ovn

package
v0.0.0-...-18c0211 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2024 License: Apache-2.0 Imports: 98 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Default Meters created on GRs.
	OVNARPRateLimiter              = "arp"
	OVNARPResolveRateLimiter       = "arp-resolve"
	OVNBFDRateLimiter              = "bfd"
	OVNControllerEventsRateLimiter = "event-elb"
	OVNICMPV4ErrorsRateLimiter     = "icmp4-error"
	OVNICMPV6ErrorsRateLimiter     = "icmp6-error"
	OVNRejectRateLimiter           = "reject"
	OVNTCPRSTRateLimiter           = "tcp-reset"
	OVNServiceMonitorLimiter       = "svc-monitor"
)
View Source
const (
	NodeIPAddrSetName             egressIPAddrSetName = "node-ips"
	EgressIPServedPodsAddrSetName egressIPAddrSetName = "egressip-served-pods"
	// the possible values for LRP DB objects for EIPs
	IPFamilyValueV4         egressIPFamilyValue         = "ip4"
	IPFamilyValueV6         egressIPFamilyValue         = "ip6"
	IPFamilyValue           egressIPFamilyValue         = "ip" // use it when its dualstack
	ReplyTrafficNoReroute   egressIPNoReroutePolicyName = "EIP-No-Reroute-reply-traffic"
	NoReRoutePodToPod       egressIPNoReroutePolicyName = "EIP-No-Reroute-Pod-To-Pod"
	NoReRoutePodToJoin      egressIPNoReroutePolicyName = "EIP-No-Reroute-Pod-To-Join"
	NoReRoutePodToNode      egressIPNoReroutePolicyName = "EIP-No-Reroute-Pod-To-Node"
	NoReRouteUDNPodToCDNSvc egressIPNoReroutePolicyName = "EIP-No-Reroute-Pod-To-CDN-Svc"
	ReplyTrafficMark        egressIPQoSRuleName         = "EgressIP-Mark-Reply-Traffic"
)
View Source
const (
	// IdledServiceAnnotationSuffix is a constant string representing the suffix of the Service annotation key
	// whose value indicates the time stamp in RFC3339 format when a Service was idled
	IdledServiceAnnotationSuffix   = "idled-at"
	OvnNodeAnnotationRetryInterval = 100 * time.Millisecond
	OvnNodeAnnotationRetryTimeout  = 1 * time.Second
)
View Source
const (
	// TCP is the constant string for the string "TCP"
	TCP = "TCP"

	// UDP is the constant string for the string "UDP"
	UDP = "UDP"

	// SCTP is the constant string for the string "SCTP"
	SCTP = "SCTP"
)
View Source
const (
	// UDN ACL names, should be unique across all controllers
	// Default network-only ACLs:
	AllowHostARPACL       = "AllowHostARPSecondary"
	AllowHostSecondaryACL = "AllowHostSecondary"
	DenySecondaryACL      = "DenySecondary"
	// OpenPortACLPrefix is used to build per-pod ACLs, pod name should be added to the prefix to build a unique name
	OpenPortACLPrefix = "OpenPort-"
)
View Source
const DefaultNetworkControllerName = "default-network-controller"
View Source
const (
	EgressQoSFlowStartPriority = 1000
)
View Source
const PolicyForAnnotation = "k8s.v1.cni.cncf.io/policy-for"

Variables

This section is empty.

Functions

func DeleteLegacyDefaultNoRerouteNodePolicies

func DeleteLegacyDefaultNoRerouteNodePolicies(nbClient libovsdbclient.Client, clusterRouter, node string) error

DeleteLegacyDefaultNoRerouteNodePolicies deletes the older EIP node reroute policies called from syncFunction and is a one time operation sample: 101 ip4.src == 10.244.0.0/16 && ip4.dst == 172.18.0.2/32 allow

func EnsureDefaultCOPP

func EnsureDefaultCOPP(nbClient libovsdbclient.Client) (string, error)

EnsureDefaultCOPP creates the default COPP that needs to be added to each GR if not already present. Also cleans up old COPP entries if required.

