nodeagent

package
v0.0.0-...-de00c47 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 29, 2024 License: Apache-2.0 Imports: 54 Imported by: 2

Documentation

Index

Constants

View Source
const (
	// to reliably identify kubelet healthprobes from inside the pod (versus standard kube-proxy traffic,
	// since the IP is normally the same), we SNAT identified host probes in the host netns to a fixed
	// APIPA/"link-local" IP.
	//
	// It doesn't matter what this IP is, so long as it's not routable and doesn't collide with anything else.
	//
	// IPv6 link local ranges are designed to be collision-resistant by default, and so probably never need to be overridden
	DefaultHostProbeSNATIP   = "169.254.7.127"
	DefaultHostProbeSNATIPV6 = "fd16:9254:7127:1337:ffff:ffff:ffff:ffff"
)

Variables

View Source
var (
	PodNamespace                   = env.RegisterStringVar("POD_NAMESPACE", "", "pod's namespace").Get()
	SystemNamespace                = env.RegisterStringVar("SYSTEM_NAMESPACE", constants.IstioSystemNamespace, "istio system namespace").Get()
	PodName                        = env.RegisterStringVar("POD_NAME", "", "").Get()
	NodeName                       = env.RegisterStringVar("NODE_NAME", "", "").Get()
	Revision                       = env.RegisterStringVar("REVISION", "", "").Get()
	HostProbeSNATIP                = netip.MustParseAddr(env.RegisterStringVar("HOST_PROBE_SNAT_IP", DefaultHostProbeSNATIP, "").Get())
	HostProbeSNATIPV6              = netip.MustParseAddr(env.RegisterStringVar("HOST_PROBE_SNAT_IPV6", DefaultHostProbeSNATIPV6, "").Get())
	UseScopedIptablesLegacyLocking = env.RegisterBoolVar("AMBIENT_USE_SCOPED_XTABLES_LOCKING", true, "").Get()
)
View Source
var ErrPartialAdd = errors.New("partial add error")
View Source
var ErrPodNotFound = errors.New("netns not provided, but is needed as pod is not in cache")
View Source
var (
	EventTotals = monitoring.NewSum(
		"nodeagent_reconcile_events_total",
		"The total number of node agent reconcile events.",
	)
)

Functions

func GetFd

func GetFd(f fs.File) (uintptr, error)

func GetInode

func GetInode(fi fs.FileInfo) (uint64, error)

func GetPodUIDAndContainerID

func GetPodUIDAndContainerID(procCgroupData bytes.Buffer) (types.UID, string, error)

func NetnsDo

func NetnsDo(fdable NetnsFd, toRun func() error) error

inspired by netns.Do() but with an existing fd.

func NetnsSet

func NetnsSet(n NetnsFd) error

func StartHealthServer

func StartHealthServer() (installReady *atomic.Value, watchReady *atomic.Value)

StartHealthServer initializes and starts a web server that exposes liveness and readiness endpoints at port 8000.

Types

type AmbientArgs

type AmbientArgs struct {
	SystemNamespace            string
	Revision                   string
	KubeConfig                 string
	ServerSocket               string
	DNSCapture                 bool
	EnableIPv6                 bool
	ReconcilePodRulesOnStartup bool
}

type CNIPluginAddEvent

type CNIPluginAddEvent struct {
	Netns        string
	PodName      string
	PodNamespace string
	IPs          []IPConfig
}

Just a composite of the CNI plugin add event struct + some extracted "args"

type Cgroup

type Cgroup struct {
	HierarchyID    string
	ControllerList string
	GroupPath      string
}

Cgroup represents a linux cgroup.

func GetCgroups

func GetCgroups(procCgroupData bytes.Buffer) ([]Cgroup, error)

GetCGroups returns a slice of cgroups for pid using fs for filesystem calls.

The expected cgroup format is "hierarchy-ID:controller-list:cgroup-path", and this function will return an error if every cgroup does not meet that format.

For more information, see:

type CniPluginServer

type CniPluginServer struct {
	// contains filtered or unexported fields
}

func (*CniPluginServer) ReconcileCNIAddEvent

func (s *CniPluginServer) ReconcileCNIAddEvent(ctx context.Context, addCmd CNIPluginAddEvent) error

func (*CniPluginServer) Start

func (s *CniPluginServer) Start() error

Start starts up a UDS server which receives events from the CNI chain plugin.

func (*CniPluginServer) Stop

func (s *CniPluginServer) Stop()

type IPConfig

type IPConfig struct {
	Interface *int
	Address   net.IPNet
	Gateway   net.IP
}

IPConfig contains an interface/gateway/address combo defined for a newly-started pod by CNI. This is "from the horse's mouth" so to speak and will be populated before Kube is informed of the pod IP.

type InformerHandlers

type InformerHandlers struct {
	// contains filtered or unexported fields
}

func (*InformerHandlers) GetActiveAmbientPodSnapshot

func (s *InformerHandlers) GetActiveAmbientPodSnapshot() []*corev1.Pod

Gets a point-in-time snapshot of all pods that are CURRENTLY ambient enabled (as per control plane annotation) Note that this is not the same thing as SHOULD be enabled or WILL be enabled. This is only used for building the initial snapshot ATM.

func (*InformerHandlers) GetPodIfAmbientEnabled

func (s *InformerHandlers) GetPodIfAmbientEnabled(podName, podNamespace string) (*corev1.Pod, error)

GetPodIfAmbientEnabled looks up a pod. It returns: * An error if the pod cannot be found * nil if the pod is found, but is not currently eligible for ambient enrollment * the pod, if it is found and is currently eligible for ambient enrollment

func (*InformerHandlers) Start

func (s *InformerHandlers) Start()

type K8sHandlers

type K8sHandlers interface {
	GetPodIfAmbientEnabled(podName, podNamespace string) (*corev1.Pod, error)
	GetActiveAmbientPodSnapshot() []*corev1.Pod
	Start()
}

type MeshDataplane

type MeshDataplane interface {
	// called first, (even before Start()).
	ConstructInitialSnapshot(ambientPods []*corev1.Pod) error
	Start(ctx context.Context)

	AddPodToMesh(ctx context.Context, pod *corev1.Pod, podIPs []netip.Addr, netNs string) error
	RemovePodFromMesh(ctx context.Context, pod *corev1.Pod, isDelete bool) error

	Stop(skipCleanup bool)
}

type NetServer

type NetServer struct {
	// contains filtered or unexported fields
}

Adapts CNI to ztunnel server. decoupled from k8s for easier integration testing.

func (*NetServer) AddPodToMesh

func (s *NetServer) AddPodToMesh(ctx context.Context, pod *corev1.Pod, podIPs []netip.Addr, netNs string) error

AddPodToMesh adds a pod to mesh by 1. Getting the netns 2. Adding the pod's IPs to the hostnetns ipsets for node probe checks 3. Creating iptables rules inside the pod's netns 4. Notifying ztunnel via GRPC to create a proxy for the pod

You may ask why we pass the pod IPs separately from the pod manifest itself (which contains the pod IPs as a field) - this is because during add specifically, if CNI plugins have not finished executing, K8S may get a pod Add event without any IPs in the object, and the pod will later be updated with IPs.

We always need the IPs, but this is fine because this AddPodToMesh can be called from the CNI plugin as well, which always has the firsthand info of the IPs, even before K8S does - so we pass them separately here because we actually may have them before K8S in the Pod object.

func (*NetServer) ConstructInitialSnapshot

func (s *NetServer) ConstructInitialSnapshot(ambientPods []*corev1.Pod) error

ConstructInitialSnapshot takes a "snapshot" of current ambient pods and

1. Constructs a ztunnel state message to initialize ztunnel 2. Syncs the host ipset

func (*NetServer) RemovePodFromMesh

func (s *NetServer) RemovePodFromMesh(ctx context.Context, pod *corev1.Pod, isDelete bool) error

RemovePodFromMesh is called when a pod needs to be removed from the mesh

func (*NetServer) Start

func (s *NetServer) Start(ctx context.Context)

func (*NetServer) Stop

func (s *NetServer) Stop(_ bool)

type Netns

type Netns interface {
	NetnsFd
	Inode() uint64
}

type NetnsCloser

type NetnsCloser interface {
	io.Closer
	Netns
}

func OpenNetns

func OpenNetns(nspath string) (NetnsCloser, error)

type NetnsFd

type NetnsFd interface {
	Fd() uintptr
}

type NetnsWithFd

type NetnsWithFd struct {
	// contains filtered or unexported fields
}

func (*NetnsWithFd) Close

func (n *NetnsWithFd) Close() error

func (*NetnsWithFd) Fd

func (n *NetnsWithFd) Fd() uintptr

func (*NetnsWithFd) Inode

func (n *NetnsWithFd) Inode() uint64

type NetnsWrapper

type NetnsWrapper struct {
	// contains filtered or unexported fields
}

func (*NetnsWrapper) Close

func (n *NetnsWrapper) Close() error

func (*NetnsWrapper) Fd

func (n *NetnsWrapper) Fd() uintptr

func (*NetnsWrapper) Inode

func (n *NetnsWrapper) Inode() uint64

type PartialAddError

type PartialAddError struct {
	// contains filtered or unexported fields
}

func NewErrPartialAdd

func NewErrPartialAdd(err error) *PartialAddError

func (*PartialAddError) Error

func (e *PartialAddError) Error() string

func (*PartialAddError) Unwrap

func (e *PartialAddError) Unwrap() []error

type PodNetnsCache

type PodNetnsCache interface {
	ReadCurrentPodSnapshot() map[string]WorkloadInfo
}

type PodNetnsEntry

type PodNetnsEntry struct {
	// contains filtered or unexported fields
}

type PodNetnsFinder

type PodNetnsFinder interface {
	FindNetnsForPods(filter map[types.UID]*corev1.Pod) (PodToNetns, error)
}

type PodNetnsProcFinder

type PodNetnsProcFinder struct {
	// contains filtered or unexported fields
}

func NewPodNetnsProcFinder

func NewPodNetnsProcFinder(proc fs.FS) *PodNetnsProcFinder

func (*PodNetnsProcFinder) FindNetnsForPods

func (p *PodNetnsProcFinder) FindNetnsForPods(pods map[types.UID]*corev1.Pod) (PodToNetns, error)

type PodToNetns

type PodToNetns map[string]WorkloadInfo

func (PodToNetns) Close

func (p PodToNetns) Close()

type Server

type Server struct {
	// contains filtered or unexported fields
}

func NewServer

func NewServer(ctx context.Context, ready *atomic.Value, pluginSocket string, args AmbientArgs) (*Server, error)

func (*Server) NotReady

func (s *Server) NotReady()

func (*Server) Ready

func (s *Server) Ready()

func (*Server) ShouldStopForUpgrade

func (s *Server) ShouldStopForUpgrade(selfName, selfNamespace string) bool

func (*Server) Start

func (s *Server) Start()

func (*Server) Stop

func (s *Server) Stop(skipCleanup bool)

type WorkloadInfo

type WorkloadInfo struct {
	Workload *zdsapi.WorkloadInfo
	Netns    NetnsCloser
}

type ZtunnelConnection

type ZtunnelConnection struct {
	Updates chan updateRequest
	// contains filtered or unexported fields
}

func (*ZtunnelConnection) Close

func (z *ZtunnelConnection) Close()

type ZtunnelServer

type ZtunnelServer interface {
	Run(ctx context.Context)
	PodDeleted(ctx context.Context, uid string) error
	PodAdded(ctx context.Context, pod *v1.Pod, netns Netns) error
	Close() error
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL