envoy

package
v1.9.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2021 License: Apache-2.0 Imports: 56 Imported by: 9

Documentation

Index

Constants

View Source 
const (
	// ListenerTypeURL is the type URL of Listener resources.
	ListenerTypeURL = "type.googleapis.com/envoy.config.listener.v3.Listener"

	// NetworkPolicyTypeURL is the type URL of NetworkPolicy resources.
	NetworkPolicyTypeURL = "type.googleapis.com/cilium.NetworkPolicy"

	// NetworkPolicyHostsTypeURL is the type URL of NetworkPolicyHosts resources.
	NetworkPolicyHostsTypeURL = "type.googleapis.com/cilium.NetworkPolicyHosts"
)
View Source 
const (
	EnvoyTimeout = 300 * time.Second // must be smaller than endpoint.EndpointGenerationTimeout
)

Variables

View Source 
var (
	// ErrNotImplemented is the error returned by gRPC methods that are not
	// implemented by Cilium.
	ErrNotImplemented = errors.New("not implemented")
)
View Source 
var (
	// NetworkPolicyHostsCache is the global cache of resources of type
	// NetworkPolicyHosts. Resources in this cache must have the
	// NetworkPolicyHostsTypeURL type URL.
	NetworkPolicyHostsCache = newNPHDSCache()
)
View Source 
var (
	// RequiredEnvoyVersionSHA is set during build
	// Running Envoy version will be checked against `RequiredEnvoyVersionSHA`.
	// By default cilium-agent will fail to start if there is a version mismatch.
	RequiredEnvoyVersionSHA string
)

Functions

func EnableTracing 

func EnableTracing()

EnableTracing changes Envoy log level to "trace", producing the most logs.

func GetEnvoyHTTPRules 

func GetEnvoyHTTPRules(certManager policy.CertificateManager, l7Rules *api.L7Rules, ns string) (*cilium.HttpNetworkPolicyRules, bool)

func GetEnvoyVersion added in v1.5.0 

func GetEnvoyVersion() string

GetEnvoyVersion returns the envoy binary version string

func GetFlowType 

func GetFlowType(m *cilium.LogEntry) accesslog.FlowType

GetFlowType returns the type of flow (request|response)

func GetNetHttpHeaders 

func GetNetHttpHeaders(httpHeaders []*cilium.KeyValue) http.Header

getNetHttpHeaders returns the Headers as net.http.Header

func GetProtocol 

func GetProtocol(httpProtocol cilium.HttpProtocol) string

getProtocol returns the HTTP protocol in the format that Cilium understands

func GetVerdict 

func GetVerdict(m *cilium.LogEntry) accesslog.FlowVerdict

GetVerdict returns the verdict performed on the flow (forwarded|denied)

func HTTPNetworkPolicyRuleLess 

func HTTPNetworkPolicyRuleLess(r1, r2 *cilium.HttpNetworkPolicyRule) bool

HTTPNetworkPolicyRuleLess reports whether the r1 rule should sort before the r2 rule.

func HeaderMatcherLess 

func HeaderMatcherLess(m1, m2 *envoy_config_route.HeaderMatcher) bool

HeaderMatcherLess reports whether the m1 matcher should sort before the m2 matcher.

func ParseURL 

func ParseURL(scheme, host, path string) *url.URL

ParseURL returns the URL as *net.url.URL

func PortNetworkPolicyRuleLess 

func PortNetworkPolicyRuleLess(r1, r2 *cilium.PortNetworkPolicyRule) bool

PortNetworkPolicyRuleLess reports whether the r1 rule should sort before the r2 rule. L3-L4-only rules are less than L7 rules.

func SortHTTPNetworkPolicyRules 

func SortHTTPNetworkPolicyRules(rules []*cilium.HttpNetworkPolicyRule)

SortHTTPNetworkPolicyRules sorts the given slice.

func SortHeaderMatchers 

func SortHeaderMatchers(headers []*envoy_config_route.HeaderMatcher)

SortHeaderMatchers sorts the given slice.

func SortPortNetworkPolicies 

func SortPortNetworkPolicies(policies []*cilium.PortNetworkPolicy) []*cilium.PortNetworkPolicy

SortPortNetworkPolicies sorts the given slice in place and returns the sorted slice for convenience.

func SortPortNetworkPolicyRules 

func SortPortNetworkPolicyRules(rules []*cilium.PortNetworkPolicyRule) []*cilium.PortNetworkPolicyRule

SortPortNetworkPolicyRules sorts the given slice in place and returns the sorted slice for convenience.

func StartAccessLogServer added in v1.5.0 

func StartAccessLogServer(stateDir string, xdsServer *XDSServer, endpointInfoRegistry logger.EndpointInfoRegistry)

StartAccessLogServer starts the access log server.

