README
¶
Contiv Networking for Kubernetes
Contiv is integrated with Kubernetes via a CNI plugin. With this integration, Contiv Networking and Policy can be used for Pod inter-connectivity in a Kubernetes cluster.
Getting Started
This step-by-step procedure will guide you through a minimal experience of creating a Kubernetes cluster with Contiv networking and applying policy between pods.
Before starting, please be sure to set http/https proxies if your network requires it. (Note that https_proxy should be set to point to a http:// URL (not https://). This is an ansible requirement.)
The setup scripts use python modules parse and netaddr. If these modules are not installed on the machine where you are executing these steps, you should install them before proceeding. (E.g. pip install parse; pip install netaddr)
Step 1: Clone contrib and netplugin repos
$ mkdir -p ~/go/src/github.com/k8s
$ cd ~/go/src/github.com/k8s
$ git clone https://github.com/jojimt/contrib -b contiv
$ cd ~/go/src/github.com/k8s
$ git clone https://github.com/contiv/netplugin
Step 2: Create cluster
$ cd ~/go/src/github.com/k8s/netplugin
$ make k8s-cluster
This step will run Vagrant and ansible commands to bring a kubernetes cluster with one master and two worker nodes. This will take some time. Please be patient.
When step 2 completes, you should a message like the one below:
PLAY RECAP ********************************************************************
k8master : ok=xxx changed=xxx unreachable=0 failed=0
k8node-01 : ok=xxx changed=xxx unreachable=0 failed=0
k8node-02 : ok=xxx changed=xxx unreachable=0 failed=0
At this point, your cluster is ready for use.
Note: Occasionally, you might hit an error during ansible provisioning. If that happens, just re-issue the command (usually, it's caused by a temporary unavailability of a repo on the web). If the problem persists, you should open an issue on github.
You should proceed to Step 3 only if the previous step completed successfully.
This demo utilizes a busybox image built to include a full netcat utility. However, you can try other images as well if you like. The Dockerfile used for building the nc-busybox is available in the /shared folder of the k8master node (you will get to this directory in Step 3).
Step 3: Start the demo and ssh to the kubernetes master
This step will start network services and log you into the kubernetes master node.
$ make k8s-demo-start
When step 3 completes, you will get a shell prompt from the master. Use sudo su to enter sudo mode. Try a few commands.
[vagrant@k8master ~]$sudo su
[root@k8master vagrant]# kubectl get nodes
NAME LABELS STATUS AGE
k8node-01 kubernetes.io/hostname=k8node-01 Ready 4m
k8node-02 kubernetes.io/hostname=k8node-02 Ready 4m
[root@k8master vagrant]# netctl net list
Tenant Network Encap type Packet tag Subnet Gateway
------ ------- ---------- ---------- ------- ------
default default-net vxlan <nil> 20.1.1.0/24 20.1.1.254
default poc-net vxlan <nil> 21.1.1.0/24 21.1.1.254
[root@k8master ~]# netctl group list
Tenant Group Network Policies
------ ----- ------- --------
default default-epg default-net
default poc-epg poc-net
The last two commands show contiv configuration. The demo set up created two networks and two epgs. Lets try some examples.
Example 1: No network labels = Pod placed in default network
cd to /shared directory to find some pod specs. Create defaultnet-busybox1 and defaultnet-busybox2.
[root@k8master ~]# cd /shared
[root@k8master shared]#ls
defaultnet-busybox1.yaml noping-busybox.yaml pocnet-busybox.yaml
defaultnet-busybox2.yaml pingme-busybox.yaml policy.sh
[root@k8master shared]# kubectl create -f defaultnet-busybox1.yaml
pod "defaultnet-busybox1" created
[root@k8master shared]# kubectl create -f defaultnet-busybox2.yaml
pod "defaultnet-busybox2" created
[root@k8master shared]# kubectl get pods
NAME READY STATUS RESTARTS AGE
defaultnet-busybox1 1/1 Running 0 3m
defaultnet-busybox2 1/1 Running 0 39s
It may take a few minutes for the pods to enter Running state. When both have entered Running state, check their ip address and try reachability.
