the map can be used concurrently without keeping locks. Can't really error out as that might break backwards compatibility.

func (*Endpoint) SetMac added in v1.16.0

func (e *Endpoint) SetMac(mac mac.MAC)

SetMac modifies the endpoint's mac.

func (*Endpoint) SetPod added in v0.15.7

func (e *Endpoint) SetPod(pod *slim_corev1.Pod)

SetPod sets the pod related to this endpoint.

func (*Endpoint) SetPolicyRevision added in v0.15.7

func (e *Endpoint) SetPolicyRevision(rev uint64)

SetPolicyRevision sets the endpoint's policy revision with the given revision.

func (*Endpoint) SetPropertyValue added in v1.16.0

func (e *Endpoint) SetPropertyValue(key string, value interface{}) interface{}

SetPropertyValue sets the metadata value for this key.

func (*Endpoint) SetProxy added in v0.15.7

func (e *Endpoint) SetProxy(p EndpointProxy)

SetProxy sets the proxy for this endpoint.

func (*Endpoint) SetRegenerateStateIfAlive added in v0.15.7

func (e *Endpoint) SetRegenerateStateIfAlive(regenMetadata *regeneration.ExternalRegenerationMetadata) (bool, error)

SetRegenerateStateIfAlive tries to change the state of the endpoint for pending regeneration. Returns 'true' if 'e.Regenerate()' should be called after releasing the endpoint lock. Return 'false' if returned error is non-nil.

func (*Endpoint) SetState added in v0.15.7

func (e *Endpoint) SetState(toState State, reason string) bool

SetState modifies the endpoint's state. Returns true only if endpoints state was changed as requested

func (*Endpoint) SkipStateClean added in v0.15.7

func (e *Endpoint) SkipStateClean()

SkipStateClean can be called on a endpoint before its first build to skip the cleaning of state such as the conntrack table. This is useful when an endpoint is being restored from state and the datapath state should not be claned.

The endpoint lock must NOT be held.

func (*Endpoint) Start added in v0.15.7

func (e *Endpoint) Start(id uint16)

Start assigns a Cilium Endpoint ID to the endpoint and prepares it to receive events from other subsystems.

The endpoint must not already be exposed via the endpointmanager prior to calling Start(), as it assumes unconditional access over the Endpoint object.

func (*Endpoint) StateDirectoryPath added in v0.15.7

func (e *Endpoint) StateDirectoryPath() string

StateDirectoryPath returns the directory name for this endpoint bpf program.

func (*Endpoint) Stop added in v0.15.7

func (e *Endpoint) Stop()

Stop cleans up all goroutines managed by this endpoint (EventQueue, Controllers). This function should be used directly in cleanup functions which aim to stop goroutines managed by this endpoint, but without removing BPF maps and datapath state (for instance, because the daemon is shutting down but the endpoint should remain operational while the daemon is not running).

func (*Endpoint) String

func (e *Endpoint) String() string

String returns endpoint on a JSON format.

func (*Endpoint) StringID

func (e *Endpoint) StringID() string

StringID returns the endpoint's ID in a string.

func (*Endpoint) SyncEndpointHeaderFile added in v0.15.7

func (e *Endpoint) SyncEndpointHeaderFile()

SyncEndpointHeaderFile triggers the header file sync to the ep_config.h file. This includes updating the current DNS History information.

func (*Endpoint) UnmarshalJSON added in v0.15.7

func (ep *Endpoint) UnmarshalJSON(raw []byte) error

UnmarshalJSON expects that the contents of `raw` are a serializableEndpoint, which is then converted into an Endpoint.

func (*Endpoint) Update

Update modifies the endpoint options and *always* tries to regenerate the endpoint's program. Returns an error if the provided options are not valid, if there was an issue triggering policy updates for the given endpoint, or if endpoint regeneration was unable to be triggered. Note that the LabelConfiguration in the EndpointConfigurationSpec is *not* consumed here.

func (*Endpoint) UpdateBandwidthPolicy added in v0.15.7

func (e *Endpoint) UpdateBandwidthPolicy(bwm dptypes.BandwidthManager, annoCB AnnotationsResolverCB)

UpdateBandwidthPolicy updates the egress bandwidth of this endpoint to progagate the throttle rate to the BPF data path.

func (*Endpoint) UpdateController added in v0.15.7

func (e *Endpoint) UpdateController(name string, params controller.ControllerParams)

UpdateController updates the controller with the specified name with the provided list of parameters in endpoint's list of controllers.

func (*Endpoint) UpdateLabels added in v0.15.7

func (e *Endpoint) UpdateLabels(ctx context.Context, sourceFilter string, identityLabels, infoLabels labels.Labels, blocking bool) (regenTriggered bool)

UpdateLabels is called to update the labels of an endpoint for the given 'sourceFilter', if 'source' is 'LabelSourceAny' then all labels are replaced. Calls to this function do not necessarily mean that the labels actually changed. The container runtime layer will periodically synchronize labels.

The specified 'sourceFilter' will only remove the labels with that same source. For example: If the endpoint contains `k8s:foo=bar` and if 'sourceFilter' is 'cni' with labels `cni:bar=bar`, the result is:

`k8s:foo=bar` + `cni:bar=bar` - The "foo=bar" label is kept.

if 'sourceFilter' is 'any' with labels `cni:bar=bar`, the result is:

`cni:bar=bar` - The "foo=bar" gets removed.

If a net label changed was performed, the endpoint will receive a new security identity and will be regenerated. Both of these operations will run first synchronously if 'blocking' is true, and then in the background.

Returns 'true' if endpoint regeneration was triggered.

func (*Endpoint) UpdateLabelsFrom added in v0.15.7

func (e *Endpoint) UpdateLabelsFrom(oldLbls, newLbls map[string]string, source string) error

UpdateLabelsFrom is a convenience function to update an endpoint's identity labels from any source.

func (*Endpoint) UpdateLogger added in v0.15.7

func (e *Endpoint) UpdateLogger(fields map[string]interface{})

UpdateLogger creates a logger instance specific to this endpoint. It will create a custom Debug logger for this endpoint when the option on it is set. If fields is not nil only the those specific fields will be updated in the endpoint's logger, otherwise a full update of those fields is executed.

Note: You must hold Endpoint.mutex.Lock() to synchronize logger pointer updates if the endpoint is already exposed. Callers that create new endpoints do not need locks to call this.

func (*Endpoint) UpdateNoTrackRules added in v0.15.7

func (e *Endpoint) UpdateNoTrackRules(annoCB AnnotationsResolverCB)

UpdateNoTrackRules updates the NOTRACK iptable rules for this endpoint. If anno is empty, then any existing NOTRACK rules will be removed. If anno cannot be parsed, we remove existing NOTRACK rules too if there's any.

func (*Endpoint) UpdateProxyStatistics added in v0.15.7

func (e *Endpoint) UpdateProxyStatistics(proxyType, l4Protocol string, port, proxyPort uint16, ingress, request bool, verdict accesslog.FlowVerdict)

UpdateProxyStatistics updates the Endpoint's proxy statistics to account for a new observed flow with the given characteristics.

func (*Endpoint) ValidateConnectorPlumbing added in v0.15.7

func (e *Endpoint) ValidateConnectorPlumbing(linkChecker linkCheckerFunc) error

ValidateConnectorPlumbing checks whether the endpoint is correctly plumbed.

func (*Endpoint) WaitForFirstRegeneration added in v0.15.7

func (e *Endpoint) WaitForFirstRegeneration(ctx context.Context) error

WaitForFirstRegeneration waits for the endpoint to complete its first full regeneration.

func (*Endpoint) WaitForIdentity added in v0.15.7

func (e *Endpoint) WaitForIdentity(timeoutDuration time.Duration) *identity.Identity

WaitForIdentity waits for up to timeoutDuration amount of time for the endpoint to have an identity. If the timeout is reached, returns nil.

func (*Endpoint) WaitForPolicyRevision added in v0.15.7

func (e *Endpoint) WaitForPolicyRevision(ctx context.Context, rev uint64, done func(ts time.Time)) <-chan struct{}

WaitForPolicyRevision returns a channel that is closed when one or more of the following conditions have met:

  • the endpoint is disconnected state
  • the endpoint's policy revision reaches the wanted revision

When the done callback is non-nil it will be called just before the channel is closed.

type EndpointNoTrackEvent added in v0.15.7

type EndpointNoTrackEvent struct {
	// contains filtered or unexported fields
}

EndpointNoTrackEvent contains all fields necessary to update the NOTRACK rules.

func (*EndpointNoTrackEvent) Handle added in v0.15.7

func (ev *EndpointNoTrackEvent) Handle(res chan interface{})

Handle handles the NOTRACK rule update.

type EndpointPolicyBandwidthEvent added in v0.15.7

type EndpointPolicyBandwidthEvent struct {
	// contains filtered or unexported fields
}

EndpointPolicyBandwidthEvent contains all fields necessary to update the Pod's bandwidth policy.

func (*EndpointPolicyBandwidthEvent) Handle added in v0.15.7

func (ev *EndpointPolicyBandwidthEvent) Handle(res chan interface{})

Handle handles the policy bandwidth update.

type EndpointProxy added in v0.15.7

type EndpointProxy interface {
	CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, localEndpoint endpoint.EndpointUpdater, wg *completion.WaitGroup) (proxyPort uint16, err error, finalizeFunc revert.FinalizeFunc, revertFunc revert.RevertFunc)
	RemoveRedirect(id string)
	UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)
	UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)
	RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
}

EndpointProxy defines any L7 proxy with which an Endpoint must interact.

type EndpointRegenerationEvent added in v0.15.7

type EndpointRegenerationEvent struct {
	// contains filtered or unexported fields
}

EndpointRegenerationEvent contains all fields necessary to regenerate an endpoint.

func (*EndpointRegenerationEvent) Handle added in v0.15.7

func (ev *EndpointRegenerationEvent) Handle(res chan interface{})

Handle handles the regeneration event for the endpoint.

type EndpointRegenerationResult added in v0.15.7

type EndpointRegenerationResult struct {
	// contains filtered or unexported fields
}

EndpointRegenerationResult contains the results of an endpoint regeneration.

type EndpointRevisionBumpEvent added in v0.15.7

type EndpointRevisionBumpEvent struct {
	Rev uint64
	// contains filtered or unexported fields
}

EndpointRevisionBumpEvent contains all fields necessary to bump the policy revision of a given endpoint.

func (*EndpointRevisionBumpEvent) Handle added in v0.15.7

func (ev *EndpointRevisionBumpEvent) Handle(res chan interface{})

Handle handles the revision bump event for the Endpoint.

type EndpointStatus

type EndpointStatus struct {
	// CurrentStatuses is the last status of a given priority.
	CurrentStatuses componentStatus `json:"current-status,omitempty"`
	// Contains the last maxLogs messages for this endpoint.
	Log statusLog `json:"log,omitempty"`
	// Index is the index in the statusLog, is used to keep track the next
	// available position to write a new log message.
	Index int `json:"index"`
	// contains filtered or unexported fields
}

EndpointStatus represents the endpoint status.

func NewEndpointStatus

func NewEndpointStatus() *EndpointStatus

func (*EndpointStatus) CurrentStatus

func (e *EndpointStatus) CurrentStatus() StatusCode

func (*EndpointStatus) GetModel

func (e *EndpointStatus) GetModel() []*models.EndpointStatusChange

func (*EndpointStatus) String

func (e *EndpointStatus) String() string

type FakeEndpointProxy added in v0.15.7

type FakeEndpointProxy struct{}

FakeEndpointProxy is a stub proxy used for testing.

func (*FakeEndpointProxy) CreateOrUpdateRedirect added in v0.15.7

func (f *FakeEndpointProxy) CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, localEndpoint endpoint.EndpointUpdater, wg *completion.WaitGroup) (proxyPort uint16, err error, finalizeFunc revert.FinalizeFunc, revertFunc revert.RevertFunc)

CreateOrUpdateRedirect does nothing.