Types

type Envoy added in v1.5.0 

type Envoy struct {
	// contains filtered or unexported fields
}

Envoy manages a running Envoy proxy instance via the ListenerDiscoveryService and RouteDiscoveryService gRPC APIs.

func StartEnvoy added in v1.5.0 

func StartEnvoy(stateDir, logPath string, baseID uint64) *Envoy

StartEnvoy starts an Envoy proxy instance.

func (*Envoy) ChangeLogLevel added in v1.5.0 

func (e *Envoy) ChangeLogLevel(level logrus.Level)

ChangeLogLevel changes Envoy log level to correspond to the logrus log level 'level'.

func (*Envoy) StopEnvoy added in v1.5.0 

func (e *Envoy) StopEnvoy() error

StopEnvoy kills the Envoy process started with StartEnvoy. The gRPC API streams are terminated first.

type HTTPNetworkPolicyRuleSlice 

type HTTPNetworkPolicyRuleSlice []*cilium.HttpNetworkPolicyRule

HTTPNetworkPolicyRuleSlice implements sort.Interface to sort a slice of *cilium.HttpNetworkPolicyRule.

func (HTTPNetworkPolicyRuleSlice) Len 

func (s HTTPNetworkPolicyRuleSlice) Len() int

func (HTTPNetworkPolicyRuleSlice) Less 

func (s HTTPNetworkPolicyRuleSlice) Less(i, j int) bool

func (HTTPNetworkPolicyRuleSlice) Swap 

func (s HTTPNetworkPolicyRuleSlice) Swap(i, j int)

type HeaderMatcherSlice 

type HeaderMatcherSlice []*envoy_config_route.HeaderMatcher

HeaderMatcherSlice implements sort.Interface to sort a slice of *envoy_config_route.HeaderMatcher.

func (HeaderMatcherSlice) Len 

func (s HeaderMatcherSlice) Len() int

func (HeaderMatcherSlice) Less 

func (s HeaderMatcherSlice) Less(i, j int) bool

func (HeaderMatcherSlice) Swap 

func (s HeaderMatcherSlice) Swap(i, j int)

type Listener 

type Listener struct {
	// contains filtered or unexported fields
}

type NPHDSCache 

type NPHDSCache struct {
	*xds.Cache
}

NPHDSCache is a cache of resources in the Network Policy Hosts Discovery Service.

func (*NPHDSCache) HandleResourceVersionAck 

func (cache *NPHDSCache) HandleResourceVersionAck(ackVersion uint64, nackVersion uint64, nodeIP string, resourceNames []string, typeURL string, detail string)

HandleResourceVersionAck is required to implement ResourceVersionAckObserver. We use this to start the IP Cache listener on the first ACK so that we only start the IP Cache listener if there is an Envoy node that uses NPHDS (e.g., Istio node, or host proxy running on kernel w/o LPM bpf map support).

func (*NPHDSCache) OnIPIdentityCacheChange 

func (cache *NPHDSCache) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidr net.IPNet,
	oldHostIP, newHostIP net.IP, oldID *identity.NumericIdentity, newID identity.NumericIdentity,
	encryptKey uint8, k8sMeta *ipcache.K8sMetadata)

OnIPIdentityCacheChange pushes modifications to the IP<->Identity mapping into the Network Policy Host Discovery Service (NPHDS).

func (*NPHDSCache) OnIPIdentityCacheGC 

func (cache *NPHDSCache) OnIPIdentityCacheGC()

OnIPIdentityCacheGC is required to implement IPIdentityMappingListener.

type PortNetworkPolicyRuleSlice 

type PortNetworkPolicyRuleSlice []*cilium.PortNetworkPolicyRule

PortNetworkPolicyRuleSlice implements sort.Interface to sort a slice of *cilium.PortNetworkPolicyRuleSlice.

func (PortNetworkPolicyRuleSlice) Len 

func (s PortNetworkPolicyRuleSlice) Len() int

func (PortNetworkPolicyRuleSlice) Less 

func (s PortNetworkPolicyRuleSlice) Less(i, j int) bool

func (PortNetworkPolicyRuleSlice) Swap 

func (s PortNetworkPolicyRuleSlice) Swap(i, j int)

type PortNetworkPolicySlice 

type PortNetworkPolicySlice []*cilium.PortNetworkPolicy

PortNetworkPolicySlice implements sort.Interface to sort a slice of *cilium.PortNetworkPolicy.

func (PortNetworkPolicySlice) Len 

func (s PortNetworkPolicySlice) Len() int

func (PortNetworkPolicySlice) Less 

func (s PortNetworkPolicySlice) Less(i, j int) bool

func (PortNetworkPolicySlice) Swap 

func (s PortNetworkPolicySlice) Swap(i, j int)

type XDSServer 

type XDSServer struct {

	// NetworkPolicyMutator wraps networkPolicyCache to publish policy
	// updates to Envoy proxies.
	// Exported for testing only!
	NetworkPolicyMutator xds.AckingResourceMutator
	// contains filtered or unexported fields
}

XDSServer provides a high-lever interface to manage resources published using the xDS gRPC API.

func StartXDSServer added in v1.5.0 

func StartXDSServer(stateDir string) *XDSServer

StartXDSServer configures and starts the xDS GRPC server.

func (*XDSServer) AddListener 

func (s *XDSServer) AddListener(name string, kind policy.L7ParserType, port uint16, isIngress bool, mayUseOriginalSourceAddr bool, wg *completion.WaitGroup)

AddListener adds a listener to a running Envoy proxy.

func (*XDSServer) AddMetricsListener 

func (s *XDSServer) AddMetricsListener(port uint16, wg *completion.WaitGroup)

AddMetricsListener adds a prometheus metrics listener to Envoy. We could do this in the bootstrap config, but then a failure to bind to the configured port would fail starting Envoy.

func (*XDSServer) GetNetworkPolicies 

func (s *XDSServer) GetNetworkPolicies(resourceNames []string) (map[string]*cilium.NetworkPolicy, error)

GetNetworkPolicies returns the current version of the network policies with the given names. If resourceNames is empty, all resources are returned.

func (*XDSServer) RemoveAllNetworkPolicies 

func (s *XDSServer) RemoveAllNetworkPolicies()

RemoveAllNetworkPolicies removes all network policies from the set published to L7 proxies.

func (*XDSServer) RemoveListener 

func (s *XDSServer) RemoveListener(name string, wg *completion.WaitGroup) xds.AckingResourceMutatorRevertFunc

RemoveListener removes an existing Envoy Listener.

func (*XDSServer) RemoveNetworkPolicy 

func (s *XDSServer) RemoveNetworkPolicy(ep logger.EndpointInfoSource)

RemoveNetworkPolicy removes network policies relevant to the specified endpoint from the set published to L7 proxies, and stops listening for acks for policies on this endpoint.

func (*XDSServer) UpdateNetworkPolicy 

func (s *XDSServer) UpdateNetworkPolicy(ep logger.EndpointUpdater, policy *policy.L4Policy,
	ingressPolicyEnforced, egressPolicyEnforced bool, wg *completion.WaitGroup) (error, func() error)

UpdateNetworkPolicy adds or updates a network policy in the set published to L7 proxies. When the proxy acknowledges the network policy update, it will result in a subsequent call to the endpoint's OnProxyPolicyUpdate() function.

func (*XDSServer) UseCurrentNetworkPolicy added in v1.6.4 

func (s *XDSServer) UseCurrentNetworkPolicy(ep logger.EndpointUpdater, policy *policy.L4Policy, wg *completion.WaitGroup)

UseCurrentNetworkPolicy inserts a Completion to the WaitGroup if the current network policy has not yet been acked. 'wg' may not be nil.

Source Files

View all Source files

Directories

Path Synopsis
Package xds is an implementation of Envoy's xDS (Discovery Service) protocol.
 Package xds is an implementation of Envoy's xDS (Discovery Service) protocol.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.