intdataplane

package
v1.11.0-cni-plu...-ddfc3b1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2024 License: Apache-2.0, Apache-2.0 Imports: 85 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EndTierDrop   = true
	NoEndTierDrop = false
)
View Source 
const (

	// Interface name used by kube-proxy to bind service ips.
	KubeIPVSInterface = "kube-ipvs0"
)

Variables

This section is empty.

Functions

func ConfigureDefaultMTUs 

func ConfigureDefaultMTUs(hostMTU int, c *Config)

ConfigureDefaultMTUs defaults any MTU configurations that have not been set. We default the values even if the encap is not enabled, in order to match behavior from earlier versions of Calico. However, they MTU will only be considered for allocation to pod interfaces if the encap is enabled.

func FindJumpMap 

func FindJumpMap(progID int, ifaceName string) (mapFD maps.FD, err error)

func NewIfaceAddrsUpdate 

func NewIfaceAddrsUpdate(name string, ips ...string) any

func NewIfaceStateUpdate 

func NewIfaceStateUpdate(name string, state ifacemonitor.State, index int) any

func NewSockmapState 

func NewSockmapState() (*sockmapState, error)

func NewXDPState 

func NewXDPState(allowGenericXDP bool) (*xdpState, error)

func NewXDPStateWithBPFLibrary 

func NewXDPStateWithBPFLibrary(library bpf.BPFDataplane, allowGenericXDP bool) *xdpState

Types

type Config 

type Config struct {
	Hostname             string
	NodeZone             string
	IPv6Enabled          bool
	RuleRendererOverride rules.RuleRenderer
	IPIPMTU              int
	VXLANMTU             int
	VXLANMTUV6           int
	VXLANPort            int

	MaxIPSetSize int

	RouteSyncDisabled              bool
	IptablesBackend                string
	IPSetsRefreshInterval          time.Duration
	RouteRefreshInterval           time.Duration
	DeviceRouteSourceAddress       net.IP
	DeviceRouteSourceAddressIPv6   net.IP
	DeviceRouteProtocol            netlink.RouteProtocol
	RemoveExternalRoutes           bool
	IPForwarding                   string
	TableRefreshInterval           time.Duration
	IptablesPostWriteCheckInterval time.Duration
	IptablesInsertMode             string
	IptablesLockFilePath           string
	IptablesLockTimeout            time.Duration
	IptablesLockProbeInterval      time.Duration
	XDPRefreshInterval             time.Duration

	FloatingIPsEnabled bool

	Wireguard wireguard.Config

	NetlinkTimeout time.Duration

	RulesConfig rules.Config

	IfaceMonitorConfig ifacemonitor.Config

	StatusReportingInterval time.Duration

	ConfigChangedRestartCallback func()
	FatalErrorRestartCallback    func(error)

	PostInSyncCallback func()
	HealthAggregator   *health.HealthAggregator
	WatchdogTimeout    time.Duration
	RouteTableManager  *idalloc.IndexAllocator

	DebugSimulateDataplaneHangAfter  time.Duration
	DebugSimulateDataplaneApplyDelay time.Duration

	ExternalNodesCidrs []string

	BPFEnabled                         bool
	BPFPolicyDebugEnabled              bool
	BPFDisableUnprivileged             bool
	BPFKubeProxyIptablesCleanupEnabled bool
	BPFLogLevel                        string
	BPFLogFilters                      map[string]string
	BPFCTLBLogFilter                   string
	BPFExtToServiceConnmark            int
	BPFDataIfacePattern                *regexp.Regexp
	BPFL3IfacePattern                  *regexp.Regexp
	XDPEnabled                         bool
	XDPAllowGeneric                    bool
	BPFConntrackTimeouts               bpfconntrack.Timeouts
	BPFCgroupV2                        string
	BPFConnTimeLBEnabled               bool
	BPFConnTimeLB                      string
	BPFHostNetworkedNAT                string
	BPFMapRepin                        bool
	BPFNodePortDSREnabled              bool
	BPFDSROptoutCIDRs                  []string
	BPFPSNATPorts                      numorstring.Port
	BPFMapSizeRoute                    int
	BPFMapSizeConntrack                int
	BPFMapSizeNATFrontend              int
	BPFMapSizeNATBackend               int
	BPFMapSizeNATAffinity              int
	BPFMapSizeIPSets                   int
	BPFMapSizeIfState                  int
	BPFIpv6Enabled                     bool
	BPFHostConntrackBypass             bool
	BPFEnforceRPF                      string
	BPFDisableGROForIfaces             *regexp.Regexp
	BPFExcludeCIDRsFromNAT             []string
	BPFRedirectToPeer                  string
	KubeProxyMinSyncPeriod             time.Duration
	SidecarAccelerationEnabled         bool
	ServiceLoopPrevention              string

	LookPathOverride func(file string) (string, error)

	KubeClientSet *kubernetes.Clientset

	FeatureDetectOverrides map[string]string
	FeatureGates           map[string]string

	MTUIfacePattern *regexp.Regexp

	RouteSource string

	KubernetesProvider config.Provider
	// contains filtered or unexported fields
}

type EndpointStatusUpdateCallback 

type EndpointStatusUpdateCallback func(ipVersion uint8, id interface{}, status string)

type IfaceFlags 

type IfaceFlags uint8

type IfaceType 

type IfaceType int32
const (
	IfaceTypeData IfaceType = iota
	IfaceTypeWireguard
	IfaceTypeIPIP
	IfaceTypeVXLAN
	IfaceTypeL3
	IfaceTypeBond
	IfaceTypeBondSlave
	IfaceTypeUnknown
)

type InternalDataplane 

type InternalDataplane struct {
	// contains filtered or unexported fields
}

InternalDataplane implements an in-process Felix dataplane driver based on iptables and ipsets. It communicates with the datastore-facing part of Felix via the Send/RecvMessage methods, which operate on the protobuf-defined API objects.

Architecture

The internal dataplane driver is organised around a main event loop, which handles update events from the datastore and dataplane.

Each pass around the main loop has two phases. In the first phase, updates are fanned out to "manager" objects, which calculate the changes that are needed and pass them to the dataplane programming layer. In the second phase, the dataplane layer applies the updates in a consistent sequence. The second phase is skipped until the datastore is in sync; this ensures that the first update to the dataplane applies a consistent snapshot.

Having the dataplane layer batch updates has several advantages. It is much more efficient to batch updates, since each call to iptables/ipsets has a high fixed cost. In addition, it allows for different managers to make updates without having to coordinate on their sequencing.

Requirements on the API

The internal dataplane does not do consistency checks on the incoming data (as the old Python-based driver used to do). It expects to be told about dependent resources before they are needed and for their lifetime to exceed that of the resources that depend on them. For example, it is important that the datastore layer sends an IP set create event before it sends a rule that references that IP set.

func NewIntDataplaneDriver 

func NewIntDataplaneDriver(config Config) *InternalDataplane

func (*InternalDataplane) RecvMessage 

func (d *InternalDataplane) RecvMessage() (interface{}, error)

func (*InternalDataplane) RegisterManager 

func (d *InternalDataplane) RegisterManager(mgr Manager)

func (*InternalDataplane) SendMessage 

func (d *InternalDataplane) SendMessage(msg interface{}) error

func (*InternalDataplane) Start 

func (d *InternalDataplane) Start()

type Manager 

type Manager interface {
	// OnUpdate is called for each protobuf message from the datastore.  May either directly
	// send updates to the IPSets and generictables.Table objects (which will queue the updates
	// until the main loop instructs them to act) or (for efficiency) may wait until
	// a call to CompleteDeferredWork() to flush updates to the dataplane.
	OnUpdate(protoBufMsg interface{})
	// Called before the main loop flushes updates to the dataplane to allow for batched
	// work to be completed.
	CompleteDeferredWork() error
}

type ManagerWithHEPUpdate 

type ManagerWithHEPUpdate interface {
	Manager
	OnHEPUpdate(hostIfaceToEpMap map[string]proto.HostEndpoint)
	GetIfaceQDiscInfo(ifaceName string) (bool, int, int)
}

func NewTestEpMgr 

func NewTestEpMgr(
	config *Config,
	bpfmaps *bpfmap.Maps,
	workloadIfaceRegex *regexp.Regexp,
) (ManagerWithHEPUpdate, error)

type ManagerWithRouteRules 

type ManagerWithRouteRules interface {
	Manager
	GetRouteRules() []routeRules
}

type ManagerWithRouteTables 

type ManagerWithRouteTables interface {
	Manager
	GetRouteTableSyncers() []routetable.SyncerInterface
}

type PolDirection 

type PolDirection int

PolDirection is the Calico datamodel direction of policy. On a host endpoint, ingress is towards the host. On a workload endpoint, ingress is towards the workload. 

const (
	PolDirnIngress PolDirection = iota
	PolDirnEgress
)

func (PolDirection) Inverse 

func (polDirection PolDirection) Inverse() PolDirection

func (PolDirection) RuleDir 

func (polDirection PolDirection) RuleDir() string

type Table 

type Table interface {
	UpdateChain(chain *generictables.Chain)
	UpdateChains([]*generictables.Chain)
	RemoveChains([]*generictables.Chain)
	RemoveChainByName(name string)
}

Table is a shim interface for generictables.Table.

type UpdateBatchResolver 

type UpdateBatchResolver interface {
	// Opportunity for a manager component to resolve state that depends jointly on the updates
	// that it has seen since the preceding CompleteDeferredWork call.  Processing here can
	// include passing resolved state to other managers.  It should not include any actual
	// dataplane updates yet.  (Those should be actioned in CompleteDeferredWork.)
	ResolveUpdateBatch() error
}

type VXLANFDB 

type VXLANFDB interface {
	SetVTEPs(vteps []vxlanfdb.VTEP)
}

type WireguardStatusUpdateCallback 

type WireguardStatusUpdateCallback func(ipVersion uint8, id interface{}, status string)

type XDPMode 

type XDPMode int
const (
	XDPModeAll XDPMode = iota
	XDPModeOnly
	XDPModeNone
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.