[root@k8master shared]# kubectl exec defaultnet-busybox1 -- ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
47: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:02:14:01:01:09 brd ff:ff:ff:ff:ff:ff
inet 20.1.1.9/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::2:14ff:fe01:109/64 scope link
valid_lft forever preferred_lft forever
[root@k8master shared]# kubectl describe pod defaultnet-busybox2 | grep IP
IP: 20.1.1.10
[root@k8master shared]# kubectl exec defaultnet-busybox1 -- ping 20.1.1.10
PING 20.1.1.10 (20.1.1.10): 56 data bytes
64 bytes from 20.1.1.10: seq=0 ttl=64 time=0.562 ms
64 bytes from 20.1.1.10: seq=1 ttl=64 time=0.124 ms
64 bytes from 20.1.1.10: seq=2 ttl=64 time=0.073 ms
Notice that both pods were assigned IP addresses from the default network and they can ping each other.
Example 2: Use network labels to specify a network and epg for the Pod
Now let's create a Pod with poc-net and poc-epg specified as network and epg respectively. Examine pocnet-busybox.yaml. There are two additional labels: io.contiv.network: poc-net and io.contiv.net-group: poc-epg specified in this pod spec.
[root@k8master shared]# kubectl create -f pocnet-busybox.yaml
pod "busybox-poc-net" created
[root@k8master shared]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-poc-net 1/1 Running 0 54s
defaultnet-busybox1 1/1 Running 0 35m
defaultnet-busybox2 1/1 Running 0 35m
[root@k8master shared]# kubectl exec busybox-poc-net -- ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
129: eth0@if128: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue
link/ether 02:02:15:01:01:02 brd ff:ff:ff:ff:ff:ff
inet 21.1.1.2/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::2:15ff:fe01:102/64 scope link
valid_lft forever preferred_lft forever
Notice that this pod was assigned an IP addresses from the poc-net.
Example 3: Use Contiv to specify and enforce network policy
In this example, we will create a policy and attach it to an epg. We will specify this epg in the pod spec and verify that the policy is enforced.
Examine policy.sh. This contains contiv commands to create a simple ICMP deny rule, add it to a policy and attach to an epg. Excute this script to create the network objects.
[root@k8master shared]# ./policy.sh
[root@k8master shared]# netctl group list
Tenant Group Network Policies
------ ----- ------- --------
default poc-epg poc-net
default noping-epg poc-net icmpPol
default default-epg default-net
[root@k8master shared]# netctl rule list icmpPol
Rule Direction Priority EndpointGroup Network IpAddress Protocol Port Action
---- --------- -------- ------------- ------- --------- -------- ---- ------
1 in 1 <nil> <nil> <nil> icmp <nil> deny
Examine noping-busybox.yaml and pingme-busybox.yaml. They specify noping-epg and poc-epg respectively as their epgs. Both of these pods have a netcat listener on TCP port 6379 (See nc-busybox/nc_loop.sh).
Create both of these pods and verify their connectivity behavior.
[root@k8master shared]# kubectl create -f noping-busybox.yaml
pod "annoyed-busybox" created
[root@k8master shared]# kubectl create -f pingme-busybox.yaml
pod "sportive-busybox" created
[root@k8master shared]# kubectl get pods
NAME READY STATUS RESTARTS AGE
annoyed-busybox 1/1 Running 0 22m
busybox-poc-net 1/1 Running 0 35m
defaultnet-busybox1 1/1 Running 0 35m
defaultnet-busybox2 1/1 Running 0 35m
sportive-busybox 1/1 Running 0 21m
[root@k8master shared]# kubectl describe pod annoyed-busybox | grep IP
IP: 21.1.1.2
[root@k8master shared]# kubectl describe pod sportive-busybox | grep IP
IP: 21.1.1.4
Try to access annoyed-busybox and sportive-busybox from busybox-poc-net via ping and nc.
[root@k8master shared]# kubectl exec busybox-poc-net -- ping 21.1.1.2
[root@k8master shared]# kubectl exec busybox-poc-net -- ping 21.1.1.4
PING 21.1.1.4 (21.1.1.4): 56 data bytes
64 bytes from 21.1.1.4: seq=0 ttl=64 time=0.230 ms
64 bytes from 21.1.1.4: seq=1 ttl=64 time=0.390 ms
64 bytes from 21.1.1.4: seq=2 ttl=64 time=0.205 ms
[root@k8master shared]# kubectl exec busybox-poc-net -- nc -zvw 1 21.1.1.2 6379
21.1.1.2 [21.1.1.2] 6379 (6379) open
[root@k8master shared]# kubectl exec busybox-poc-net -- nc -zvw 1 21.1.1.4 6379
21.1.1.4 [21.1.1.4] 6379 (6379) open
Notice 1) busybox-poc-net is unable to ping annoyed-busybox 2) busybox-poc-net is able to ping sportive-busybox, to which no policy was applied. 3) busybox-poc-net is able to exchange TCP with annoyed-busybox, consistent with the applied policy. You can try other combinations as well, e.g. ping/nc between annoyed-busybox and sportive-busybox. You can also create your own policy and pod spec and try.
Documentation
¶
Index ¶
- Constants
- func InitCNIServer(netplugin *plugin.NetPlugin) error
- func InitKubServiceWatch(np *plugin.NetPlugin)
- type APIClient
- type ContivConfig
- type EndpointAddress
- type EndpointPort
- type EndpointSubset
- type Endpoints
- type EndpointsList
- type EpWatchResp
- type ListMeta
- type LoadBalancerIngress
- type LoadBalancerStatus
- type NodeSpec
- type ObjectMeta
- type ObjectReference
- type Protocol
- type Service
- type ServiceAffinity
- type ServiceList
- type ServicePort
- type ServiceSpec
- type ServiceStatus
- type ServiceType
- type SvcWatchResp
- type TypeMeta
Constants ¶
const ( // ClusterIPNone - do not assign a cluster IP // no proxying required and no environment variables should be created for pods ClusterIPNone = "None" )
Variables ¶
This section is empty.
Functions ¶
func InitCNIServer ¶
InitCNIServer initializes the k8s cni server
func InitKubServiceWatch ¶
InitKubServiceWatch initializes the k8s service watch
Types ¶
type APIClient ¶
type APIClient struct {
// contains filtered or unexported fields
}
APIClient defines information needed for the k8s api client
func NewAPIClient ¶
NewAPIClient creates an instance of the k8s api client
func (*APIClient) GetPodLabel ¶
GetPodLabel retrieves the specified label
func (*APIClient) WatchServices ¶
func (c *APIClient) WatchServices(respCh chan SvcWatchResp)
WatchServices watches the services object on the api server
func (*APIClient) WatchSvcEps ¶
func (c *APIClient) WatchSvcEps(respCh chan EpWatchResp)
WatchSvcEps watches the service endpoints object
type ContivConfig ¶
type ContivConfig struct { K8sAPIServer string `json:"K8S_API_SERVER,omitempty"` K8sCa string `json:"K8S_CA,omitempty"` K8sKey string `json:"K8S_KEY,omitempty"` K8sCert string `json:"K8S_CERT,omitempty"` SvcSubnet string `json:"SVC_SUBNET,omitempty"` }
ContivConfig holds information passed via config file during cluster set up
type EndpointAddress ¶
type EndpointAddress struct { // The IP of this endpoint. // May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), // or link-local multicast ((224.0.0.0/24). // TODO: This should allow hostname or IP, See #4447. IP string `json:"ip"` // Reference to object providing the endpoint. TargetRef *ObjectReference `json:"targetRef,omitempty"` }
EndpointAddress is a tuple that describes single IP address.
type EndpointPort ¶
type EndpointPort struct { // The name of this port (corresponds to ServicePort.Name). // Must be a DNS_LABEL. // Optional only if one port is defined. Name string `json:"name,omitempty"` // The port number of the endpoint. Port int `json:"port"` // The IP protocol for this port. // Must be UDP or TCP. // Default is TCP. Protocol Protocol `json:"protocol,omitempty"` }
EndpointPort is a tuple that describes a single port.
type EndpointSubset ¶
type EndpointSubset struct { // IP addresses which offer the related ports. Addresses []EndpointAddress `json:"addresses,omitempty"` // Port numbers available on the related IP addresses. Ports []EndpointPort `json:"ports,omitempty"` }
EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:
{ Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] }
The resulting set of endpoints can be viewed as:
a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], b: [ 10.10.1.1:309, 10.10.2.2:309 ]
type Endpoints ¶
type Endpoints struct { TypeMeta `json:",inline"` // Standard object's metadata. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata ObjectMeta `json:"metadata,omitempty"` // The set of all endpoints is the union of all subsets. // Sets of addresses and ports that comprise a service. Subsets []EndpointSubset `json:"subsets"` }
Endpoints is a collection of endpoints that implement the actual service. Example:
Name: "mysvc", Subsets: [ { Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] }, { Addresses: [{"ip": "10.10.3.3"}], Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] }, ]
type EndpointsList ¶
type EndpointsList struct { TypeMeta `json:",inline"` // Standard list metadata. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds ListMeta `json:"metadata,omitempty"` // List of endpoints. Items []Endpoints `json:"items"` }
EndpointsList is a list of endpoints.
type EpWatchResp ¶
type EpWatchResp struct {
// contains filtered or unexported fields
}
EpWatchResp is the response to service endpoints watch
type ListMeta ¶
type ListMeta struct { // SelfLink is a URL representing this object. // Populated by the system. // Read-only. SelfLink string `json:"selfLink,omitempty"` // String that identifies the server's internal version of this object that // can be used by clients to determine when objects have changed. // Value must be treated as opaque by clients and passed unmodified back to the server. // Populated by the system. // Read-only. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency ResourceVersion string `json:"resourceVersion,omitempty"` }
ListMeta describes metadata that synthetic resources must have, including lists and various status objects.
type LoadBalancerIngress ¶
type LoadBalancerIngress struct { // IP is set for load-balancer ingress points that are IP based // (typically GCE or OpenStack load-balancers) IP string `json:"ip,omitempty"` // Hostname is set for load-balancer ingress points that are DNS based // (typically AWS load-balancers) Hostname string `json:"hostname,omitempty"` }
LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.
type LoadBalancerStatus ¶
type LoadBalancerStatus struct { // Ingress is a list containing ingress points for the load-balancer. // Traffic intended for the service should be sent to these ingress points. Ingress []LoadBalancerIngress `json:"ingress,omitempty"` }
LoadBalancerStatus represents the status of a load-balancer.
type NodeSpec ¶
type NodeSpec struct { // PodCIDR represents the pod IP range assigned to the node. PodCIDR string `json:"podCIDR,omitempty"` // External ID of the node assigned by some machine database (e.g. a cloud provider). // Deprecated. ExternalID string `json:"externalID,omitempty"` // ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID> ProviderID string `json:"providerID,omitempty"` // Unschedulable controls node schedulability of new pods. By default, node is schedulable. // More info: http://releases.k8s.io/HEAD/docs/admin/node.md#manual-node-administration"` Unschedulable bool `json:"unschedulable,omitempty"` }
NodeSpec describes the attributes that a node is created with.
type ObjectMeta ¶
type ObjectMeta struct { // Name must be unique within a namespace. Is required when creating resources, although // some resources may allow a client to request the generation of an appropriate name // automatically. Name is primarily intended for creation idempotence and configuration // definition. // Cannot be updated. // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names Name string `json:"name,omitempty"` // GenerateName is an optional prefix, used by the server, to generate a unique // name ONLY IF the Name field has not been provided. // If this field is used, the name returned to the client will be different // than the name passed. This value will also be combined with a unique suffix. // The provided value has the same validation rules as the Name field, // and may be truncated by the length of the suffix required to make the value // unique on the server. // // If this field is specified and the generated name exists, the server will // NOT return a 409 - instead, it will either return 201 Created or 500 with Reason // ServerTimeout indicating a unique name could not be found in the time allotted, and the client // should retry (optionally after the time indicated in the Retry-After header). // // Applied only if Name is not specified. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency GenerateName string `json:"generateName,omitempty"` // Namespace defines the space within each name must be unique. An empty namespace is // equivalent to the "default" namespace, but "default" is the canonical representation. // Not all objects are required to be scoped to a namespace - the value of this field for // those objects will be empty. // // Must be a DNS_LABEL. // Cannot be updated. // More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md Namespace string `json:"namespace,omitempty"` // SelfLink is a URL representing this object. // Populated by the system. // Read-only. SelfLink string `json:"selfLink,omitempty"` // UID is the unique in time and space value for this object. It is typically generated by // the server on successful creation of a resource and is not allowed to change on PUT // operations. // // Populated by the system. // Read-only. // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids UID interface{} `json:"uid,omitempty"` // An opaque value that represents the internal version of this object