func InitClusterEgressPolicies

func InitClusterEgressPolicies(nbClient libovsdbclient.Client, addressSetFactory addressset.AddressSetFactory, ni util.NetInfo,
	clusterSubnets []*net.IPNet, controllerName string) error

InitClusterEgressPolicies creates the global no reroute policies and address-sets required by the egressIP and egressServices features.

func NewNetworkPolicy

func NewNetworkPolicy(policy *knet.NetworkPolicy) *networkPolicy

func PortGroupHasPorts

func PortGroupHasPorts(nbClient libovsdbclient.Client, pgName string, portUUIDs []string) bool

PortGroupHasPorts returns true if a port group contains all given ports

func WithSyncDurationMetric

func WithSyncDurationMetric(resourceName string, f func() error) error

func WithSyncDurationMetricNoError

func WithSyncDurationMetricNoError(resourceName string, f func())

Types

type BaseNetworkController

type BaseNetworkController struct {
	CommonNetworkControllerInfo

	// network information
	util.NetInfo
	// contains filtered or unexported fields
}

BaseNetworkController structure holds per-network fields and network specific configuration Note that all the methods with NetworkControllerInfo pointer receivers will be called by more than one type of network controllers.

func (*BaseNetworkController) AddConfigDurationRecord

func (bnc *BaseNetworkController) AddConfigDurationRecord(kind, namespace, name string) (
	[]ovsdb.Operation, func(), time.Time, error)

func (*BaseNetworkController) AddResourceCommon

func (bnc *BaseNetworkController) AddResourceCommon(objType reflect.Type, obj interface{}) error

func (*BaseNetworkController) DeletePodSelectorAddressSet

func (bnc *BaseNetworkController) DeletePodSelectorAddressSet(addrSetKey, backRef string) error

func (*BaseNetworkController) DeleteResourceCommon

func (bnc *BaseNetworkController) DeleteResourceCommon(objType reflect.Type, obj interface{}) error

func (*BaseNetworkController) EnsurePodSelectorAddressSet

func (bnc *BaseNetworkController) EnsurePodSelectorAddressSet(podSelector, namespaceSelector *metav1.LabelSelector,
	namespace, backRef string) (addrSetKey, psAddrSetHashV4, psAddrSetHashV6 string, err error)

EnsurePodSelectorAddressSet returns address set for requested (podSelector, namespaceSelector, namespace). If namespaceSelector is nil, namespace will be used with podSelector statically. podSelector should not be nil, use metav1.LabelSelector{} to match all pods. namespaceSelector can only be nil when namespace is set, use metav1.LabelSelector{} to match all namespaces. podSelector = metav1.LabelSelector{} + static namespace may be replaced with namespace address set, podSelector = metav1.LabelSelector{} + namespaceSelector may be replaced with a set of namespace address sets, but both cases will work here too.

backRef is the key that should be used for cleanup. if err != nil, cleanup is required by calling DeletePodSelectorAddressSet or EnsurePodSelectorAddressSet again. psAddrSetHashV4, psAddrSetHashV6 may be set to empty string if address set for that ipFamily wasn't created.

func (*BaseNetworkController) GetLocalZoneNodes

func (bnc *BaseNetworkController) GetLocalZoneNodes() ([]*kapi.Node, error)

GetLocalZoneNodes returns the list of local zone nodes A node is considered a local zone node if the zone name set in the node's annotation matches with the zone name set in the OVN Northbound database (to which this controller is connected to).

func (*BaseNetworkController) GetLogicalPortName

func (bnc *BaseNetworkController) GetLogicalPortName(pod *kapi.Pod, nadName string) string

func (*BaseNetworkController) GetNamespaceACLLogging

func (bnc *BaseNetworkController) GetNamespaceACLLogging(ns string) *libovsdbutil.ACLLoggingLevels

GetNamespaceACLLogging retrieves ACLLoggingLevels for the Namespace. nsInfo will be locked (and unlocked at the end) for given namespace if it exists.

func (*BaseNetworkController) GetNetworkRole

func (bnc *BaseNetworkController) GetNetworkRole(pod *kapi.Pod) (string, error)

GetNetworkRole returns the role of this controller's network for the given pod Expected values are: (1) "primary" if this network is the primary network of the pod.

