k8splugin

package
v0.0.0-...-8dd92da Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 6, 2018 License: Apache-2.0 Imports: 28 Imported by: 0

README

Contiv Networking for Kubernetes

Contiv is integrated with Kubernetes via a CNI plugin. With this integration, Contiv Networking and Policy can be used for Pod inter-connectivity in a Kubernetes cluster.

Getting Started

This step-by-step procedure will guide you through a minimal experience of creating a Kubernetes cluster with Contiv networking and applying policy between pods.

Pre-requisites

Before starting, please be sure to set http/https proxies if your network requires it. (Note that https_proxy should be set to point to a http:// URL (not https://). This is an ansible requirement.)

The setup scripts use python modules parse and netaddr. If these modules are not installed on the machine where you are executing these steps, you should install them before proceeding. (E.g. pip install parse; pip install netaddr)

Step 1: Clone contrib and netplugin repos
$ mkdir -p ~/go/src/github.com/k8s
$ cd ~/go/src/github.com/k8s
$ git clone https://github.com/jojimt/contrib -b contiv

$ cd ~/go/src/github.com/k8s
$ git clone https://github.com/contiv/netplugin
Step 2: Create cluster
$ cd ~/go/src/github.com/k8s/netplugin
$ make k8s-cluster

This step will run Vagrant and ansible commands to bring a kubernetes cluster with one master and two worker nodes. This will take some time. Please be patient.

When step 2 completes, you should a message like the one below:

PLAY RECAP ******************************************************************** 
k8master                   : ok=xxx  changed=xxx  unreachable=0    failed=0   
k8node-01                  : ok=xxx  changed=xxx  unreachable=0    failed=0   
k8node-02                  : ok=xxx  changed=xxx  unreachable=0    failed=0

At this point, your cluster is ready for use.

Note: Occasionally, you might hit an error during ansible provisioning. If that happens, just re-issue the command (usually, it's caused by a temporary unavailability of a repo on the web). If the problem persists, you should open an issue on github.

You should proceed to Step 3 only if the previous step completed successfully.

This demo utilizes a busybox image built to include a full netcat utility. However, you can try other images as well if you like. The Dockerfile used for building the nc-busybox is available in the /shared folder of the k8master node (you will get to this directory in Step 3).

Step 3: Start the demo and ssh to the kubernetes master

This step will start network services and log you into the kubernetes master node.

$ make k8s-demo-start

When step 3 completes, you will get a shell prompt from the master. Use sudo su to enter sudo mode. Try a few commands.

[vagrant@k8master ~]$sudo su
[root@k8master vagrant]# kubectl get nodes
NAME        LABELS                             STATUS    AGE
k8node-01   kubernetes.io/hostname=k8node-01   Ready     4m
k8node-02   kubernetes.io/hostname=k8node-02   Ready     4m

[root@k8master vagrant]# netctl net list
Tenant   Network      Encap type  Packet tag  Subnet       Gateway
------   -------      ----------  ----------  -------      ------
default  default-net  vxlan       <nil>       20.1.1.0/24  20.1.1.254
default  poc-net      vxlan       <nil>       21.1.1.0/24  21.1.1.254

[root@k8master ~]# netctl group list
Tenant   Group        Network      Policies
------   -----        -------      --------
default  default-epg  default-net  
default  poc-epg      poc-net

The last two commands show contiv configuration. The demo set up created two networks and two epgs. Lets try some examples.

Example 1: No network labels = Pod placed in default network

cd to /shared directory to find some pod specs. Create defaultnet-busybox1 and defaultnet-busybox2.

[root@k8master ~]# cd /shared
[root@k8master shared]#ls
defaultnet-busybox1.yaml  noping-busybox.yaml  pocnet-busybox.yaml
defaultnet-busybox2.yaml  pingme-busybox.yaml  policy.sh

[root@k8master shared]# kubectl create -f defaultnet-busybox1.yaml 
pod "defaultnet-busybox1" created
[root@k8master shared]# kubectl create -f defaultnet-busybox2.yaml 
pod "defaultnet-busybox2" created

[root@k8master shared]# kubectl get pods
NAME                 READY     STATUS    RESTARTS   AGE
defaultnet-busybox1  1/1       Running   0          3m
defaultnet-busybox2  1/1       Running   0          39s

It may take a few minutes for the pods to enter Running state. When both have entered Running state, check their ip address and try reachability.

[root@k8master shared]# kubectl exec defaultnet-busybox1 -- ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
47: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:02:14:01:01:09 brd ff:ff:ff:ff:ff:ff
    inet 20.1.1.9/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2:14ff:fe01:109/64 scope link 
       valid_lft forever preferred_lft forever


[root@k8master shared]# kubectl describe pod defaultnet-busybox2 | grep IP
IP:                             20.1.1.10

[root@k8master shared]# kubectl exec defaultnet-busybox1 -- ping 20.1.1.10
PING 20.1.1.10 (20.1.1.10): 56 data bytes
64 bytes from 20.1.1.10: seq=0 ttl=64 time=0.562 ms
64 bytes from 20.1.1.10: seq=1 ttl=64 time=0.124 ms
64 bytes from 20.1.1.10: seq=2 ttl=64 time=0.073 ms

Notice that both pods were assigned IP addresses from the default network and they can ping each other.

Example 2: Use network labels to specify a network and epg for the Pod

Now let's create a Pod with poc-net and poc-epg specified as network and epg respectively. Examine pocnet-busybox.yaml. There are two additional labels: io.contiv.network: poc-net and io.contiv.net-group: poc-epg specified in this pod spec.

[root@k8master shared]# kubectl create -f pocnet-busybox.yaml 
pod "busybox-poc-net" created

[root@k8master shared]# kubectl get pods
NAME                  READY     STATUS    RESTARTS   AGE
busybox-poc-net       1/1       Running   0          54s
defaultnet-busybox1   1/1       Running   0          35m
defaultnet-busybox2   1/1       Running   0          35m

[root@k8master shared]# kubectl exec busybox-poc-net -- ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
129: eth0@if128: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue 
    link/ether 02:02:15:01:01:02 brd ff:ff:ff:ff:ff:ff
    inet 21.1.1.2/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::2:15ff:fe01:102/64 scope link 
       valid_lft forever preferred_lft forever

Notice that this pod was assigned an IP addresses from the poc-net.

Example 3: Use Contiv to specify and enforce network policy

In this example, we will create a policy and attach it to an epg. We will specify this epg in the pod spec and verify that the policy is enforced.

Examine policy.sh. This contains contiv commands to create a simple ICMP deny rule, add it to a policy and attach to an epg. Excute this script to create the network objects.

[root@k8master shared]# ./policy.sh

[root@k8master shared]# netctl group list
Tenant   Group        Network      Policies
------   -----        -------      --------
default  poc-epg      poc-net      
default  noping-epg   poc-net      icmpPol
default  default-epg  default-net  

[root@k8master shared]# netctl rule list icmpPol
Rule  Direction  Priority  EndpointGroup  Network  IpAddress  Protocol  Port   Action
----  ---------  --------  -------------  -------  ---------  --------  ----   ------
1     in         1         <nil>          <nil>    <nil>      icmp      <nil>  deny

Examine noping-busybox.yaml and pingme-busybox.yaml. They specify noping-epg and poc-epg respectively as their epgs. Both of these pods have a netcat listener on TCP port 6379 (See nc-busybox/nc_loop.sh).

Create both of these pods and verify their connectivity behavior.

[root@k8master shared]# kubectl create -f noping-busybox.yaml 
pod "annoyed-busybox" created
[root@k8master shared]# kubectl create -f pingme-busybox.yaml 
pod "sportive-busybox" created

[root@k8master shared]# kubectl get pods
NAME                READY     STATUS    RESTARTS   AGE
annoyed-busybox       1/1       Running   0          22m
busybox-poc-net       1/1       Running   0          35m
defaultnet-busybox1   1/1       Running   0          35m
defaultnet-busybox2   1/1       Running   0          35m
sportive-busybox      1/1       Running   0          21m


[root@k8master shared]# kubectl describe pod annoyed-busybox | grep IP
IP:                             21.1.1.2

[root@k8master shared]# kubectl describe pod sportive-busybox | grep IP
IP:                             21.1.1.4

Try to access annoyed-busybox and sportive-busybox from busybox-poc-net via ping and nc.

[root@k8master shared]# kubectl exec busybox-poc-net -- ping 21.1.1.2

[root@k8master shared]# kubectl exec busybox-poc-net -- ping 21.1.1.4
PING 21.1.1.4 (21.1.1.4): 56 data bytes
64 bytes from 21.1.1.4: seq=0 ttl=64 time=0.230 ms
64 bytes from 21.1.1.4: seq=1 ttl=64 time=0.390 ms
64 bytes from 21.1.1.4: seq=2 ttl=64 time=0.205 ms

[root@k8master shared]# kubectl exec busybox-poc-net -- nc -zvw 1 21.1.1.2 6379
21.1.1.2 [21.1.1.2] 6379 (6379) open

[root@k8master shared]# kubectl exec busybox-poc-net -- nc -zvw 1 21.1.1.4 6379
21.1.1.4 [21.1.1.4] 6379 (6379) open

Notice 1) busybox-poc-net is unable to ping annoyed-busybox 2) busybox-poc-net is able to ping sportive-busybox, to which no policy was applied. 3) busybox-poc-net is able to exchange TCP with annoyed-busybox, consistent with the applied policy. You can try other combinations as well, e.g. ping/nc between annoyed-busybox and sportive-busybox. You can also create your own policy and pod spec and try.

Documentation

Index

Constants

View Source 
const (
	// ClusterIPNone - do not assign a cluster IP
	// no proxying required and no environment variables should be created for pods
	ClusterIPNone = "None"
)

Variables

This section is empty.

Functions

func GetK8sClusterIPRange 

func GetK8sClusterIPRange() string

GetK8sClusterIPRange returns k8s cluster ip range

func InitCNIServer 

func InitCNIServer(netplugin *plugin.NetPlugin) error

InitCNIServer initializes the k8s cni server

func InitKubServiceWatch 

func InitKubServiceWatch(np *plugin.NetPlugin)

InitKubServiceWatch initializes the k8s service watch

Types

type APIClient 

type APIClient struct {
	// contains filtered or unexported fields
}

APIClient defines information needed for the k8s api client

func NewAPIClient 

func NewAPIClient(serverURL, caFile, keyFile, certFile, authToken string) *APIClient

NewAPIClient creates an instance of the k8s api client

func (*APIClient) GetPodLabel 

func (c *APIClient) GetPodLabel(ns, name, label string) (string, error)

GetPodLabel retrieves the specified label

func (*APIClient) WatchServices 

func (c *APIClient) WatchServices(respCh chan SvcWatchResp)

WatchServices watches the services object on the api server

func (*APIClient) WatchSvcEps 

func (c *APIClient) WatchSvcEps(respCh chan EpWatchResp)

WatchSvcEps watches the service endpoints object

type EndpointAddress 

type EndpointAddress struct {
	// The IP of this endpoint.
	// May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16),
	// or link-local multicast ((224.0.0.0/24).
	// TODO: This should allow hostname or IP, See #4447.
	IP string `json:"ip"`

	// Reference to object providing the endpoint.
	TargetRef *ObjectReference `json:"targetRef,omitempty"`
}

EndpointAddress is a tuple that describes single IP address.

type EndpointPort 

type EndpointPort struct {
	// The name of this port (corresponds to ServicePort.Name).
	// Must be a DNS_LABEL.
	// Optional only if one port is defined.
	Name string `json:"name,omitempty"`

	// The port number of the endpoint.
	Port int `json:"port"`

	// The IP protocol for this port.
	// Must be UDP or TCP.
	// Default is TCP.
	Protocol Protocol `json:"protocol,omitempty"`
}

EndpointPort is a tuple that describes a single port.

type EndpointSubset 

type EndpointSubset struct {
	// IP addresses which offer the related ports.
	Addresses []EndpointAddress `json:"addresses,omitempty"`
	// Port numbers available on the related IP addresses.
	Ports []EndpointPort `json:"ports,omitempty"`
}

EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given: 

{
  Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
  Ports:     [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
}

The resulting set of endpoints can be viewed as: 

a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
b: [ 10.10.1.1:309, 10.10.2.2:309 ]

type Endpoints 

type Endpoints struct {
	TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	ObjectMeta `json:"metadata,omitempty"`

	// The set of all endpoints is the union of all subsets.
	// Sets of addresses and ports that comprise a service.
	Subsets []EndpointSubset `json:"subsets"`
}

Endpoints is a collection of endpoints that implement the actual service. Example: 

 Name: "mysvc",
 Subsets: [
   {
     Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}],
     Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}]
   },
   {
     Addresses: [{"ip": "10.10.3.3"}],
     Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}]
   },
]

type EndpointsList 

type EndpointsList struct {
	TypeMeta `json:",inline"`
	// Standard list metadata.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
	ListMeta `json:"metadata,omitempty"`

	// List of endpoints.
	Items []Endpoints `json:"items"`
}

EndpointsList is a list of endpoints.

type EpWatchResp 

type EpWatchResp struct {
	// contains filtered or unexported fields
}

EpWatchResp is the response to service endpoints watch

type ListMeta 

type ListMeta struct {
	// SelfLink is a URL representing this object.
	// Populated by the system.
	// Read-only.
	SelfLink string `json:"selfLink,omitempty"`

	// String that identifies the server's internal version of this object that
	// can be used by clients to determine when objects have changed.
	// Value must be treated as opaque by clients and passed unmodified back to the server.
	// Populated by the system.
	// Read-only.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
	ResourceVersion string `json:"resourceVersion,omitempty"`
}

ListMeta describes metadata that synthetic resources must have, including lists and various status objects.

type LoadBalancerIngress 

type LoadBalancerIngress struct {
	// IP is set for load-balancer ingress points that are IP based
	// (typically GCE or OpenStack load-balancers)
	IP string `json:"ip,omitempty"`

	// Hostname is set for load-balancer ingress points that are DNS based
	// (typically AWS load-balancers)
	Hostname string `json:"hostname,omitempty"`
}

LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.

type LoadBalancerStatus 

type LoadBalancerStatus struct {
	// Ingress is a list containing ingress points for the load-balancer.
	// Traffic intended for the service should be sent to these ingress points.
	Ingress []LoadBalancerIngress `json:"ingress,omitempty"`
}

LoadBalancerStatus represents the status of a load-balancer.

type NodeSpec 

type NodeSpec struct {
	// PodCIDR represents the pod IP range assigned to the node.
	PodCIDR string `json:"podCIDR,omitempty"`
	// External ID of the node assigned by some machine database (e.g. a cloud provider).
	// Deprecated.
	ExternalID string `json:"externalID,omitempty"`
	// ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>
	ProviderID string `json:"providerID,omitempty"`
	// Unschedulable controls node schedulability of new pods. By default, node is schedulable.
	// More info: http://releases.k8s.io/HEAD/docs/admin/node.md#manual-node-administration"`
	Unschedulable bool `json:"unschedulable,omitempty"`
}

NodeSpec describes the attributes that a node is created with.

type ObjectMeta 

type ObjectMeta struct {
	// Name must be unique within a namespace. Is required when creating resources, although
	// some resources may allow a client to request the generation of an appropriate name
	// automatically. Name is primarily intended for creation idempotence and configuration
	// definition.
	// Cannot be updated.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
	Name string `json:"name,omitempty"`

	// GenerateName is an optional prefix, used by the server, to generate a unique
	// name ONLY IF the Name field has not been provided.
	// If this field is used, the name returned to the client will be different
	// than the name passed. This value will also be combined with a unique suffix.
	// The provided value has the same validation rules as the Name field,
	// and may be truncated by the length of the suffix required to make the value
	// unique on the server.
	//
	// If this field is specified and the generated name exists, the server will
	// NOT return a 409 - instead, it will either return 201 Created or 500 with Reason
	// ServerTimeout indicating a unique name could not be found in the time allotted, and the client
	// should retry (optionally after the time indicated in the Retry-After header).
	//
	// Applied only if Name is not specified.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#idempotency
	GenerateName string `json:"generateName,omitempty"`

	// Namespace defines the space within each name must be unique. An empty namespace is
	// equivalent to the "default" namespace, but "default" is the canonical representation.
	// Not all objects are required to be scoped to a namespace - the value of this field for
	// those objects will be empty.
	//
	// Must be a DNS_LABEL.
	// Cannot be updated.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md
	Namespace string `json:"namespace,omitempty"`

	// SelfLink is a URL representing this object.
	// Populated by the system.
	// Read-only.
	SelfLink string `json:"selfLink,omitempty"`

	// UID is the unique in time and space value for this object. It is typically generated by
	// the server on successful creation of a resource and is not allowed to change on PUT
	// operations.
	//
	// Populated by the system.
	// Read-only.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids
	UID interface{} `json:"uid,omitempty"`

	// An opaque value that represents the internal version of this object that can
	// be used by clients to determine when objects have changed. May be used for optimistic
	// concurrency, change detection, and the watch operation on a resource or set of resources.
	// Clients must treat these values as opaque and passed unmodified back to the server.
	// They may only be valid for a particular resource or set of resources.
	//
	// Populated by the system.
	// Read-only.
	// Value must be treated as opaque by clients and .
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
	ResourceVersion string `json:"resourceVersion,omitempty"`

	// A sequence number representing a specific generation of the desired state.
	// Currently only implemented by replication controllers.
	// Populated by the system.
	// Read-only.
	Generation int64 `json:"generation,omitempty"`

	// CreationTimestamp is a timestamp representing the server time when this object was
	// created. It is not guaranteed to be set in happens-before order across separate operations.
	// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
	//
	// Populated by the system.
	// Read-only.
	// Null for lists.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	CreationTimestamp time.Time `json:"creationTimestamp,omitempty"`

	// DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This
	// field is set by the server when a graceful deletion is requested by the user, and is not
	// directly settable by a client. The resource will be deleted (no longer visible from
	// resource lists, and not reachable by name) after the time in this field. Once set, this
	// value may not be unset or be set further into the future, although it may be shortened
	// or the resource may be deleted prior to this time. For example, a user may request that
	// a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
	// signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet
	// will send a hard termination signal to the container.
	// If not set, graceful deletion of the object has not been requested.
	//
	// Populated by the system when a graceful deletion is requested.
	// Read-only.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	DeletionTimestamp *time.Time `json:"deletionTimestamp,omitempty"`

	// Number of seconds allowed for this object to gracefully terminate before
	// it will be removed from the system. Only set when deletionTimestamp is also set.
	// May only be shortened.
	// Read-only.
	DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty"`

	// Map of string keys and values that can be used to organize and categorize
	// (scope and select) objects. May match selectors of replication controllers
	// and services.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/labels.md
	// TODO: replace map[string]string with labels.LabelSet type
	Labels map[string]string `json:"labels,omitempty"`

	// Annotations is an unstructured key value map stored with a resource that may be
	// set by external tools to store and retrieve arbitrary metadata. They are not
	// queryable and should be preserved when modifying objects.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/annotations.md
	Annotations map[string]string `json:"annotations,omitempty"`
}

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

type ObjectReference 

type ObjectReference struct {
	// Kind of the referent.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
	Kind string `json:"kind,omitempty"`
	// Namespace of the referent.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/namespaces.md
	Namespace string `json:"namespace,omitempty"`
	// Name of the referent.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#names
	Name string `json:"name,omitempty"`
	// UID of the referent.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/identifiers.md#uids
	UID interface{} `json:"uid,omitempty"`
	// API version of the referent.
	APIVersion string `json:"apiVersion,omitempty"`
	// Specific resourceVersion to which this reference is made, if any.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
	ResourceVersion string `json:"resourceVersion,omitempty"`

	// If referring to a piece of an object instead of an entire object, this string
	// should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
	// For example, if the object reference is to a container within a pod, this would take on a value like:
	// "spec.containers{name}" (where "name" refers to the name of the container that triggered
	// the event) or if no container name is specified "spec.containers[2]" (container with
	// index 2 in this pod). This syntax is chosen only to have some well-defined way of
	// referencing a part of an object.
	// TODO: this design is not final and this field is subject to change in the future.
	FieldPath string `json:"fieldPath,omitempty"`
}

ObjectReference contains enough information to let you inspect or modify the referred object.

type Protocol 

type Protocol string

Protocol defines network protocols supported for things like container ports. 

const (
	// ProtocolTCP is the TCP protocol.
	ProtocolTCP Protocol = "TCP"
	// ProtocolUDP is the UDP protocol.
	ProtocolUDP Protocol = "UDP"
)

type Service 

type Service struct {
	TypeMeta `json:",inline"`
	// Standard object's metadata.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
	ObjectMeta `json:"metadata,omitempty"`

	// Spec defines the behavior of a service.
	// http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
	Spec ServiceSpec `json:"spec,omitempty"`

	// Most recently observed status of the service.
	// Populated by the system.
	// Read-only.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
	Status ServiceStatus `json:"status,omitempty"`
}

Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.

type ServiceAffinity 

type ServiceAffinity string

ServiceAffinity Session Affinity Type string 

const (
	// ServiceAffinityClientIP is the Client IP based.
	ServiceAffinityClientIP ServiceAffinity = "ClientIP"

	// ServiceAffinityNone - no session affinity.
	ServiceAffinityNone ServiceAffinity = "None"
)

type ServiceList 

type ServiceList struct {
	TypeMeta `json:",inline"`
	// Standard list metadata.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
	ListMeta `json:"metadata,omitempty"`

	// List of services
	Items []Service `json:"items"`
}

ServiceList holds a list of services.

type ServicePort 

type ServicePort struct {
	// The name of this port within the service. This must be a DNS_LABEL.
	// All ports within a ServiceSpec must have unique names. This maps to
	// the 'Name' field in EndpointPort objects.
	// Optional if only one ServicePort is defined on this service.
	Name string `json:"name,omitempty"`

	// The IP protocol for this port. Supports "TCP" and "UDP".
	// Default is TCP.
	Protocol Protocol `json:"protocol,omitempty"`

	// The port that will be exposed by this service.
	Port int `json:"port"`

	// Number or name of the port to access on the pods targeted by the service.
	// Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
	// If this is a string, it will be looked up as a named port in the
	// target Pod's container ports. If this is not specified, the value
	// of Port is used (an identity map).
	// Defaults to the service port.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#defining-a-service
	TargetPort int `json:"targetPort,omitempty"`

	// The port on each node on which this service is exposed when type=NodePort or LoadBalancer.
	// Usually assigned by the system. If specified, it will be allocated to the service
	// if unused or else creation of the service will fail.
	// Default is to auto-allocate a port if the ServiceType of this Service requires one.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#type--nodeport
	NodePort int `json:"nodePort,omitempty"`
}

ServicePort contains information on service's port.

type ServiceSpec 

type ServiceSpec struct {
	// The list of ports that are exposed by this service.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
	Ports []ServicePort `json:"ports"`

	// This service will route traffic to pods having labels matching this selector.
	// Label keys and values that must match in order to receive traffic for this service.
	// If empty, all pods are selected, if not specified, endpoints must be manually specified.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#overview
	Selector map[string]string `json:"selector,omitempty"`

	// ClusterIP is usually assigned by the master and is the IP address of the service.
	// If specified, it will be allocated to the service if it is unused
	// or else creation of the service will fail.
	// Valid values are None, empty string (""), or a valid IP address.
	// 'None' can be specified for a headless service when proxying is not required.
	// Cannot be updated.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
	ClusterIP string `json:"clusterIP,omitempty"`

	// Type of exposed service. Must be ClusterIP, NodePort, or LoadBalancer.
	// Defaults to ClusterIP.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#external-services
	Type ServiceType `json:"type,omitempty"`

	// ExternalIPs are used by external load balancers, or can be set by
	// users to handle external traffic that arrives at a node.
	// Externally visible IPs (e.g. load balancers) that should be proxied to this service.
	ExternalIPs []string `json:"externalIPs,omitempty"`

	// Supports "ClientIP" and "None". Used to maintain session affinity.
	// Enable client IP based session affinity.
	// Must be ClientIP or None.
	// Defaults to None.
	// More info: http://releases.k8s.io/HEAD/docs/user-guide/services.md#virtual-ips-and-service-proxies
	SessionAffinity ServiceAffinity `json:"sessionAffinity,omitempty"`
}

ServiceSpec describes the attributes that a user creates on a service.

type ServiceStatus 

type ServiceStatus struct {
	// LoadBalancer contains the current status of the load-balancer,
	// if one is present.
	LoadBalancer LoadBalancerStatus `json:"loadBalancer,omitempty"`
}

ServiceStatus represents the current status of a service.

type ServiceType 

type ServiceType string

ServiceType string describes ingress methods for a service 

const (
	// ServiceTypeClusterIP means a service will only be accessible inside the
	// cluster, via the cluster IP.
	ServiceTypeClusterIP ServiceType = "ClusterIP"

	// ServiceTypeNodePort means a service will be exposed on one port of
	// every node, in addition to 'ClusterIP' type.
	ServiceTypeNodePort ServiceType = "NodePort"

	// ServiceTypeLoadBalancer means a service will be exposed via an
	// external load balancer (if the cloud provider supports it), in addition
	// to 'NodePort' type.
	ServiceTypeLoadBalancer ServiceType = "LoadBalancer"
)

type SvcWatchResp 

type SvcWatchResp struct {
	// contains filtered or unexported fields
}

SvcWatchResp is the response to a service watch

type TypeMeta 

type TypeMeta struct {
	// A string value representing the REST resource this object represents.
	// Servers may infer this from the endpoint the client submits requests to.
	// Cannot be updated.
	// In CamelCase.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
	Kind string `json:"kind,omitempty"`

	// APIVersion defines the version of the schema of an object.
	// Servers should convert recognized schemas to the latest internal value, and
	// may reject unrecognized values.
	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
	APIVersion string `json:"apiVersion,omitempty"`
}

TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.

Source Files

View all Source files

Directories

Path Synopsis
clients

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.