Documentation ¶
Overview ¶
Package ipcache provides a local cache of the mapping of IPs of endpoints managed by Cilium to their corresponding security identities.
Index ¶
- Constants
- Variables
- func DeleteIPFromKVStore(ctx context.Context, ip string) error
- func UpsertIPToKVStore(ctx context.Context, IP, hostIP netip.Addr, ID identity.NumericIdentity, ...) error
- func WaitForKVStoreSync(ctx context.Context) error
- type CacheModification
- type Configuration
- type ErrInvalidIP
- type ErrOverwrite
- type IPCache
- func (ipc *IPCache) AddListener(listener IPIdentityMappingListener)
- func (ipc *IPCache) Delete(IP string, source source.Source) (namedPortsChanged bool)deprecated
- func (ipc *IPCache) DeleteOnMetadataMatch(IP string, source source.Source, namespace, name string) (namedPortsChanged bool)
- func (ipc *IPCache) DumpToListener(listener IPIdentityMappingListener)
- func (ipc *IPCache) DumpToListenerLocked(listener IPIdentityMappingListener)
- func (ipc *IPCache) GetHostIPCache(ip string) (net.IP, uint8)
- func (ipc *IPCache) GetK8sMetadata(ip netip.Addr) *K8sMetadata
- func (ipc *IPCache) GetMetadataSourceByPrefix(prefix netip.Prefix) source.Source
- func (ipc *IPCache) GetNamedPorts() (npm types.NamedPortMultiMap)
- func (ipc *IPCache) InitIPIdentityWatcher(ctx context.Context, factory storepkg.Factory)
- func (ipc *IPCache) Lock()
- func (ipc *IPCache) LookupByHostRLocked(hostIPv4, hostIPv6 net.IP) (cidrs []net.IPNet)
- func (ipc *IPCache) LookupByIP(IP string) (Identity, bool)
- func (ipc *IPCache) LookupByIPRLocked(IP string) (Identity, bool)
- func (ipc *IPCache) LookupByIdentity(id identity.NumericIdentity) (ips []string)
- func (ipc *IPCache) LookupByPrefix(IP string) (Identity, bool)
- func (ipc *IPCache) LookupByPrefixRLocked(prefix string) (identity Identity, exists bool)
- func (ipc *IPCache) LookupSecIDByIP(ip netip.Addr) (id Identity, ok bool)
- func (ipc *IPCache) OverrideIdentity(prefix netip.Prefix, identityLabels labels.Labels, src source.Source, ...)
- func (ipc *IPCache) RLock()
- func (ipc *IPCache) RUnlock()
- func (ipc *IPCache) RemoveIdentityOverride(cidr netip.Prefix, identityLabels labels.Labels, ...)
- func (ipc *IPCache) RemoveLabels(cidr netip.Prefix, lbls labels.Labels, resource ipcacheTypes.ResourceID)
- func (ipc *IPCache) RemoveLabelsExcluded(lbls labels.Labels, toExclude map[netip.Prefix]struct{}, rid types.ResourceID)
- func (ipc *IPCache) RemoveMetadata(prefix netip.Prefix, resource ipcacheTypes.ResourceID, aux ...IPMetadata)
- func (ipc *IPCache) RemoveMetadataBatch(updates ...MU) (revision uint64)
- func (ipc *IPCache) RemovePrefixes(prefixes []netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID)
- func (ipc *IPCache) Shutdown() error
- func (ipc *IPCache) TriggerLabelInjection()
- func (ipc *IPCache) Unlock()
- func (ipc *IPCache) UpdateController(name string, params controller.ControllerParams)
- func (ipc *IPCache) UpdatePolicyMaps(ctx context.Context, ...)
- func (ipc *IPCache) Upsert(ip string, hostIP net.IP, hostKey uint8, k8sMeta *K8sMetadata, ...) (namedPortsChanged bool, err error)deprecated
- func (ipc *IPCache) UpsertLabels(prefix netip.Prefix, lbls labels.Labels, src source.Source, ...)
- func (ipc *IPCache) UpsertMetadata(prefix netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID, ...)
- func (ipc *IPCache) UpsertMetadataBatch(updates ...MU) (revision uint64)
- func (ipc *IPCache) UpsertPrefixes(prefixes []netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID) (revision uint64)
- func (ipc *IPCache) WaitForRevision(ctx context.Context, desired uint64) error
- type IPCacher
- type IPIdentityMappingListener
- type IPIdentityWatcher
- func (iw *IPIdentityWatcher) Drain()
- func (iw *IPIdentityWatcher) NumEntries() uint64
- func (iw *IPIdentityWatcher) OnDelete(k storepkg.NamedKey)
- func (iw *IPIdentityWatcher) OnUpdate(k storepkg.Key)
- func (iw *IPIdentityWatcher) Synced() bool
- func (iw *IPIdentityWatcher) Watch(ctx context.Context, backend storepkg.WatchStoreBackend, opts ...IWOpt)
- type IPKeyPair
- type IPMetadata
- type IWOpt
- type Identity
- type K8sMetadata
- type MU
Constants ¶
const ( // DefaultAddressSpace is the address space used if none is provided. // TODO - once pkg/node adds this to clusterConfiguration, remove. DefaultAddressSpace = "default" )
Variables ¶
var ( // IPIdentitiesPath is the path to where endpoint IPs are stored in the key-value // store. IPIdentitiesPath = path.Join(kvstore.BaseKeyPrefix, "state", "ip", "v1") // AddressSpace is the address space (cluster, etc.) in which policy is // computed. It is determined by the orchestration system / runtime. AddressSpace = DefaultAddressSpace )
var ( // ErrLocalIdentityAllocatorUninitialized is an error that's returned when // the local identity allocator is uninitialized. ErrLocalIdentityAllocatorUninitialized = errors.New("local identity allocator uninitialized") LabelInjectorName = "ipcache-inject-labels" )
Functions ¶
func DeleteIPFromKVStore ¶
DeleteIPFromKVStore removes the IP->Identity mapping for the specified ip from the kvstore, which will subsequently trigger an event in NewIPIdentityWatcher().
func UpsertIPToKVStore ¶
func UpsertIPToKVStore(ctx context.Context, IP, hostIP netip.Addr, ID identity.NumericIdentity, key uint8, metadata, k8sNamespace, k8sPodName string, npm types.NamedPortMap) error
UpsertIPToKVStore updates / inserts the provided IP->Identity mapping into the kvstore, which will subsequently trigger an event in NewIPIdentityWatcher().
func WaitForKVStoreSync ¶
WaitForKVStoreSync waits until the ipcache has been synchronized from the kvstore
Types ¶
type CacheModification ¶
type CacheModification string
CacheModification represents the type of operation performed upon IPCache.
const ( // Upsert represents Upsertion into IPCache. Upsert CacheModification = "Upsert" // Delete represents deletion of an entry in IPCache. Delete CacheModification = "Delete" )
type Configuration ¶
type Configuration struct { context.Context // Accessors to other subsystems, provided by the daemon cache.IdentityAllocator ipcacheTypes.PolicyHandler ipcacheTypes.DatapathHandler synced.CacheStatus }
Configuration is init-time configuration for the IPCache.
type ErrInvalidIP ¶
type ErrInvalidIP struct {
// contains filtered or unexported fields
}
ErrInvalidIP represents an error of an invalid IP.
func NewErrInvalidIP ¶
func NewErrInvalidIP(ip string) *ErrInvalidIP
NewErrInvalidIP returns a new ErrInvalidIP.
func (ErrInvalidIP) Error ¶
func (e ErrInvalidIP) Error() string
func (*ErrInvalidIP) Is ¶
func (e *ErrInvalidIP) Is(target error) bool
type ErrOverwrite ¶
ErrOverwrite represents an overwrite error where functions return the error to indicate the new source can't overwrite existing source.
func NewErrOverwrite ¶
func NewErrOverwrite(existing, new source.Source) *ErrOverwrite
NewErrOverwrite returns a new ErrOverwrite.
func (ErrOverwrite) Error ¶
func (e ErrOverwrite) Error() string
func (*ErrOverwrite) Is ¶
func (e *ErrOverwrite) Is(target error) bool
type IPCache ¶
type IPCache struct { // Configuration provides pointers towards other agent components that // the IPCache relies upon at runtime. *Configuration // contains filtered or unexported fields }
IPCache is a collection of mappings:
- mapping of endpoint IP or CIDR to security identities of all endpoints which are part of the same cluster, and vice-versa
- mapping of endpoint IP or CIDR to host IP (maybe nil)
func NewIPCache ¶
func NewIPCache(c *Configuration) *IPCache
NewIPCache returns a new IPCache with the mappings of endpoint IP to security identity (and vice-versa) initialized.
func (*IPCache) AddListener ¶
func (ipc *IPCache) AddListener(listener IPIdentityMappingListener)
AddListener adds a listener for this IPCache.
func (*IPCache) DeleteOnMetadataMatch ¶
func (ipc *IPCache) DeleteOnMetadataMatch(IP string, source source.Source, namespace, name string) (namedPortsChanged bool)
DeleteOnMetadataMatch removes the provided IP to security identity mapping from the IPCache if the metadata cache holds the same "owner" metadata as the triggering pod event.
func (*IPCache) DumpToListener ¶
func (ipc *IPCache) DumpToListener(listener IPIdentityMappingListener)
DumpToListener dumps the entire contents of the IPCache by triggering the listener's "OnIPIdentityCacheChange" method for each entry in the cache.
func (*IPCache) DumpToListenerLocked ¶
func (ipc *IPCache) DumpToListenerLocked(listener IPIdentityMappingListener)
DumpToListenerLocked dumps the entire contents of the IPCache by triggering the listener's "OnIPIdentityCacheChange" method for each entry in the cache. The caller *MUST* grab the IPCache.Lock for reading before calling this function.
func (*IPCache) GetK8sMetadata ¶
func (ipc *IPCache) GetK8sMetadata(ip netip.Addr) *K8sMetadata
GetK8sMetadata returns Kubernetes metadata for the given IP address. The returned pointer should *never* be modified.
func (*IPCache) GetMetadataSourceByPrefix ¶ added in v1.16.0
GetMetadataSourceByPrefix returns the highest precedence source which has provided metadata for this prefix
func (*IPCache) GetNamedPorts ¶
func (ipc *IPCache) GetNamedPorts() (npm types.NamedPortMultiMap)
GetNamedPorts returns a copy of the named ports map. May return nil.
func (*IPCache) InitIPIdentityWatcher ¶
InitIPIdentityWatcher initializes the watcher for ip-identity mapping events in the key-value store.
func (*IPCache) LookupByHostRLocked ¶
LookupByHostRLocked returns the list of IPs returns the set of IPs (endpoint or CIDR prefix) that have hostIPv4 or hostIPv6 associated as the host of the entry. Requires the caller to hold the RLock.
func (*IPCache) LookupByIP ¶
LookupByIP returns the corresponding security identity that endpoint IP maps to within the provided IPCache, as well as if the corresponding entry exists in the IPCache.
func (*IPCache) LookupByIPRLocked ¶
LookupByIPRLocked returns the corresponding security identity that endpoint IP maps to within the provided IPCache, as well as if the corresponding entry exists in the IPCache.
func (*IPCache) LookupByIdentity ¶
func (ipc *IPCache) LookupByIdentity(id identity.NumericIdentity) (ips []string)
LookupByIdentity returns the set of IPs (endpoint or CIDR prefix) that have security identity ID, or nil if the entry does not exist.
func (*IPCache) LookupByPrefix ¶
LookupByPrefix returns the corresponding security identity that endpoint IP maps to within the provided IPCache, as well as if the corresponding entry exists in the IPCache.
func (*IPCache) LookupByPrefixRLocked ¶
LookupByPrefixRLocked looks for either the specified CIDR prefix, or if the prefix is fully specified (ie, w.x.y.z/32 for IPv4), find the host for the identity in the provided IPCache, and returns the corresponding security identity as well as whether the entry exists in the IPCache.
func (*IPCache) LookupSecIDByIP ¶ added in v1.15.0
LookupSecIDByIP performs a longest prefix match lookup in the IPCache for the identity corresponding to the specified address (or, in the case of no direct match, any shorter prefix). Returns the corresponding identity and whether a match was found.
func (*IPCache) OverrideIdentity ¶
func (ipc *IPCache) OverrideIdentity(prefix netip.Prefix, identityLabels labels.Labels, src source.Source, resource ipcacheTypes.ResourceID)
OverrideIdentity overrides the identity for a given prefix in the IPCache metadata map. This is used when a resource indicates that this prefix already has a defined identity, and where any additional labels associated with the prefix are to be ignored. If multiple resources override the identity, a warning is emitted and only one of the override identities is used. This will trigger asynchronous calculation of any local identity changes that must occur to associate the specified labels with the prefix, and push any datapath updates necessary to implement the logic associated with the metadata currently associated with the 'prefix'.
Callers must arrange for RemoveIdentityOverride() to eventually be called to reverse this operation if the underlying resource is removed.
Use with caution: For most use cases, UpsertLabels() is a better API to allow metadata to be associated with the prefix. This will delegate identity resolution to the IPCache internally, which provides better compatibility between various features that may use the IPCache to associate metadata with the same netip prefixes. Using this API may cause feature incompatibilities with users of other APIs such as UpsertLabels(), UpsertMetadata() and other variations on inserting metadata into the IPCache.
func (*IPCache) RemoveIdentityOverride ¶
func (ipc *IPCache) RemoveIdentityOverride(cidr netip.Prefix, identityLabels labels.Labels, resource ipcacheTypes.ResourceID)
func (*IPCache) RemoveLabels ¶
func (ipc *IPCache) RemoveLabels(cidr netip.Prefix, lbls labels.Labels, resource ipcacheTypes.ResourceID)
func (*IPCache) RemoveLabelsExcluded ¶
func (ipc *IPCache) RemoveLabelsExcluded( lbls labels.Labels, toExclude map[netip.Prefix]struct{}, rid types.ResourceID, )
RemoveLabelsExcluded removes the given labels from all IPs inside the IDMD except for the IPs / prefixes inside the given excluded set.
The caller must subsequently call IPCache.TriggerLabelInjection() to push these changes down into the policy engine and ipcache datapath maps.
func (*IPCache) RemoveMetadata ¶
func (ipc *IPCache) RemoveMetadata(prefix netip.Prefix, resource ipcacheTypes.ResourceID, aux ...IPMetadata)
RemoveMetadata removes metadata associated with a specific resource from the supplied prefix. Individual metadata types must be supplied for removal, but the data need not match.
This removes nothing:
RemoveMedata(pfx, resource)
This removes all labels from the given resource:
RemoveMetadata(pfx, resource, Labels{})
func (*IPCache) RemoveMetadataBatch ¶ added in v1.15.0
RemoveMetadataBatch is a batched version of RemoveMetadata. Returns a revision number that can be passed to WaitForRevision().
func (*IPCache) RemovePrefixes ¶
func (ipc *IPCache) RemovePrefixes(prefixes []netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID)
RemovePrefixes removes the association between the prefixes and the CIDR labels corresponding to those prefixes.
This is the reverse operation of UpsertPrefixes(). If multiple callers call UpsertPrefixes() with different resources, then RemovePrefixes() will only remove the association for the target resource. That is, *all* callers must call RemovePrefixes() before this the these prefixes become disassociated from the "CIDR" labels.
This will trigger asynchronous calculation of any datapath updates necessary to implement the logic associated with the removed CIDR labels.
func (*IPCache) TriggerLabelInjection ¶
func (ipc *IPCache) TriggerLabelInjection()
TriggerLabelInjection triggers the label injection controller to iterate through the IDMD and potentially allocate new identities based on any label changes.
The following diagram describes the relationship between the label injector triggered here and the callers/callees.
+------------+ (1) (1) +-----------------------------+ | EP Watcher +-----+ +-----+ CN Watcher / Node Discovery | +-----+------+ W | | W +------+----------------------+ | | | | | v v | | +------+ | | | IDMD | | | +------+ | | ^ | | | | | (3) |R | | (2) +------+--------+ (2) | +------->|Label Injector |<------+ Trigger +-------+-------+ Trigger (4) |W (5) |W | | v v +--------+ +---+ |Policy &| |IPC| |datapath| +---+ +--------+ legend: * W means write * R means read
func (*IPCache) UpdateController ¶
func (ipc *IPCache) UpdateController( name string, params controller.ControllerParams, )
Update a controller for this IPCache
func (*IPCache) UpdatePolicyMaps ¶
func (ipc *IPCache) UpdatePolicyMaps(ctx context.Context, addedIdentities, deletedIdentities map[identity.NumericIdentity]labels.LabelArray)
UpdatePolicyMaps pushes updates for the specified identities into the policy engine and ensures that they are propagated into the underlying datapaths.
func (*IPCache) Upsert
deprecated
func (ipc *IPCache) Upsert(ip string, hostIP net.IP, hostKey uint8, k8sMeta *K8sMetadata, newIdentity Identity) (namedPortsChanged bool, err error)
Upsert adds / updates the provided IP (endpoint or CIDR prefix) and identity into the IPCache.
Returns an error if the entry is not owned by the self declared source, i.e. returns error if the kubernetes layer is trying to upsert an entry now managed by the kvstore layer or if 'ip' is invalid. See source.AllowOverwrite() for rules on ownership. hostIP is the location of the given IP. It is optional (may be nil) and is propagated to the listeners. k8sMeta contains Kubernetes-specific metadata such as pod namespace and pod name belonging to the IP (may be nil).
When deleting ipcache entries that were previously inserted via this function, ensure that the corresponding delete occurs via Delete().
Deprecated: Prefer UpsertLabels() instead.
func (*IPCache) UpsertLabels ¶
func (ipc *IPCache) UpsertLabels(prefix netip.Prefix, lbls labels.Labels, src source.Source, resource ipcacheTypes.ResourceID)
UpsertLabels upserts a given IP and its corresponding labels associated with it into the ipcache metadata map. The given labels are not modified nor is its reference saved, as they're copied when inserting into the map. This will trigger asynchronous calculation of any local identity changes that must occur to associate the specified labels with the prefix, and push any datapath updates necessary to implement the logic associated with the metadata currently associated with the 'prefix'.
func (*IPCache) UpsertMetadata ¶
func (ipc *IPCache) UpsertMetadata(prefix netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID, aux ...IPMetadata)
UpsertMetadata upserts a given IP and some corresponding information into the ipcache metadata map. See IPMetadata for a list of types that are valid to pass into this function. This will trigger asynchronous calculation of any datapath updates necessary to implement the logic associated with the specified metadata.
func (*IPCache) UpsertMetadataBatch ¶ added in v1.15.0
UpsertMetadataBatch applies updates to multiple prefixes in a single transaction, reducing potential lock contention.
Returns a revision number that can be passed to WaitForRevision().
func (*IPCache) UpsertPrefixes ¶
func (ipc *IPCache) UpsertPrefixes(prefixes []netip.Prefix, src source.Source, resource ipcacheTypes.ResourceID) (revision uint64)
UpsertPrefixes inserts the prefixes into the IPCache and associates CIDR labels with these prefixes, thereby making these prefixes selectable in policy via local ("CIDR") identities.
This will trigger asynchronous calculation of any datapath updates necessary to implement the logic associated with the new CIDR labels.
Returns a revision number that can be passed to WaitForRevision().
func (*IPCache) WaitForRevision ¶ added in v1.15.0
WaitForRevision will block until the desired revision has been reached (or passed). It can be used in concert with the revision number returned by Upsert* calls to ensure that an update has been applied.
The revision is updated every time the ipcache successfully applies all queued metadata updates. Thus, the sequence
rev := UpsertMetadataBatch(prefix1, metadata, ...) WaitForRevision(ctx, rev)
means that prefix1 has had at least one call to InjectLabels with the supplied metadata. It does not guarantee that the metadata matches exactly what was passed to UpsertMetadata, as other callers may have also queued modifications.
Note that the revision number should be treated as an opaque identifier. Returns a non-nil error if the provided context was cancelled before the desired revision was reached.
type IPIdentityMappingListener ¶
type IPIdentityMappingListener interface { // OnIPIdentityCacheChange will be called whenever there the state of the // IPCache has changed. If an existing CIDR->ID mapping is updated, then // oldID is not nil; otherwise it is nil. // hostIP is the IP address of the location of the cidr. // hostIP is optional and may only be non-nil for an Upsert modification. // k8sMeta contains the Kubernetes pod namespace and name behind the IP // and may be nil. OnIPIdentityCacheChange(modType CacheModification, cidrCluster cmtypes.PrefixCluster, oldHostIP, newHostIP net.IP, oldID *Identity, newID Identity, encryptKey uint8, k8sMeta *K8sMetadata) }
IPIdentityMappingListener represents a component that is interested in learning about IP to Identity mapping events.
type IPIdentityWatcher ¶
type IPIdentityWatcher struct {
// contains filtered or unexported fields
}
IPIdentityWatcher is a watcher that will notify when IP<->identity mappings change in the kvstore.
func NewIPIdentityWatcher ¶
func NewIPIdentityWatcher( clusterName string, ipc IPCacher, factory storepkg.Factory, source source.Source, opts ...storepkg.RWSOpt, ) *IPIdentityWatcher
NewIPIdentityWatcher creates a new IPIdentityWatcher for the given cluster.
func (*IPIdentityWatcher) Drain ¶
func (iw *IPIdentityWatcher) Drain()
Drain triggers a deletion event for all known ipcache entries.
func (*IPIdentityWatcher) NumEntries ¶
func (iw *IPIdentityWatcher) NumEntries() uint64
NumEntries returns the number of entries synchronized from the kvstore.
func (*IPIdentityWatcher) OnDelete ¶
func (iw *IPIdentityWatcher) OnDelete(k storepkg.NamedKey)
OnDelete is triggered when a new deletion event is observed, and synchronizes local caching of endpoint IP to ipIDPair mapping with the operation the key-value store has informed us about.
To resolve conflicts between hosts and full CIDR prefixes:
- If a host is removed, check for an overlapping CIDR and if it exists, notify the listeners with an upsert for the CIDR's identity
- If any other deletion case, notify listeners of the deletion event.
func (*IPIdentityWatcher) OnUpdate ¶
func (iw *IPIdentityWatcher) OnUpdate(k storepkg.Key)
OnUpdate is triggered when a new upsertion event is observed, and synchronizes local caching of endpoint IP to ipIDPair mapping with the operation the key-value store has informed us about.
To resolve conflicts between hosts and full CIDR prefixes:
- Insert hosts into the cache as ".../w.x.y.z"
- Insert CIDRS into the cache as ".../w.x.y.z/N"
- If a host entry created, notify the listeners.
- If a CIDR is created and there's no overlapping host entry, ie it is a less than fully masked CIDR, OR it is a fully masked CIDR and there is no corresponding host entry, then:
- Notify the listeners.
- Otherwise, do not notify listeners.
func (*IPIdentityWatcher) Synced ¶
func (iw *IPIdentityWatcher) Synced() bool
Synced returns whether the initial list of entries has been retrieved from the kvstore, and new events are currently being watched.
func (*IPIdentityWatcher) Watch ¶
func (iw *IPIdentityWatcher) Watch(ctx context.Context, backend storepkg.WatchStoreBackend, opts ...IWOpt)
Watch starts the watcher and blocks waiting for events, until the context is closed. When events are received from the kvstore, all IPIdentityMappingListener are notified. It automatically emits deletion events for stale keys when appropriate (that is, when the watcher is restarted, and if the ClusterID is changed).
type IPMetadata ¶
type IPMetadata any
IPMetadata is an empty interface intended to inform developers using the IPCache interface about which types are valid to be injected, and how to update this code, in particular the merge(),unmerge(),isValid() methods below.
In an ideal world, we would use Constraints here but as of Go 1.18, these cannot be used in conjunction with methods, which is how the information gets injected into the IPCache.
type IWOpt ¶
type IWOpt func(*iwOpts)
func WithCachedPrefix ¶
WithCachedPrefix adapts the watched prefix based on the fact that the information concerning the given cluster is cached from an external kvstore.
func WithClusterID ¶
WithClusterID configures the ClusterID associated with the given watcher.
func WithIdentityValidator ¶
WithIdentityValidator registers a validation function to ensure that the observed IPs are associated with an identity belonging to the expected range.
func WithSelfDeletionProtection ¶
func WithSelfDeletionProtection() IWOpt
WithSelfDeletionProtection enables the automatic re-creation of the owned keys if they are detected to have been deleted. Note that this operation is performed using the client provided by kvstore.Client(), and shall not be enabled when using a different client.
type Identity ¶
type Identity struct { // Source is the source of the identity in the cache Source source.Source // ID is the numeric identity ID identity.NumericIdentity // contains filtered or unexported fields }
Identity is the identity representation of an IP<->Identity cache.
type K8sMetadata ¶
type K8sMetadata struct { // Namespace is the Kubernetes namespace of the pod behind the IP Namespace string // PodName is the Kubernetes pod name behind the IP PodName string // NamedPorts is the set of named ports for the pod NamedPorts types.NamedPortMap }
K8sMetadata contains Kubernetes pod information of the IP
func (*K8sMetadata) Equal ¶
func (m *K8sMetadata) Equal(o *K8sMetadata) bool
Equal returns true if two K8sMetadata pointers contain the same data or are both nil.
type MU ¶ added in v1.15.0
type MU struct { Prefix netip.Prefix Source source.Source Resource ipcacheTypes.ResourceID Metadata []IPMetadata }
MU is a batched metadata update, the short name is to cut down on visual clutter.