The "default" network is the primary network of any pod usually
unless user-defined-network-segmentation feature has been activated.
If network segmentation feature is enabled then any user defined
network can be the primary network of the pod.

(2) "secondary" if this network is the secondary network of the pod.

Only user defined networks can be secondary networks for a pod.

(3) "infrastructure-locked" is applicable only to "default" network if

a user defined network is the "primary" network for this pod. This
signifies the "default" network is only used for probing and
is otherwise locked for all intents and purposes.

NOTE: Like in other places, expectation is this function is always called from controller's that have some relation to the given pod, unrelated networks are treated as secondary networks so caller has to be careful

func (*BaseNetworkController) GetSamplingConfig

func (bnc *BaseNetworkController) GetSamplingConfig() *libovsdbops.SamplingConfig

func (*BaseNetworkController) WatchNamespaces

func (bnc *BaseNetworkController) WatchNamespaces() error

WatchNamespaces starts the watching of namespace resource and calls back the appropriate handler logic

func (*BaseNetworkController) WatchNodes

func (bnc *BaseNetworkController) WatchNodes() error

WatchNodes starts the watching of the nodes resource and calls back the appropriate handler logic

func (*BaseNetworkController) WatchPods

func (bnc *BaseNetworkController) WatchPods() error

WatchPods starts the watching of the Pod resource and calls back the appropriate handler logic

type BaseSecondaryLayer2NetworkController

type BaseSecondaryLayer2NetworkController struct {
	BaseSecondaryNetworkController
}

BaseSecondaryLayer2NetworkController structure holds per-network fields and network specific configuration for secondary layer2/localnet network controller

type BaseSecondaryNetworkController

type BaseSecondaryNetworkController struct {
	BaseNetworkController
	// contains filtered or unexported fields
}

BaseSecondaryNetworkController structure holds per-network fields and network specific configuration for secondary network controller

func (*BaseSecondaryNetworkController) AddNamespaceForSecondaryNetwork

func (bsnc *BaseSecondaryNetworkController) AddNamespaceForSecondaryNetwork(ns *kapi.Namespace) error

AddNamespaceForSecondaryNetwork creates corresponding addressset in ovn db for secondary network

func (*BaseSecondaryNetworkController) AddSecondaryNetworkResourceCommon

func (bsnc *BaseSecondaryNetworkController) AddSecondaryNetworkResourceCommon(objType reflect.Type, obj interface{}) error

AddSecondaryNetworkResourceCommon adds the specified object to the cluster according to its type and returns the error, if any, yielded during object creation. This function is called for secondary network only.

func (*BaseSecondaryNetworkController) DeleteSecondaryNetworkResourceCommon

func (bsnc *BaseSecondaryNetworkController) DeleteSecondaryNetworkResourceCommon(objType reflect.Type, obj, cachedObj interface{}) error

DeleteResource deletes the object from the cluster according to the delete logic of its resource type. Given an object and optionally a cachedObj; cachedObj is the internal cache entry for this object, used for now for pods. This function is called for secondary network only.

func (*BaseSecondaryNetworkController) GetInternalCacheEntryForSecondaryNetwork

func (bsnc *BaseSecondaryNetworkController) GetInternalCacheEntryForSecondaryNetwork(objType reflect.Type, obj interface{}) interface{}

GetInternalCacheEntryForSecondaryNetwork returns the internal cache entry for this object, given an object and its type. This is now used only for pods, which will get their the logical port cache entry.

func (*BaseSecondaryNetworkController) UpdateSecondaryNetworkResourceCommon

func (bsnc *BaseSecondaryNetworkController) UpdateSecondaryNetworkResourceCommon(objType reflect.Type, oldObj, newObj interface{}, inRetryCache bool) error

UpdateSecondaryNetworkResourceCommon updates the specified object in the cluster to its version in newObj according to its type and returns the error, if any, yielded during the object update. This function is called for secondary network only. Given an old and a new object; The inRetryCache boolean argument is to indicate if the given resource is in the retryCache or not.

func (*BaseSecondaryNetworkController) WatchIPAMClaims

func (bsnc *BaseSecondaryNetworkController) WatchIPAMClaims() error

WatchIPAMClaims starts the watching of IPAMClaim resources and calls back the appropriate handler logic

func (*BaseSecondaryNetworkController) WatchMultiNetworkPolicy

func (bsnc *BaseSecondaryNetworkController) WatchMultiNetworkPolicy() error

WatchMultiNetworkPolicy starts the watching of multinetworkpolicy resource and calls back the appropriate handler logic

func (*BaseSecondaryNetworkController) WatchNetworkPolicy

func (bsnc *BaseSecondaryNetworkController) WatchNetworkPolicy() error

WatchNetworkPolicy starts the watching of networkpolicy resource and calls back the appropriate handler logic

type CommonNetworkControllerInfo

type CommonNetworkControllerInfo struct {

	// has SCTP support
	SCTPSupport bool
	// contains filtered or unexported fields
}

CommonNetworkControllerInfo structure is place holder for all fields shared among controllers.

func NewCommonNetworkControllerInfo

func NewCommonNetworkControllerInfo(client clientset.Interface, kube *kube.KubeOVN, wf *factory.WatchFactory,
	recorder record.EventRecorder, nbClient libovsdbclient.Client, sbClient libovsdbclient.Client,
	podRecorder *metrics.PodRecorder, SCTPSupport, multicastSupport, svcTemplateSupport bool) (*CommonNetworkControllerInfo, error)

NewCommonNetworkControllerInfo creates CommonNetworkControllerInfo shared by controllers

type DefaultNetworkController

type DefaultNetworkController struct {
	BaseNetworkController
	// contains filtered or unexported fields
}

DefaultNetworkController structure is the object which holds the controls for starting and reacting upon the watched resources (e.g. pods, endpoints) for default l3 network

func NewDefaultNetworkController

func NewDefaultNetworkController(cnci *CommonNetworkControllerInfo, nadController *nad.NetAttachDefinitionController,
	observManager *observability.Manager, portCache *PortCache, eIPController *EgressIPController) (*DefaultNetworkController, error)

NewDefaultNetworkController creates a new OVN controller for creating logical network infrastructure and policy for default l3 network

func (*DefaultNetworkController) AddNamespace

func (oc *DefaultNetworkController) AddNamespace(ns *kapi.Namespace) error

AddNamespace creates corresponding addressset in ovn db

func (*DefaultNetworkController) Init

Init runs a subnet IPAM and a controller that watches arrival/departure of nodes in the cluster On an addition to the cluster (node create), a new subnet is created for it that will translate to creation of a logical switch (done by the node, but could be created here at the master process too) Upon deletion of a node, the switch will be deleted

TODO: Verify that the cluster was not already called with a different global subnet

If true, then either quit or perform a complete reconfiguration of the cluster (recreate switches/routers with new subnet values)

func (*DefaultNetworkController) InitEgressServiceZoneController

func (oc *DefaultNetworkController) InitEgressServiceZoneController() (*egresssvc_zone.Controller, error)

func (*DefaultNetworkController) Run

Run starts the actual watching.

func (*DefaultNetworkController) SetupMaster

func (oc *DefaultNetworkController) SetupMaster(existingNodeNames []string) error

SetupMaster creates the central router and load-balancers for the network

func (*DefaultNetworkController) Start

Start starts the default controller; handles all events and creates all needed logical entities

func (*DefaultNetworkController) StartServiceController

func (oc *DefaultNetworkController) StartServiceController(wg *sync.WaitGroup, runRepair bool) error

func (*DefaultNetworkController) Stop

func (oc *DefaultNetworkController) Stop()

Stop gracefully stops the controller

func (*DefaultNetworkController) WatchEgressFirewall

func (oc *DefaultNetworkController) WatchEgressFirewall() error

WatchEgressFirewall starts the watching of egressfirewall resource and calls back the appropriate handler logic

func (*DefaultNetworkController) WatchEgressIP

func (oc *DefaultNetworkController) WatchEgressIP() error

WatchEgressIP starts the watching of egressip resource and calls back the appropriate handler logic. It also initiates the other dedicated resource handlers for egress IP setup: namespaces, pods.

func (*DefaultNetworkController) WatchEgressIPNamespaces

func (oc *DefaultNetworkController) WatchEgressIPNamespaces() error

func (*DefaultNetworkController) WatchEgressIPPods

func (oc *DefaultNetworkController) WatchEgressIPPods() error

func (*DefaultNetworkController) WatchEgressNodes

func (oc *DefaultNetworkController) WatchEgressNodes() error

WatchEgressNodes starts the watching of egress assignable nodes and calls back the appropriate handler logic.

func (*DefaultNetworkController) WatchNetworkPolicy

func (oc *DefaultNetworkController) WatchNetworkPolicy() error

WatchNetworkPolicy starts the watching of network policy resource and calls back the appropriate handler logic

type EgressIPController

type EgressIPController struct {
	// contains filtered or unexported fields
}

EgressIPController configures OVN to support EgressIP

func NewEIPController

func NewEIPController(nbClient libovsdbclient.Client, kube *kube.KubeOVN, watchFactory *factory.WatchFactory, recorder record.EventRecorder,
	portCache *PortCache, nadController nad.NADController, addressSetFactor addressset.AddressSetFactory, v4, v6 bool, zone, controllerName string) *EgressIPController

func (*EgressIPController) SyncLocalNodeZonesCache

func (e *EgressIPController) SyncLocalNodeZonesCache() error

SyncLocalNodeZonesCache iterates over all known Nodes and stores whether it is a local or remote OVN zone.

type EgressIPPatchStatus

type EgressIPPatchStatus struct {
	Op    string                    `json:"op"`
	Path  string                    `json:"path"`
	Value egressipv1.EgressIPStatus `json:"value"`
}

type GatewayManager

type GatewayManager struct {
	// contains filtered or unexported fields
}

func NewGatewayManager

func NewGatewayManager(
	nodeName string,
	coopUUID string,
	kube kube.InterfaceOVN,
	nbClient libovsdbclient.Client,
	netInfo util.NetInfo,
	watchFactory *factory.WatchFactory,
	opts ...GatewayOption,
) *GatewayManager

func NewGatewayManagerForLayer2Topology

func NewGatewayManagerForLayer2Topology(
	nodeName string,
	coopUUID string,
	kube kube.InterfaceOVN,
	nbClient libovsdbclient.Client,
	netInfo util.NetInfo,
	watchFactory *factory.WatchFactory,
	opts ...GatewayOption,
) *GatewayManager

func (*GatewayManager) Cleanup

func (gw *GatewayManager) Cleanup() error

Cleanup removes all the NB DB objects created for a node's gateway

func (*GatewayManager) GatewayInit

func (gw *GatewayManager) GatewayInit(
	nodeName string,
	clusterIPSubnet []*net.IPNet,
	hostSubnets []*net.IPNet,
	l3GatewayConfig *util.L3GatewayConfig,
	sctpSupport bool,
	gwLRPJoinIPs, drLRPIfAddrs []*net.IPNet,
	externalIPs []net.IP,
	enableGatewayMTU bool,
) error

GatewayInit creates a gateway router for the local chassis. enableGatewayMTU enables options:gateway_mtu for gateway routers.

type GatewayOption

type GatewayOption func(*GatewayManager)

func WithLoadBalancerGroups

func WithLoadBalancerGroups(routerLBGroup, clusterLBGroup, switchLBGroup string) GatewayOption

type NetworkPolicyExtraParameters

type NetworkPolicyExtraParameters struct {
	// contains filtered or unexported fields
}

type PodSelectorAddrSetHandlerInfo

type PodSelectorAddrSetHandlerInfo struct {
	// PodSelectorAddrSetHandlerInfo is updated by PodSelectorAddressSet's handler, and it may be deleted by
	// PodSelectorAddressSet.
	// To make sure pod handlers won't try to update deleted resources, this lock is used together with deleted field.
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*PodSelectorAddrSetHandlerInfo) GetASHashNames