func (*FakeEndpointProxy) RemoveNetworkPolicy added in v0.15.7

func (f *FakeEndpointProxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)

RemoveNetworkPolicy does nothing.

func (*FakeEndpointProxy) RemoveRedirect added in v0.15.7

func (f *FakeEndpointProxy) RemoveRedirect(id string)

RemoveRedirect does nothing.

func (*FakeEndpointProxy) UpdateNetworkPolicy added in v0.15.7

func (f *FakeEndpointProxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)

UpdateNetworkPolicy does nothing.

func (*FakeEndpointProxy) UseCurrentNetworkPolicy added in v1.7.0

func (f *FakeEndpointProxy) UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)

UseCurrentNetworkPolicy does nothing.

type K8sMetadata added in v1.15.5

type K8sMetadata struct {
	ContainerPorts []slim_corev1.ContainerPort
	IdentityLabels labels.Labels
	InfoLabels     labels.Labels
	Annotations    map[string]string
}

K8sMetadata is a collection of Kubernetes-related metadata that are fetched from Kubernetes.

type KVStoreNodesWaitFn

type KVStoreNodesWaitFn wait.Fn

KVStoreNodesWaitFn is the type of the function used to wait for synchronization of all nodes from the kvstore.

type MetadataResolverCB added in v0.15.7

type MetadataResolverCB func(ns, podName string) (pod *slim_corev1.Pod, k8sMetadata *K8sMetadata, err error)

MetadataResolverCB provides an implementation for resolving the endpoint metadata for an endpoint such as the associated labels and annotations.

type PolicyMapPressureEvent added in v0.15.7

type PolicyMapPressureEvent struct {
	Value      float64
	EndpointID uint16
}

PolicyMapPressureEvent represents an event for a policymap pressure metric update that is sent via the policyMapPressureUpdater interface.

type Regenerator added in v0.15.7

type Regenerator struct {
	// contains filtered or unexported fields
}

Regenerator wraps additional functionalities for endpoint regeneration.

func (*Regenerator) WaitForClusterMeshIPIdentitiesSync added in v0.15.7

func (r *Regenerator) WaitForClusterMeshIPIdentitiesSync(ctx context.Context) error

func (*Regenerator) WaitForKVStoreNodesSync

func (r *Regenerator) WaitForKVStoreNodesSync(ctx context.Context) error

type State added in v0.15.7

type State string

State is an enumeration for possible endpoint states.

type Status

type Status struct {
	Code  StatusCode `json:"code"`
	Msg   string     `json:"msg"`
	Type  StatusType `json:"status-type"`
	State string     `json:"state"`
}

func (Status) String

func (s Status) String() string

type StatusCode

type StatusCode int
const (
	OK       StatusCode = 0
	Warning  StatusCode = -1
	Failure  StatusCode = -2
	Disabled StatusCode = -3
)

func (StatusCode) String

func (sc StatusCode) String() string

type StatusResponse

type StatusResponse struct {
	KVStore    Status              `json:"kvstore"`
	Docker     Status              `json:"docker"`
	Kubernetes Status              `json:"kubernetes"`
	Cilium     Status              `json:"cilium"`
	IPAMStatus map[string][]string `json:",omitempty"`
}

type StatusType

type StatusType int

StatusType represents the type for the given status, higher the value, higher the priority.

const (
	BPF    StatusType = 200
	Policy StatusType = 100
	Other  StatusType = 0
)

type UpdateCompilationError

type UpdateCompilationError struct {
	// contains filtered or unexported fields
}

func (UpdateCompilationError) Error

func (e UpdateCompilationError) Error() string

type UpdateStateChangeError added in v0.15.7

type UpdateStateChangeError struct {
	// contains filtered or unexported fields
}

UpdateStateChangeError is an error that indicates that updating the state of an endpoint was unsuccessful. Implements error interface.

func (UpdateStateChangeError) Error added in v0.15.7

func (e UpdateStateChangeError) Error() string

type UpdateValidationError

type UpdateValidationError struct {
	// contains filtered or unexported fields
}

func (UpdateValidationError) Error

func (e UpdateValidationError) Error() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL