Documentation
¶
Index ¶
- Constants
- Variables
- func ChangeLogLevel(level logrus.Level)
- type Proxy
- func (p *Proxy) CreateOrUpdateRedirect(l4 *policy.L4Filter, id string, localEndpoint logger.EndpointUpdater, ...) (redir *Redirect, err error, finalizeFunc revert.FinalizeFunc, ...)
- func (p *Proxy) GetStatusModel() *models.ProxyStatus
- func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)
- func (p *Proxy) UpdateRedirectMetrics()
- type Redirect
- type RedirectImplementation
Constants ¶
const ( // MagicMarkHostMask can be used to fetch the host/proxy-relevant magic // bits from a mark. MagicMarkHostMask int = 0x0F00 // MagicMarkProxyMask can be used to fetch the proxy-relevant magic // bits from a mark. MagicMarkProxyMask int = 0x0E00 // MagicMarkIsProxy can be used in conjunction with MagicMarkProxyMask // to determine whether the mark is indicating that traffic is peering // with a proxy. MagicMarkIsProxy int = 0x0A00 // MagicMarkIngress determines that the traffic is sourced from the // proxy which is applying Ingress policy MagicMarkIngress int = 0x0A00 // MagicMarkEgress determines that the traffic is sourced from the // proxy which is applying Egress policy MagicMarkEgress int = 0x0B00 // MagicMarkHost determines that the traffic is sourced from the local // host and not from a proxy. MagicMarkHost int = 0x0C00 // MagicMarkK8sMasq determines that the traffic should be masqueraded // by kube-proxy in kubernetes environments. MagicMarkK8sMasq int = 0x4000 // MagicMarkK8sDrop determines that the traffic should be dropped in // kubernetes environments. MagicMarkK8sDrop int = 0x8000 )
The skb mark is used to transmit both identity and special markers to identify traffic from and to proxies. The mark field is being used in the following way:
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-------------------------------+-------+-------+---------------+ |L L L L L L L L L L L L L L L L|R R R R|M M M M|U U U U U U U U| +-------------------------------+-------+-------+---------------+
identity k8s mark identity
Identity (24 bits): +-----------------------------------------------+ |U U U U U U U U|L L L L L L L L L L L L L L L L| +-----------------------------------------------+
1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4
Kubernetes Mark (4 bits): R R R R 0 1 0 0 Masquerade 1 0 0 0 Drop
Cilium Mark (4 bits): M M M M 1 0 1 0 Ingress proxy 1 0 1 1 Egress proxy 1 1 0 0 From host
const ProxyKeepAlivePeriod = time.Duration(5) * time.Minute
ProxyKeepAlivePeriod is the time used for sending periodic keepalives on proxy connections. Cross-reference with datapath PROXY_DEFAULT_LIFETIME.
Variables ¶
var ( // DefaultDNSProxy is the global, shared, DNS Proxy singleton. DefaultDNSProxy *dnsproxy.DNSProxy )
var ( // DefaultEndpointInfoRegistry is the default instance implementing the // EndpointInfoRegistry interface. DefaultEndpointInfoRegistry logger.EndpointInfoRegistry = &defaultEndpointInfoRegistry{} )
Functions ¶
func ChangeLogLevel ¶ added in v1.5.0
ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.
Types ¶
type Proxy ¶
Proxy maintains state about redirects
func StartProxySupport ¶ added in v1.5.0
func StartProxySupport(minPort uint16, maxPort uint16, stateDir string, accessLogFile string, accessLogNotifier logger.LogRecordNotifier, accessLogMetadata []string) *Proxy
StartProxySupport starts the servers to support L7 proxies: xDS GRPC server and access log server.
func (*Proxy) CreateOrUpdateRedirect ¶
func (p *Proxy) CreateOrUpdateRedirect(l4 *policy.L4Filter, id string, localEndpoint logger.EndpointUpdater, wg *completion.WaitGroup) (redir *Redirect, err error, finalizeFunc revert.FinalizeFunc, revertFunc revert.RevertFunc)
CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated.
func (*Proxy) GetStatusModel ¶ added in v1.5.0
func (p *Proxy) GetStatusModel() *models.ProxyStatus
GetStatusModel returns the proxy status as API model
func (*Proxy) RemoveRedirect ¶
func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)
RemoveRedirect removes an existing redirect.
func (*Proxy) UpdateRedirectMetrics ¶ added in v1.5.0
func (p *Proxy) UpdateRedirectMetrics()
UpdateRedirectMetrics updates the redirect metrics per application protocol in Prometheus. Lock needs to be held to call this function.
type Redirect ¶
type Redirect struct {
// ProxyPort is the port the redirects redirects to where the proxy is
// listening on
ProxyPort uint16
// contains filtered or unexported fields
}
type RedirectImplementation ¶ added in v1.5.0
type RedirectImplementation interface {
// UpdateRules notifies the proxy implementation that the new rules in
// parameter l4 are to be applied. The implementation should .Add to the
// WaitGroup if the update is asynchronous and the update should not return
// until it is complete.
// The returned RevertFunc must be non-nil.
// Note: UpdateRules is not called when a redirect is created.
UpdateRules(wg *completion.WaitGroup, l4 *policy.L4Filter) (revert.RevertFunc, error)
// Close closes and cleans up resources associated with the redirect
// implementation. The implementation should .Add to the WaitGroup if the
// update is asynchronous and the update should not return until it is
// complete.
Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc)
}
RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement
Source Files
Directories