func (handlerInfo *PodSelectorAddrSetHandlerInfo) GetASHashNames() (string, string, error)

type PodSelectorAddressSet

type PodSelectorAddressSet struct {
	// contains filtered or unexported fields
}

PodSelectorAddressSet should always be accessed with oc.podSelectorAddressSets key lock

type PortCache

type PortCache struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewPortCache

func NewPortCache(stopChan <-chan struct{}) *PortCache

type SecondaryL2GatewayConfig

type SecondaryL2GatewayConfig struct {
	// contains filtered or unexported fields
}

type SecondaryL3GatewayConfig

type SecondaryL3GatewayConfig struct {
	// contains filtered or unexported fields
}

type SecondaryLayer2NetworkController

type SecondaryLayer2NetworkController struct {
	BaseSecondaryLayer2NetworkController
	// contains filtered or unexported fields
}

SecondaryLayer2NetworkController is created for logical network infrastructure and policy for a secondary layer2 network

func NewSecondaryLayer2NetworkController

func NewSecondaryLayer2NetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo, nadController nad.NADController) (*SecondaryLayer2NetworkController, error)

NewSecondaryLayer2NetworkController create a new OVN controller for the given secondary layer2 nad

func (*SecondaryLayer2NetworkController) Cleanup

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLayer2NetworkController) Init

func (*SecondaryLayer2NetworkController) Start

Start starts the secondary layer2 controller, handles all events and creates all needed logical entities

func (*SecondaryLayer2NetworkController) StartServiceController

func (oc *SecondaryLayer2NetworkController) StartServiceController(wg *sync.WaitGroup, runRepair bool) error

func (*SecondaryLayer2NetworkController) Stop

type SecondaryLayer3NetworkController

type SecondaryLayer3NetworkController struct {
	BaseSecondaryNetworkController
	// contains filtered or unexported fields
}

SecondaryLayer3NetworkController is created for logical network infrastructure and policy for a secondary l3 network

func NewSecondaryLayer3NetworkController

func NewSecondaryLayer3NetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo, nadController nad.NADController,
	eIPController *EgressIPController, portCache *PortCache) (*SecondaryLayer3NetworkController, error)

NewSecondaryLayer3NetworkController create a new OVN controller for the given secondary layer3 NAD

func (*SecondaryLayer3NetworkController) Cleanup

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLayer3NetworkController) Init

func (*SecondaryLayer3NetworkController) Run

func (*SecondaryLayer3NetworkController) Start

Start starts the secondary layer3 controller, handles all events and creates all needed logical entities

func (*SecondaryLayer3NetworkController) StartServiceController

func (oc *SecondaryLayer3NetworkController) StartServiceController(wg *sync.WaitGroup, runRepair bool) error

func (*SecondaryLayer3NetworkController) Stop

Stop gracefully stops the controller, and delete all logical entities for this network if requested

func (*SecondaryLayer3NetworkController) WatchNodes

func (oc *SecondaryLayer3NetworkController) WatchNodes() error

WatchNodes starts the watching of node resource and calls back the appropriate handler logic

type SecondaryLocalnetNetworkController

type SecondaryLocalnetNetworkController struct {
	BaseSecondaryLayer2NetworkController
}

SecondaryLocalnetNetworkController is created for logical network infrastructure and policy for a secondary localnet network

func NewSecondaryLocalnetNetworkController

func NewSecondaryLocalnetNetworkController(cnci *CommonNetworkControllerInfo, netInfo util.NetInfo,
	nadController networkAttachDefController.NADController) *SecondaryLocalnetNetworkController

NewSecondaryLocalnetNetworkController create a new OVN controller for the given secondary localnet NAD

func (*SecondaryLocalnetNetworkController) Cleanup

Cleanup cleans up logical entities for the given network, called from net-attach-def routine could be called from a dummy Controller (only has CommonNetworkControllerInfo set)

func (*SecondaryLocalnetNetworkController) Init

func (*SecondaryLocalnetNetworkController) Start

Start starts the secondary localnet controller, handles all events and creates all needed logical entities

func (*SecondaryLocalnetNetworkController) Stop

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL