Documentation ¶
Index ¶
- Variables
- func OpenLocalPorts() map[uint16]struct{}
- type CRDRedirect
- type DatapathUpdater
- type Proxy
- func (p *Proxy) AckProxyPort(ctx context.Context, name string) error
- func (p *Proxy) AllocateCRDProxyPort(name string) (uint16, error)
- func (p *Proxy) ChangeLogLevel(level logrus.Level)
- func (p *Proxy) CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, epID uint16, ...) (uint16, error, revert.FinalizeFunc, revert.RevertFunc)
- func (p *Proxy) GetProxyPort(name string) (port uint16, isStatic bool, err error)
- func (p *Proxy) GetStatusModel() *models.ProxyStatus
- func (p *Proxy) ReinstallRoutingRules(mtu int) error
- func (p *Proxy) ReleaseProxyPort(name string) error
- func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
- func (p *Proxy) RemoveRedirect(id string)
- func (p *Proxy) RestoreProxyPorts(restoredProxyPortsStaleLimit uint)
- func (p *Proxy) SetProxyPort(name string, proxyType types.ProxyType, port uint16, ingress bool) error
- func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, ...) (error, func() error)
- func (p *Proxy) UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)
- type ProxyConfig
- type ProxyPort
- type Redirect
- type RedirectImplementation
Constants ¶
This section is empty.
Variables ¶
var Cell = cell.Module( "l7-proxy", "L7 Proxy provides support for L7 network policies", cell.Provide(newProxy), cell.Provide(newEnvoyProxyIntegration), cell.Provide(newDNSProxyIntegration), cell.ProvidePrivate(endpoint.NewEndpointInfoRegistry), cell.Config(ProxyConfig{}), )
Cell provides the L7 Proxy which provides support for L7 network policies. It is manages the different L7 proxies (Envoy, CoreDNS, ...) and the traffic redirection to them.
var ( // DefaultDNSProxy is the global, shared, DNS Proxy singleton. DefaultDNSProxy proxy.DNSProxier )
Functions ¶
func OpenLocalPorts ¶ added in v0.15.7
func OpenLocalPorts() map[uint16]struct{}
OpenLocalPorts returns the set of L4 ports currently open locally.
Types ¶
type CRDRedirect ¶ added in v0.15.7
type CRDRedirect struct{}
Redirect type for custom Listeners, which are managed externally.
func (*CRDRedirect) Close ¶ added in v0.15.7
func (r *CRDRedirect) Close()
func (*CRDRedirect) UpdateRules ¶ added in v0.15.7
func (r *CRDRedirect) UpdateRules(wg *completion.WaitGroup) (revert.RevertFunc, error)
type DatapathUpdater ¶ added in v0.15.7
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy maintains state about redirects
func (*Proxy) AckProxyPort ¶ added in v0.15.7
AckProxyPort() marks the proxy of the given type as successfully created and creates or updates the datapath rules accordingly.
func (*Proxy) AllocateCRDProxyPort ¶ added in v1.14.17
AllocateCRDProxyPort() allocates a new port for listener 'name', or returns the current one if already allocated. Each call has to be paired with AckProxyPort(name) to update the datapath rules accordingly. Each allocated port must be eventually freed with ReleaseProxyPort().
func (*Proxy) ChangeLogLevel ¶ added in v0.15.7
ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.
func (*Proxy) CreateOrUpdateRedirect ¶
func (p *Proxy) CreateOrUpdateRedirect( ctx context.Context, l4 policy.ProxyPolicy, id string, epID uint16, wg *completion.WaitGroup, ) ( uint16, error, revert.FinalizeFunc, revert.RevertFunc, )
CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated. The proxy listening port is returned, but proxy configuration on that port may still be ongoing asynchronously. Caller should wait for successful completion on 'wg' before assuming the returned proxy port is listening. Caller must call exactly one of the returned functions: - finalizeFunc to make the changes stick, or - revertFunc to cancel the changes. Called with 'localEndpoint' locked for reading!
func (*Proxy) GetProxyPort ¶ added in v0.15.7
GetProxyPort() returns the fixed listen port for a proxy, if any.
func (*Proxy) GetStatusModel ¶ added in v0.15.7
func (p *Proxy) GetStatusModel() *models.ProxyStatus
GetStatusModel returns the proxy status as API model
func (*Proxy) ReinstallRoutingRules ¶ added in v0.15.7
ReinstallRoutingRules ensures the presence of routing rules and tables needed to route packets to and from the L7 proxy.
func (*Proxy) ReleaseProxyPort ¶ added in v0.15.7
func (*Proxy) RemoveNetworkPolicy ¶ added in v1.16.0
func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
func (*Proxy) RemoveRedirect ¶
RemoveRedirect removes an existing redirect that has been successfully created earlier. Called with 'localEndpoint' passed to 'CreateOrUpdateRedirect' locked for writing!
func (*Proxy) RestoreProxyPorts ¶ added in v1.14.17
RestoreProxyPorts tries to find earlier port numbers from datapath and use them as defaults for proxy ports
func (*Proxy) SetProxyPort ¶ added in v0.15.7
func (p *Proxy) SetProxyPort(name string, proxyType types.ProxyType, port uint16, ingress bool) error
SetProxyPort() marks the proxy 'name' as successfully created with proxy port 'port'. Another call to AckProxyPort(name) is needed to update the datapath rules accordingly. This should only be called for proxies that have a static listener that is already listening on 'port'. May only be called once per proxy.
func (*Proxy) UpdateNetworkPolicy ¶ added in v1.6.4
func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)
func (*Proxy) UseCurrentNetworkPolicy ¶ added in v1.6.4
func (p *Proxy) UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)
type ProxyConfig ¶ added in v1.15.0
type ProxyConfig struct { ProxyPortrangeMin uint16 ProxyPortrangeMax uint16 RestoredProxyPortsAgeLimit uint }
func (ProxyConfig) Flags ¶ added in v1.16.0
func (r ProxyConfig) Flags(flags *pflag.FlagSet)
type ProxyPort ¶ added in v0.15.7
type ProxyPort struct { // proxy type this port applies to (immutable) ProxyType types.ProxyType `json:"type"` // 'true' for Ingress, 'false' for egress (immutable) // 'false' for CRD redirects, which are accessed by name only. Ingress bool `json:"ingress"` // ProxyPort is the desired proxy listening port number. ProxyPort uint16 `json:"port"` // contains filtered or unexported fields }
type RedirectImplementation ¶ added in v0.15.7
type RedirectImplementation interface { // UpdateRules updates the rules for the given proxy redirect. // The implementation should .Add to the WaitGroup if the update is // asynchronous and the update should not return until it is complete. // The returned RevertFunc must be non-nil. // Note: UpdateRules is not called when a redirect is created. UpdateRules(wg *completion.WaitGroup) (revert.RevertFunc, error) // Close closes and cleans up resources associated with the redirect // implementation. The implementation should .Add to the WaitGroup if the // update is asynchronous and the update should not return until it is // complete. Close() }
RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement