Documentation ¶
Overview ¶
Package k8s abstracts all Kubernetes specific behaviour
Package k8s abstracts all Kubernetes specific behaviour ¶
Package k8s contains all k8s related logic. +groupName=pkg
Package k8s abstracts all Kubernetes specific behaviour
Index ¶
- Constants
- Variables
- func AnnotationsEqual(relevantAnnotations []string, anno1, anno2 map[string]string) bool
- func Configure(apiServerURL, kubeconfigPath string, qps float32, burst int)
- func ConvertToCCNP(obj interface{}) interface{}
- func ConvertToCCNPWithStatus(obj interface{}) interface{}
- func ConvertToCNP(obj interface{}) interface{}
- func ConvertToCNPWithStatus(obj interface{}) interface{}
- func ConvertToCiliumEndpoint(obj interface{}) interface{}
- func ConvertToCiliumNode(obj interface{}) interface{}
- func ConvertToK8sEndpointSlice(obj interface{}) interface{}
- func ConvertToK8sEndpoints(obj interface{}) interface{}
- func ConvertToK8sService(obj interface{}) interface{}
- func ConvertToNamespace(obj interface{}) interface{}
- func ConvertToNetworkPolicy(obj interface{}) interface{}
- func ConvertToNode(obj interface{}) interface{}
- func ConvertToPod(obj interface{}) interface{}
- func CopyObjToCiliumEndpoint(obj interface{}) *types.CiliumEndpoint
- func CopyObjToCiliumNode(obj interface{}) *cilium_v2.CiliumNode
- func CopyObjToV1EndpointSlice(obj interface{}) *types.EndpointSlice
- func CopyObjToV1Endpoints(obj interface{}) *types.Endpoints
- func CopyObjToV1Namespace(obj interface{}) *types.Namespace
- func CopyObjToV1NetworkPolicy(obj interface{}) *types.NetworkPolicy
- func CopyObjToV1Node(obj interface{}) *types.Node
- func CopyObjToV1Pod(obj interface{}) *types.Pod
- func CopyObjToV1Services(obj interface{}) *types.Service
- func CopyObjToV2CNP(obj interface{}) *types.SlimCNP
- func CreateClient(config *rest.Config) (*kubernetes.Clientset, func(), error)
- func CreateConfig() (*rest.Config, error)
- func CreateConfigFromAgentResponse(resp *models.DaemonConfiguration) (*rest.Config, error)
- func CreateCustomDialer(b ServiceIPGetter, log *logrus.Entry) func(s string, duration time.Duration) (conn net.Conn, e error)
- func EqualV1EndpointSlice(ep1, ep2 *types.EndpointSlice) bool
- func EqualV1Endpoints(ep1, ep2 *types.Endpoints) bool
- func EqualV1Namespace(ns1, ns2 *types.Namespace) bool
- func EqualV1NetworkPolicy(np1, np2 *types.NetworkPolicy) bool
- func EqualV1Node(node1, node2 *types.Node) bool
- func EqualV1Pod(pod1, pod2 *types.Pod) bool
- func EqualV1PodContainers(c1, c2 types.PodContainer) bool
- func EqualV1Services(k8sSVC1, k8sSVC2 *types.Service) bool
- func EqualV2CNP(cnp1, cnp2 *types.SlimCNP) bool
- func GetAPIServerURL() string
- func GetBurst() int
- func GetKubeconfigPath() string
- func GetNode(c kubernetes.Interface, nodeName string) (*v1.Node, error)
- func GetPodMetadata(k8sNs *types.Namespace, pod *types.Pod) (lbls map[string]string, retAnno map[string]string, retErr error)
- func GetPolicyLabelsv1(np *networkingv1.NetworkPolicy) labels.LabelArray
- func GetQPS() float32
- func HasEndpointSlice(hasEndpointSlices chan struct{}, controller cache.Controller) bool
- func Init(conf k8sconfig.Configuration) error
- func IsEnabled() bool
- func IsErrParse(e error) bool
- func K8sErrorHandler(e error)
- func NewClusterService(id ServiceID, k8sService *Service, k8sEndpoints *Endpoints) service.ClusterService
- func ParseEndpointSlice(ep *types.EndpointSlice) (EndpointSliceID, *Endpoints)
- func ParseEndpoints(ep *types.Endpoints) (ServiceID, *Endpoints)
- func ParseNetworkPolicy(np *networkingv1.NetworkPolicy) (api.Rules, error)
- func ParseNode(k8sNode *types.Node, source source.Source) *node.Node
- func ParseNodeAddressType(k8sAddress v1.NodeAddressType) (addressing.AddressType, error)
- func ParseService(svc *types.Service) (ServiceID, *Service)
- func PreprocessRules(r api.Rules, cache *ServiceCache) error
- func RegisterCRDs() error
- func SupportsEndpointSlice() bool
- type Backend
- type CCNPStatusEventHandler
- type CNPNSWithMeta
- type CNPStatusEventHandler
- type CNPStatusUpdateContext
- type CacheAction
- type EndpointSliceID
- type Endpoints
- type ErrParse
- type FrontendList
- type JSONPatch
- type K8sCiliumClient
- type K8sClient
- type K8sMetaObject
- type NodeStatusUpdate
- type NodeStatusUpdater
- type RuleTranslator
- type Service
- type ServiceCache
- func (s *ServiceCache) DebugStatus() string
- func (s *ServiceCache) DeleteEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) ServiceID
- func (s *ServiceCache) DeleteEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) ServiceID
- func (s *ServiceCache) DeleteService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
- func (s *ServiceCache) MergeExternalServiceDelete(service *service.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) MergeExternalServiceUpdate(service *service.ClusterService, swg *lock.StoppableWaitGroup)
- func (s *ServiceCache) UniqueServiceFrontends() FrontendList
- func (s *ServiceCache) UpdateEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
- func (s *ServiceCache) UpdateEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
- func (s *ServiceCache) UpdateService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup) ServiceID
- type ServiceEvent
- type ServiceID
- type ServiceIPGetter
Constants ¶
const ( // BackOffLoopTimeout is the default duration when trying to reach the // kube-apiserver. BackOffLoopTimeout = 2 * time.Minute // EnvNodeNameSpec is the environment label used by Kubernetes to // specify the node's name. EnvNodeNameSpec = "K8S_NODE_NAME" )
const ( // AnnotationIstioSidecarStatus is the annotation added by Istio into a pod // when it is injected with a sidecar proxy. // Since Istio 0.5.0, the value of this annotation is a serialized JSON object // with the following structure ("imagePullSecrets" was added in Istio 0.8.0): // // { // "version": "0213afe1274259d2f23feb4820ad2f8eb8609b84a5538e5f51f711545b6bde88", // "initContainers": ["sleep", "istio-init"], // "containers": ["istio-proxy"], // "volumes": ["cilium-unix-sock-dir", "istio-envoy", "istio-certs"], // "imagePullSecrets": null // } AnnotationIstioSidecarStatus = "sidecar.istio.io/status" // DefaultSidecarIstioProxyImageRegexp is the default regexp compiled into // SidecarIstioProxyImageRegexp. DefaultSidecarIstioProxyImageRegexp = "cilium/istio_proxy" )
const ( // maximum number of operations a single json patch may contain. // See https://github.com/kubernetes/kubernetes/pull/74000 MaxJSONPatchOperations = 10000 )
Variables ¶
var CCNPStatusesPath = path.Join(kvstore.BaseKeyPrefix, "state", "ccnpstatuses", "v2")
var CNPStatusesPath = path.Join(kvstore.BaseKeyPrefix, "state", "cnpstatuses", "v2")
CNPStatusesPath is the prefix in the kvstore which will contain all keys representing CNPStatus state for all nodes in the cluster.
var ( // ErrNilNode is returned when the Kubernetes API server has returned a nil node ErrNilNode = goerrors.New("API server returned nil node") )
var ( // SidecarIstioProxyImageRegexp is the regular expression matching // compatible Istio sidecar istio-proxy container image names. // This is set by the "sidecar-istio-proxy-image" configuration flag. SidecarIstioProxyImageRegexp = regexp.MustCompile(DefaultSidecarIstioProxyImageRegexp) )
Functions ¶
func AnnotationsEqual ¶ added in v0.15.7
AnnotationsEqual returns whether the annotation with any key in relevantAnnotations is equal in anno1 and anno2.
func ConvertToCCNP ¶ added in v1.7.0
func ConvertToCCNP(obj interface{}) interface{}
ConvertToCCNP converts a *cilium_v2.CiliumClusterwideNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumClusterwideNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given CNP as empty.
func ConvertToCCNPWithStatus ¶ added in v1.7.0
func ConvertToCCNPWithStatus(obj interface{}) interface{}
ConvertToCCNPWithStatus converts a *cilium_v2.CiliumClusterwideNetworkPolicy into *types.SlimCNP or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumClusterwideNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToCNP ¶ added in v1.5.0
func ConvertToCNP(obj interface{}) interface{}
ConvertToCNP converts a *cilium_v2.CiliumNetworkPolicy into a *types.SlimCNP without the Status field of the given CNP, or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP, also without the Status field of the given CNP, in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given CNP as empty.