that can // be used by clients to determine when objects have changed. May be used for optimistic // concurrency, change detection, and the watch operation on a resource or set of resources. // Clients must treat these values as opaque and passed unmodified back to the server. // They may only be valid for a particular resource or set of resources. // // Populated by the system. // Read-only. // Value must be treated as opaque by clients and . // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency ResourceVersion string `json:"resourceVersion,omitempty"` // A sequence number representing a specific generation of the desired state. // Currently only implemented by replication controllers. // Populated by the system. // Read-only. Generation int64 `json:"generation,omitempty"` // CreationTimestamp is a timestamp representing the server time when this object was // created. It is not guaranteed to be set in happens-before order across separate operations. // Clients may not set this value. It is represented in RFC3339 form and is in UTC. // // Populated by the system. // Read-only. // Null for lists. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata CreationTimestamp time.Time `json:"creationTimestamp,omitempty"` // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This // field is set by the server when a graceful deletion is requested by the user, and is not // directly settable by a client. The resource will be deleted (no longer visible from // resource lists, and not reachable by name) after the time in this field. Once set, this // value may not be unset or be set further into the future, although it may be shortened // or the resource may be deleted prior to this time. For example, a user may request that // a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination // signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet // will send a hard termination signal to the container. // If not set, graceful deletion of the object has not been requested. // // Populated by the system when a graceful deletion is requested. // Read-only. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"` // Number of seconds allowed for this object to gracefully terminate before // it will be removed from the system. Only set when deletionTimestamp is also set. // May only be shortened. // Read-only. DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty"` // Map of string keys and values that can be used to organize and categorize // (scope and select) objects. May match selectors of replication controllers // and services. // More info: http://releases.k8s.io/HEAD/docs/user-guide/labels.md // TODO: replace map[string]string with labels.LabelSet type Labels map[string]string `json:"labels,omitempty"` // Annotations is an unstructured key value map stored with a resource that may be // set by external tools to store and retrieve arbitrary metadata. They are not // queryable and should be preserved when modifying objects. // More info: http://releases.k8s.io/HEAD/docs/user-guide/annotations.md Annotations map[string]string `json:"annotations,omitempty"` }
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
type ObjectReference ¶
type ObjectReference struct { // Kind of the referent. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds Kind string `json:"kind,omitempty"` // Namespace of the referent. // More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md Namespace string `json:"namespace,omitempty"` // Name of the referent. // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names Name string `json:"name,omitempty"` // UID of the referent. // More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids UID interface{} `json:"uid,omitempty"` // API version of the referent. APIVersion string `json:"apiVersion,omitempty"` // Specific resourceVersion to which this reference is made, if any. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency ResourceVersion string `json:"resourceVersion,omitempty"` // If referring to a piece of an object instead of an entire object, this string // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. // For example, if the object reference is to a container within a pod, this would take on a value like: // "spec.containers{name}" (where "name" refers to the name of the container that triggered // the event) or if no container name is specified "spec.containers[2]" (container with // index 2 in this pod). This syntax is chosen only to have some well-defined way of // referencing a part of an object. // TODO: this design is not final and this field is subject to change in the future. FieldPath string `json:"fieldPath,omitempty"` }
ObjectReference contains enough information to let you inspect or modify the referred object.
type Protocol ¶
type Protocol string
Protocol defines network protocols supported for things like conatiner ports.
type Service ¶
type Service struct { TypeMeta `json:",inline"` // Standard object's metadata. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata ObjectMeta `json:"metadata,omitempty"` // Spec defines the behavior of a service. // http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status Spec ServiceSpec `json:"spec,omitempty"` // Most recently observed status of the service. // Populated by the system. // Read-only. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status Status ServiceStatus `json:"status,omitempty"` }
Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.
type ServiceAffinity ¶
type ServiceAffinity string
ServiceAffinity Session Affinity Type string
const ( // ServiceAffinityClientIP is the Client IP based. ServiceAffinityClientIP ServiceAffinity = "ClientIP" // ServiceAffinityNone - no session affinity. ServiceAffinityNone ServiceAffinity = "None" )
type ServiceList ¶
type ServiceList struct { TypeMeta `json:",inline"` // Standard list metadata. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds ListMeta `json:"metadata,omitempty"` // List of services Items []Service `json:"items"` }
ServiceList holds a list of services.
type ServicePort ¶
type ServicePort struct { // The name of this port within the service. This must be a DNS_LABEL. // All ports within a ServiceSpec must have unique names. This maps to // the 'Name' field in EndpointPort objects. // Optional if only one ServicePort is defined on this service. Name string `json:"name,omitempty"` // The IP protocol for this port. Supports "TCP" and "UDP". // Default is TCP. Protocol Protocol `json:"protocol,omitempty"` // The port that will be exposed by this service. Port int `json:"port"` // Number or name of the port to access on the pods targeted by the service. // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. // If this is a string, it will be looked up as a named port in the // target Pod's container ports. If this is not specified, the value // of Port is used (an identity map). // Defaults to the service port. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#defining-a-service TargetPort int `json:"targetPort,omitempty"` // The port on each node on which this service is exposed when type=NodePort or LoadBalancer. // Usually assigned by the system. If specified, it will be allocated to the service // if unused or else creation of the service will fail. // Default is to auto-allocate a port if the ServiceType of this Service requires one. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#type--nodeport NodePort int `json:"nodePort,omitempty"` }
ServicePort conatins information on service's port.
type ServiceSpec ¶
type ServiceSpec struct { // The list of ports that are exposed by this service. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies Ports []ServicePort `json:"ports"` // This service will route traffic to pods having labels matching this selector. // Label keys and values that must match in order to receive traffic for this service. // If empty, all pods are selected, if not specified, endpoints must be manually specified. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#overview Selector map[string]string `json:"selector,omitempty"` // ClusterIP is usually assigned by the master and is the IP address of the service. // If specified, it will be allocated to the service if it is unused // or else creation of the service will fail. // Valid values are None, empty string (""), or a valid IP address. // 'None' can be specified for a headless service when proxying is not required. // Cannot be updated. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies ClusterIP string `json:"clusterIP,omitempty"` // Type of exposed service. Must be ClusterIP, NodePort, or LoadBalancer. // Defaults to ClusterIP. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#external-services Type ServiceType `json:"type,omitempty"` // ExternalIPs are used by external load balancers, or can be set by // users to handle external traffic that arrives at a node. // Externally visible IPs (e.g. load balancers) that should be proxied to this service. ExternalIPs []string `json:"externalIPs,omitempty"` // Supports "ClientIP" and "None". Used to maintain session affinity. // Enable client IP based session affinity. // Must be ClientIP or None. // Defaults to None. // More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies SessionAffinity ServiceAffinity `json:"sessionAffinity,omitempty"` }
ServiceSpec describes the attributes that a user creates on a service.
type ServiceStatus ¶
type ServiceStatus struct { // LoadBalancer contains the current status of the load-balancer, // if one is present. LoadBalancer LoadBalancerStatus `json:"loadBalancer,omitempty"` }
ServiceStatus represents the current status of a service.
type ServiceType ¶
type ServiceType string
ServiceType string describes ingress methods for a service
const ( // ServiceTypeClusterIP means a service will only be accessible inside the // cluster, via the cluster IP. ServiceTypeClusterIP ServiceType = "ClusterIP" // ServiceTypeNodePort means a service will be exposed on one port of // every node, in addition to 'ClusterIP' type. ServiceTypeNodePort ServiceType = "NodePort" // ServiceTypeLoadBalancer means a service will be exposed via an // external load balancer (if the cloud provider supports it), in addition // to 'NodePort' type. ServiceTypeLoadBalancer ServiceType = "LoadBalancer" )
type SvcWatchResp ¶
type SvcWatchResp struct {
// contains filtered or unexported fields
}
SvcWatchResp is the response to a service watch
type TypeMeta ¶
type TypeMeta struct { // A string value representing the REST resource this object represents. // Servers may infer this from the endpoint the client submits requests to. // Cannot be updated. // In CamelCase. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds Kind string `json:"kind,omitempty"` // APIVersion defines the version of the schema of an object. // Servers should convert recognized schemas to the latest internal value, and // may reject unrecognized values. // More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources APIVersion string `json:"apiVersion,omitempty"` }
TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.