Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { IPv6Enabled bool RuleRendererOverride rules.RuleRenderer IPIPMTU int IgnoreLooseRPF bool MaxIPSetSize int IPSetsRefreshInterval time.Duration RouteRefreshInterval time.Duration IptablesRefreshInterval time.Duration IptablesPostWriteCheckInterval time.Duration IptablesInsertMode string IptablesLockFilePath string IptablesLockTimeout time.Duration IptablesLockProbeInterval time.Duration RulesConfig rules.Config StatusReportingInterval time.Duration PostInSyncCallback func() HealthAggregator *health.HealthAggregator }
type InternalDataplane ¶
type InternalDataplane struct {
// contains filtered or unexported fields
}
InternalDataplane implements an in-process Felix dataplane driver based on iptables and ipsets. It communicates with the datastore-facing part of Felix via the Send/RecvMessage methods, which operate on the protobuf-defined API objects.
Architecture ¶
The internal dataplane driver is organised around a main event loop, which handles update events from the datastore and dataplane.
Each pass around the main loop has two phases. In the first phase, updates are fanned out to "manager" objects, which calculate the changes that are needed and pass them to the dataplane programming layer. In the second phase, the dataplane layer applies the updates in a consistent sequence. The second phase is skipped until the datastore is in sync; this ensures that the first update to the dataplane applies a consistent snapshot.
Having the dataplane layer batch updates has several advantages. It is much more efficient to batch updates, since each call to iptables/ipsets has a high fixed cost. In addition, it allows for different managers to make updates without having to coordinate on their sequencing.
Requirements on the API ¶
The internal dataplane does not do consistency checks on the incoming data (as the old Python-based driver used to do). It expects to be told about dependent resources before they are needed and for their lifetime to exceed that of the resources that depend on them. For example, it is important the the datastore layer send an IP set create event before it sends a rule that references that IP set.
func NewIntDataplaneDriver ¶
func NewIntDataplaneDriver(config Config) *InternalDataplane
func (*InternalDataplane) RecvMessage ¶
func (d *InternalDataplane) RecvMessage() (interface{}, error)
func (*InternalDataplane) RegisterManager ¶
func (d *InternalDataplane) RegisterManager(mgr Manager)
func (*InternalDataplane) SendMessage ¶
func (d *InternalDataplane) SendMessage(msg interface{}) error
func (*InternalDataplane) Start ¶
func (d *InternalDataplane) Start()
type Manager ¶
type Manager interface { // OnUpdate is called for each protobuf message from the datastore. May either directly // send updates to the IPSets and iptables.Table objects (which will queue the updates // until the main loop instructs them to act) or (for efficiency) may wait until // a call to CompleteDeferredWork() to flush updates to the dataplane. OnUpdate(protoBufMsg interface{}) // Called before the main loop flushes updates to the dataplane to allow for batched // work to be completed. CompleteDeferredWork() error }