func ConvertToCNPWithStatus ¶ added in v1.5.0
func ConvertToCNPWithStatus(obj interface{}) interface{}
ConvertToCNPWithStatus converts a *cilium_v2.CiliumNetworkPolicy or a *cilium_v2.CiliumClusterwideNetworkPolicy into a *types.SlimCNP or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.SlimCNP in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToCiliumEndpoint ¶ added in v1.6.0
func ConvertToCiliumEndpoint(obj interface{}) interface{}
ConvertToCiliumEndpoint converts a *cilium_v2.CiliumEndpoint into a *types.CiliumEndpoint or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.CiliumEndpoint in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumEndpoint nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToCiliumNode ¶ added in v1.6.0
func ConvertToCiliumNode(obj interface{}) interface{}
ConvertToCiliumNode converts a *cilium_v2.CiliumNode into a *cilium_v2.CiliumNode or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *cilium_v2.CiliumNode in its Obj. If the given obj can't be cast into either *cilium_v2.CiliumNode nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToK8sEndpointSlice ¶ added in v1.7.0
func ConvertToK8sEndpointSlice(obj interface{}) interface{}
ConvertToK8sEndpointSlice converts a *v1beta1.EndpointSlice into a *types.Endpoints or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Endpoints in its Obj. If the given obj can't be cast into either *v1.Endpoints nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToK8sEndpoints ¶ added in v1.5.0
func ConvertToK8sEndpoints(obj interface{}) interface{}
ConvertToK8sEndpoints converts a *v1.Endpoints into a *types.Endpoints or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Endpoints in its Obj. If the given obj can't be cast into either *v1.Endpoints nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToK8sService ¶ added in v1.5.0
func ConvertToK8sService(obj interface{}) interface{}
ConvertToK8sService converts a *v1.Service into a *types.Service or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Service in its Obj. If the given obj can't be cast into either *v1.Service nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToNamespace ¶ added in v1.5.0
func ConvertToNamespace(obj interface{}) interface{}
ConvertToNamespace converts a *v1.Namespace into a *types.Namespace or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Namespace in its Obj. If the given obj can't be cast into either *v1.Namespace nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Namespace as empty.
func ConvertToNetworkPolicy ¶ added in v1.5.0
func ConvertToNetworkPolicy(obj interface{}) interface{}
ConvertToNetworkPolicy converts a *networkingv1.NetworkPolicy into a *types.NetworkPolicy or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.NetworkPolicy in its Obj. If the given obj can't be cast into either *networkingv1.NetworkPolicy nor cache.DeletedFinalStateUnknown, the original obj is returned.
func ConvertToNode ¶ added in v1.5.0
func ConvertToNode(obj interface{}) interface{}
ConvertToNode converts a *v1.Node into a *types.Node or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Node in its Obj. If the given obj can't be cast into either *v1.Node nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Node as empty.
func ConvertToPod ¶ added in v1.5.0
func ConvertToPod(obj interface{}) interface{}
ConvertToPod converts a *v1.Pod into a *types.Pod or a cache.DeletedFinalStateUnknown into a cache.DeletedFinalStateUnknown with a *types.Pod in its Obj. If the given obj can't be cast into either *v1.Pod nor cache.DeletedFinalStateUnknown, the original obj is returned. WARNING calling this function will set *all* fields of the given Pod as empty.
func CopyObjToCiliumEndpoint ¶ added in v1.6.0
func CopyObjToCiliumEndpoint(obj interface{}) *types.CiliumEndpoint
CopyObjToCiliumEndpoint attempts to cast object to a CiliumEndpoint object and returns a deep copy if the castin succeeds. Otherwise, nil is returned.
func CopyObjToCiliumNode ¶ added in v1.6.0
func CopyObjToCiliumNode(obj interface{}) *cilium_v2.CiliumNode
CopyObjToCiliumNode attempts to cast object to a CiliumNode object and returns a deep copy if the castin succeeds. Otherwise, nil is returned.
func CopyObjToV1EndpointSlice ¶ added in v1.7.0
func CopyObjToV1EndpointSlice(obj interface{}) *types.EndpointSlice
func CopyObjToV1Endpoints ¶ added in v1.5.0
func CopyObjToV1Namespace ¶ added in v1.5.0
func CopyObjToV1NetworkPolicy ¶ added in v1.5.0
func CopyObjToV1NetworkPolicy(obj interface{}) *types.NetworkPolicy
func CopyObjToV1Node ¶ added in v1.5.0
func CopyObjToV1Pod ¶ added in v1.5.0
func CopyObjToV1Services ¶ added in v1.5.0
func CopyObjToV2CNP ¶ added in v1.5.0
func CreateClient ¶ added in v0.10.0
func CreateClient(config *rest.Config) (*kubernetes.Clientset, func(), error)
CreateClient creates a new client to access the Kubernetes API
func CreateConfig ¶ added in v0.10.0
CreateConfig creates a client configuration based on the configured API server and Kubeconfig path
func CreateConfigFromAgentResponse ¶ added in v1.5.0
func CreateConfigFromAgentResponse(resp *models.DaemonConfiguration) (*rest.Config, error)
CreateConfigFromAgentResponse creates a client configuration from a models.DaemonConfigurationResponse
func CreateCustomDialer ¶ added in v0.15.7
func CreateCustomDialer(b ServiceIPGetter, log *logrus.Entry) func(s string, duration time.Duration) (conn net.Conn, e error)
CreateCustomDialer returns a custom dialer that picks the service IP, from the given ServiceIPGetter, if the address the used to dial is a k8s service.
func EqualV1EndpointSlice ¶ added in v1.7.0
func EqualV1EndpointSlice(ep1, ep2 *types.EndpointSlice) bool
func EqualV1Endpoints ¶ added in v1.5.0
func EqualV1Namespace ¶ added in v1.5.0
func EqualV1NetworkPolicy ¶ added in v1.5.0
func EqualV1NetworkPolicy(np1, np2 *types.NetworkPolicy) bool
func EqualV1Node ¶ added in v1.5.0
func EqualV1Pod ¶ added in v1.5.0
func EqualV1PodContainers ¶ added in v1.7.0
func EqualV1PodContainers(c1, c2 types.PodContainer) bool
func EqualV1Services ¶ added in v0.15.7
func EqualV2CNP ¶ added in v1.5.0
func GetAPIServerURL ¶ added in v1.7.0
func GetAPIServerURL() string
GetAPIServerURL returns the configured API server URL address
func GetBurst ¶ added in v1.6.0
func GetBurst() int
GetBurst gets the burst limit of the K8s configuration.
func GetKubeconfigPath ¶ added in v1.5.0
func GetKubeconfigPath() string
GetKubeconfigPath returns the configured path to the kubeconfig configuration file
func GetNode ¶ added in v0.10.0
GetNode returns the kubernetes nodeName's node information from the kubernetes api server
func GetPodMetadata ¶ added in v0.15.7
func GetPodMetadata(k8sNs *types.Namespace, pod *types.Pod) (lbls map[string]string, retAnno map[string]string, retErr error)
GetPodMetadata returns the labels and annotations of the pod with the given namespace / name.
func GetPolicyLabelsv1 ¶ added in v0.15.7
func GetPolicyLabelsv1(np *networkingv1.NetworkPolicy) labels.LabelArray
GetPolicyLabelsv1 extracts the name of np. It uses the name from the Cilium annotation if present. If the policy's annotations do not contain the Cilium annotation, the policy's name field is used instead.
func HasEndpointSlice ¶ added in v1.7.0
func HasEndpointSlice(hasEndpointSlices chan struct{}, controller cache.Controller) bool
HasEndpointSlice returns true if the hasEndpointSlices is closed before the controller has been synchronized with k8s.
func Init ¶ added in v1.5.0
func Init(conf k8sconfig.Configuration) error
Init initializes the Kubernetes package. It is required to call Configure() beforehand.
func IsEnabled ¶ added in v1.5.0
func IsEnabled() bool
IsEnabled checks if Cilium is being used in tandem with Kubernetes.
func IsErrParse ¶ added in v1.5.0
IsErrParse returns true if the error is a ErrParse
func K8sErrorHandler ¶ added in v0.15.7
func K8sErrorHandler(e error)
K8sErrorHandler handles the error messages in a non verbose way by omitting repeated instances of the same error message for a timeout defined with k8sErrLogTimeout.
func NewClusterService ¶ added in v0.15.7
func NewClusterService(id ServiceID, k8sService *Service, k8sEndpoints *Endpoints) service.ClusterService
NewClusterService returns the service.ClusterService representing a Kubernetes Service
func ParseEndpointSlice ¶ added in v1.7.0
func ParseEndpointSlice(ep *types.EndpointSlice) (EndpointSliceID, *Endpoints)
ParseEndpointSlice parses a Kubernetes Endpoints resource
func ParseEndpoints ¶ added in v0.15.7
ParseEndpoints parses a Kubernetes Endpoints resource
func ParseNetworkPolicy ¶ added in v0.10.0
func ParseNetworkPolicy(np *networkingv1.NetworkPolicy) (api.Rules, error)
ParseNetworkPolicy parses a k8s NetworkPolicy. Returns a list of Cilium policy rules that can be added, along with an error if there was an error sanitizing the rules.
func ParseNodeAddressType ¶ added in v0.15.7
func ParseNodeAddressType(k8sAddress v1.NodeAddressType) (addressing.AddressType, error)
ParseNodeAddressType converts a Kubernetes NodeAddressType to a Cilium NodeAddressType. If the Kubernetes NodeAddressType does not have a corresponding Cilium AddressType, returns an error.
func ParseService ¶ added in v0.15.7
ParseService parses a Kubernetes service and returns a Service
func PreprocessRules ¶ added in v0.15.7
func PreprocessRules(r api.Rules, cache *ServiceCache) error
PreprocessRules translates rules that apply to headless services
func SupportsEndpointSlice ¶ added in v0.15.7
func SupportsEndpointSlice() bool
SupportsEndpointSlice returns true if cilium-operator or cilium-agent should watch and process endpoint slices.
Types ¶
type Backend ¶ added in v0.15.7
type Backend struct { Ports service.PortConfiguration NodeName string }
Backend contains all ports and the node name of a given backend +k8s:deepcopy-gen=true
func (*Backend) DeepCopy ¶ added in v0.15.7
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Backend.
func (*Backend) DeepCopyInto ¶ added in v0.15.7
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Backend) DeepEquals ¶ added in v1.7.0
DeepEquals returns true if both Backends are identical
type CCNPStatusEventHandler ¶ added in v0.15.7
type CCNPStatusEventHandler struct {
*CNPStatusEventHandler
}
CCNPStatusEventHandler handles status updates events for all the CCNPs in the cluster. Upon creation of Clusterwide policies, it will start a controller for that CNP which handles sending of updates for that CCNP to the kubernetes API server. Upon receiving eventes from the key-value store it will send the update for the CCNP corresponding to the status update to the controller for that CCNP.
func NewCCNPStatusEventHandler ¶ added in v0.15.7
func NewCCNPStatusEventHandler(cnpStore *store.SharedStore, k8sStore cache.Store, updateInterval time.Duration) *CCNPStatusEventHandler
NewCCNPStatusEventHandler returns a new CCNPStatusEventHandler. which is more or less a wrapper around the CNPStatusEventHandler itself.
func (*CCNPStatusEventHandler) WatchForCCNPStatusEvents ¶ added in v1.7.0
func (c *CCNPStatusEventHandler) WatchForCCNPStatusEvents()
WatchForCCNPStatusEvents starts a watcher for all the Clusterwide policy updates from the key-value store.
type CNPNSWithMeta ¶ added in v0.15.7
type CNPNSWithMeta struct { UID k8sTypes.UID Namespace string Name string Node string cilium_v2.CiliumNetworkPolicyNodeStatus }
CNPNSWithMeta is a wrapper around a CiliumNetworkPolicyNodeStatus with metadata that uniquely identifies the CNP which is being updated, and the node to which the status update corresponds. Implements pkg/kvstore/store/Key.
func (*CNPNSWithMeta) GetKeyName ¶ added in v0.15.7
func (c *CNPNSWithMeta) GetKeyName() string
GetKeyName returns the uniquely identifying information of this CNPNSWithMeta as a string for use as a key in a map.
func (CNPNSWithMeta) GetName ¶ added in v0.15.7
func (c CNPNSWithMeta) GetName() string
func (CNPNSWithMeta) GetNamespace ¶ added in v0.15.7
func (c CNPNSWithMeta) GetNamespace() string
func (CNPNSWithMeta) GetUID ¶ added in v0.15.7
func (c CNPNSWithMeta) GetUID() k8sTypes.UID
func (*CNPNSWithMeta) Marshal ¶ added in v0.15.7
func (c *CNPNSWithMeta) Marshal() ([]byte, error)
Marshal marshals the CNPNSWithMeta into JSON form.
func (*CNPNSWithMeta) Unmarshal ¶ added in v0.15.7
func (c *CNPNSWithMeta) Unmarshal(data []byte) error
Unmarshal unmarshals the CNPNSWithMeta from JSON form.
type CNPStatusEventHandler ¶ added in v0.15.7
type CNPStatusEventHandler struct {
// contains filtered or unexported fields
}
CNPStatusEventHandler handles status updates events for all CNPs in the cluster. Upon creation of CNPs, it will start a controller for that CNP which handles sending of updates for that CNP to the Kubernetes API server. Upon receiving events from the key-value store, it will send the update for the CNP corresponding to the status update to the controller for that CNP.
func NewCNPStatusEventHandler ¶ added in v0.15.7
func NewCNPStatusEventHandler(cnpStore *store.SharedStore, k8sStore cache.Store, updateInterval time.Duration) *CNPStatusEventHandler
NewCNPStatusEventHandler returns a new CNPStatusEventHandler.
func (*CNPStatusEventHandler) StartStatusHandler ¶ added in v0.15.7
func (c *CNPStatusEventHandler) StartStatusHandler(cnp *types.SlimCNP)
StartStatusHandler starts the goroutine which sends status updates for the given CNP to the Kubernetes APIserver. If a status handler has already been started, it is a no-op.
func (*CNPStatusEventHandler) StopStatusHandler ¶ added in v0.15.7
func (c *CNPStatusEventHandler) StopStatusHandler(cnp *types.SlimCNP)
StopStatusHandler signals that we need to stop managing the sending of status updates to the Kubernetes APIServer for the given CNP. It also cleans up all status updates from the key-value store for this CNP.
func (*CNPStatusEventHandler) WatchForCNPStatusEvents ¶ added in v1.7.0
func (c *CNPStatusEventHandler) WatchForCNPStatusEvents()
WatchForCNPStatusEvents starts a watcher for all the CNP update from the key-value store.
type CNPStatusUpdateContext ¶ added in v0.15.7
type CNPStatusUpdateContext struct { // CiliumNPClient is the CiliumNetworkPolicy client CiliumNPClient clientset.Interface // CiliumV2Store is a store containing all CiliumNetworkPolicy CiliumV2Store cache.Store // NodeName is the name of the node, it is used to separate status // field entries per node NodeName string // NodeManager implements the backoff.NodeManager interface and is used // to provide cluster-size dependent backoff NodeManager backoff.NodeManager // UpdateDuration must be populated using spanstart.Start() to provide // the timestamp of when the status update operation was started. It is // used to provide the latency in the Prometheus metrics. UpdateDuration *spanstat.SpanStat // WaitForEndpointsAtPolicyRev must point to a function that will wait // for all local endpoints to reach the particular policy revision WaitForEndpointsAtPolicyRev func(ctx context.Context, rev uint64) error }
CNPStatusUpdateContext is the context required to update the status of a CNP. It is filled out by the owner of the Kubernetes client before UpdateStatus() is called.
func (*CNPStatusUpdateContext) UpdateStatus ¶ added in v0.15.7
func (c *CNPStatusUpdateContext) UpdateStatus(ctx context.Context, cnp *types.SlimCNP, rev uint64, policyImportErr error) error
UpdateStatus updates the status section of a CiliumNetworkPolicy. It will retry as long as required to update the status unless a non-temporary error occurs in which case it expects a surrounding controller to restart or give up.
type CacheAction ¶ added in v0.15.7
type CacheAction int
CacheAction is the type of action that was performed on the cache
const ( // UpdateService reflects that the service was updated or added UpdateService CacheAction = iota // DeleteService reflects that the service was deleted DeleteService )
func (CacheAction) String ¶ added in v0.15.7
func (c CacheAction) String() string
String returns the cache action as a string
type EndpointSliceID ¶ added in v0.15.7
EndpointSliceID identifies a Kubernetes EndpointSlice as well as the legacy v1.Endpoints.
func ParseEndpointSliceID ¶ added in v0.15.7
func ParseEndpointSliceID(svc *types.EndpointSlice) EndpointSliceID
ParseEndpointSliceID parses a Kubernetes endpoints slice and returns the ServiceID
type Endpoints ¶ added in v0.15.7
type Endpoints struct { // Backends is a map containing all backend IPs and ports. The key to // the map is the backend IP in string form. The value defines the list // of ports for that backend IP, plus an additional optional node name. Backends map[string]*Backend }
Endpoints is an abstraction for the Kubernetes endpoints object. Endpoints consists of a set of backend IPs in combination with a set of ports and protocols. The name of the backend ports must match the names of the frontend ports of the corresponding service. +k8s:deepcopy-gen=true
func (*Endpoints) CIDRPrefixes ¶ added in v1.5.0
CIDRPrefixes returns the endpoint's backends as a slice of IPNets.
func (*Endpoints) DeepCopy ¶ added in v0.15.7
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Endpoints.
func (*Endpoints) DeepCopyInto ¶ added in v0.15.7
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Endpoints) DeepEquals ¶ added in v1.5.0
DeepEquals returns true if both endpoints are deep equal.
type ErrParse ¶ added in v1.5.0
type ErrParse struct {
// contains filtered or unexported fields
}
ErrParse is an error to describe where policy fails to parse due any invalid rule.
type FrontendList ¶ added in v0.15.7
type FrontendList map[string]struct{}
FrontendList is the list of all k8s service frontends
func (FrontendList) LooseMatch ¶ added in v0.15.7
func (l FrontendList) LooseMatch(frontend loadbalancer.L3n4Addr) (exists bool)
LooseMatch returns true if the provided frontend is found in the FrontendList. If the frontend has a protocol value set, it only matches a k8s service with a matching protocol. If no protocol is set, any k8s service matching frontend IP and port is considered a match, regardless of protocol.
type JSONPatch ¶ added in v0.15.7
type JSONPatch struct { OP string `json:"op,omitempty"` Path string `json:"path,omitempty"` Value interface{} `json:"value"` }
JSONPatch structure based on the RFC 6902
type K8sCiliumClient ¶ added in v1.5.0
K8sCiliumClient is a wrapper around clientset.Interface.
func CiliumClient ¶ added in v1.5.0
func CiliumClient() *K8sCiliumClient
CiliumClient returns the default Cilium Kubernetes client.
type K8sClient ¶ added in v1.5.0
type K8sClient struct { // kubernetes.Interface is the object through which interactions with // Kubernetes are performed. kubernetes.Interface }
K8sClient is a wrapper around kubernetes.Interface.
func Client ¶ added in v1.5.0
func Client() *K8sClient
Client returns the default Kubernetes client.
func (K8sClient) AnnotateNode ¶ added in v1.5.0
func (k8sCli K8sClient) AnnotateNode(nodeName string, encryptKey uint8, v4CIDR, v6CIDR *cidr.CIDR, v4HealthIP, v6HealthIP, v4CiliumHostIP, v6CiliumHostIP net.IP) error
AnnotateNode writes v4 and v6 CIDRs and health IPs in the given k8s node name. In case of failure while updating the node, this function while spawn a go routine to retry the node update indefinitely.
func (K8sClient) GetSecrets ¶ added in v1.7.0
GetSecrets returns the secrets found in the given namespace and name.
func (K8sClient) MarkNodeReady ¶ added in v1.6.9
MarkNodeReady marks the Kubernetes node resource as ready from a networking perspective
type K8sMetaObject ¶ added in v0.15.7
type NodeStatusUpdate ¶ added in v0.15.7
type NodeStatusUpdate struct { *cilium_v2.CiliumNetworkPolicyNodeStatus // contains filtered or unexported fields }
NodeStatusUpdate pairs a CiliumNetworkPolicyNodeStatus to a specific node.
type NodeStatusUpdater ¶ added in v0.15.7
type NodeStatusUpdater struct {
// contains filtered or unexported fields
}
NodeStatusUpdater handles the lifecycle around sending CNP NodeStatus updates.
type RuleTranslator ¶ added in v0.15.7
type RuleTranslator struct { Service ServiceID Endpoint Endpoints ServiceLabels map[string]string Revert bool AllocatePrefixes bool }
RuleTranslator implements pkg/policy.Translator interface Translate populates/depopulates given rule with ToCIDR rules Based on provided service/endpoint
func NewK8sTranslator ¶ added in v0.15.7
func NewK8sTranslator( serviceInfo ServiceID, endpoint Endpoints, revert bool, labels map[string]string, allocatePrefixes bool) RuleTranslator
NewK8sTranslator returns RuleTranslator
func (RuleTranslator) Translate ¶ added in v0.15.7
func (k RuleTranslator) Translate(r *api.Rule, result *policy.TranslationResult) error
Translate calls TranslateEgress on all r.Egress rules
func (RuleTranslator) TranslateEgress ¶ added in v0.15.7
func (k RuleTranslator) TranslateEgress(r *api.EgressRule, result *policy.TranslationResult) error
TranslateEgress populates/depopulates egress rules with ToCIDR entries based on toService entries
type Service ¶ added in v0.15.7
type Service struct { FrontendIP net.IP IsHeadless bool // IncludeExternal is true when external endpoints from other clusters // should be included IncludeExternal bool Shared bool // TrafficPolicy controls how backends are selected. If set to "Local", only // node-local backends are chosen TrafficPolicy loadbalancer.SVCTrafficPolicy // HealthCheckNodePort defines on which port the node runs a HTTP health // check server which may be used by external loadbalancers to determine // if a node has local backends. This will only have effect if both // LoadBalancerIPs is not empty and TrafficPolicy is SVCTrafficPolicyLocal. HealthCheckNodePort uint16 Ports map[loadbalancer.FEPortName]*loadbalancer.L4Addr // NodePorts stores mapping for port name => NodePort frontend addr string => // NodePort fronted addr. The string addr => addr indirection is to avoid // storing duplicates. NodePorts map[loadbalancer.FEPortName]map[string]*loadbalancer.L3n4AddrID // K8sExternalIPs stores mapping of the endpoint in a string format to the // externalIP in net.IP format. K8sExternalIPs map[string]net.IP // LoadBalancerIPs stores LB IPs assigned to the service (string(IP) => IP). LoadBalancerIPs map[string]net.IP Labels map[string]string Selector map[string]string }
Service is an abstraction for a k8s service that is composed by the frontend IP address (FEIP) and the map of the frontend ports (Ports). +k8s:deepcopy-gen=true
func NewService ¶ added in v0.15.7
func NewService(ip net.IP, externalIPs []string, loadBalancerIPs []string, headless bool, trafficPolicy loadbalancer.SVCTrafficPolicy, healthCheckNodePort uint16, labels, selector map[string]string) *Service
NewService returns a new Service with the Ports map initialized.
func (*Service) DeepCopy ¶ added in v0.15.7
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Service.
func (*Service) DeepCopyInto ¶ added in v0.15.7
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Service) DeepEquals ¶ added in v1.5.0
DeepEquals returns true if both services are equal
func (Service) IsExternal ¶ added in v0.15.7
IsExternal returns true if the service is expected to serve out-of-cluster endpoints:
func (*Service) String ¶ added in v0.15.7
String returns the string representation of a service resource
func (*Service) UniquePorts ¶ added in v0.15.7
UniquePorts returns a map of all unique ports configured in the service
type ServiceCache ¶ added in v0.15.7
type ServiceCache struct { Events chan ServiceEvent // contains filtered or unexported fields }
ServiceCache is a list of services correlated with the matching endpoints. The Events member will receive events as services.
func NewServiceCache ¶ added in v0.15.7
func NewServiceCache() ServiceCache
NewServiceCache returns a new ServiceCache
func (*ServiceCache) DebugStatus ¶ added in v0.15.7
func (s *ServiceCache) DebugStatus() string
DebugStatus implements debug.StatusObject to provide debug status collection ability
func (*ServiceCache) DeleteEndpointSlices ¶ added in v1.7.0
func (s *ServiceCache) DeleteEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) ServiceID
func (*ServiceCache) DeleteEndpoints ¶ added in v0.15.7
func (s *ServiceCache) DeleteEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) ServiceID
DeleteEndpoints parses a Kubernetes endpoints and removes it from the ServiceCache
func (*ServiceCache) DeleteService ¶ added in v0.15.7
func (s *ServiceCache) DeleteService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup)
DeleteService parses a Kubernetes service and removes it from the ServiceCache
func (*ServiceCache) GetServiceIP ¶ added in v0.15.7
func (s *ServiceCache) GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
GetServiceIP returns a random L3n4Addr that is backing the given Service ID.
func (*ServiceCache) MergeExternalServiceDelete ¶ added in v0.15.7
func (s *ServiceCache) MergeExternalServiceDelete(service *service.ClusterService, swg *lock.StoppableWaitGroup)
MergeExternalServiceDelete merges the deletion of a cluster service in a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().
func (*ServiceCache) MergeExternalServiceUpdate ¶ added in v0.15.7
func (s *ServiceCache) MergeExternalServiceUpdate(service *service.ClusterService, swg *lock.StoppableWaitGroup)
MergeExternalServiceUpdate merges a cluster service of a remote cluster into the local service cache. The service endpoints are stored as external endpoints and are correlated on demand with local services via correlateEndpoints().
func (*ServiceCache) UniqueServiceFrontends ¶ added in v0.15.7
func (s *ServiceCache) UniqueServiceFrontends() FrontendList
UniqueServiceFrontends returns all services known to the service cache as a map, indexed by the string representation of a loadbalancer.L3n4Addr
func (*ServiceCache) UpdateEndpointSlices ¶ added in v1.7.0
func (s *ServiceCache) UpdateEndpointSlices(epSlice *types.EndpointSlice, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
func (*ServiceCache) UpdateEndpoints ¶ added in v0.15.7
func (s *ServiceCache) UpdateEndpoints(k8sEndpoints *types.Endpoints, swg *lock.StoppableWaitGroup) (ServiceID, *Endpoints)
UpdateEndpoints parses a Kubernetes endpoints and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes endpoints could not be parsed and a bool to indicate whether the endpoints was changed in the cache or not.
func (*ServiceCache) UpdateService ¶ added in v0.15.7
func (s *ServiceCache) UpdateService(k8sSvc *types.Service, swg *lock.StoppableWaitGroup) ServiceID
UpdateService parses a Kubernetes service and adds or updates it in the ServiceCache. Returns the ServiceID unless the Kubernetes service could not be parsed and a bool to indicate whether the service was changed in the cache or not.
type ServiceEvent ¶ added in v0.15.7
type ServiceEvent struct { // Action is the action that was performed in the cache Action CacheAction // ID is the identified of the service ID ServiceID // Service is the service structure Service *Service // OldService is the service structure OldService *Service // Endpoints is the endpoints structured correlated with the service Endpoints *Endpoints // SWG provides a mechanism to detect if a service was synchronized with // the datapath. SWG *lock.StoppableWaitGroup }
ServiceEvent is emitted via the Events channel of ServiceCache and describes the change that occurred in the cache
type ServiceID ¶ added in v0.15.7
type ServiceID struct { Name string `json:"serviceName,omitempty"` Namespace string `json:"namespace,omitempty"` }
ServiceID identifies the Kubernetes service
func ParseEndpointsID ¶ added in v0.15.7
ParseEndpointsID parses a Kubernetes endpoints and returns the ServiceID
func ParseServiceID ¶ added in v0.15.7
ParseServiceID parses a Kubernetes service and returns the ServiceID
func ParseServiceIDFrom ¶ added in v0.15.7
ParseServiceIDFrom returns a ServiceID derived from the given kubernetes service FQDN.
type ServiceIPGetter ¶ added in v0.15.7
type ServiceIPGetter interface {
GetServiceIP(svcID ServiceID) *loadbalancer.L3n4Addr
}
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
apis
|
|
cilium.io/v2
Package v2 is the v2 version of the API.
|
Package v2 is the v2 version of the API. |
client
|
|
clientset/versioned
This package has the automatically generated clientset.
|
This package has the automatically generated clientset. |
clientset/versioned/fake
This package has the automatically generated fake clientset.
|
This package has the automatically generated fake clientset. |
clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
|
This package contains the scheme of the automatically generated clientset. |
clientset/versioned/typed/cilium.io/v2
This package has the automatically generated typed clients.
|
This package has the automatically generated typed clients. |
clientset/versioned/typed/cilium.io/v2/fake
Package fake has the automatically generated clients.
|
Package fake has the automatically generated clients. |
Package types contains slimmer versions of k8s types.
|
Package types contains slimmer versions of k8s types. |
Package version keeps track of the Kubernetes version the client is connected to
|
Package version keeps track of the Kubernetes version the client is connected to |