Documentation ¶
Index ¶
- func AnnotateEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
- func AnnotateUnenrollPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
- func CheckBooleanAnnotation(pod *corev1.Pod, annotationName string) (bool, error)
- func GetPlugin(rawPlugin any) (plugin map[string]any, err error)
- func GetPlugins(cniConfigMap map[string]any) (plugins []any, err error)
- func GetPodIPsIfPresent(pod *corev1.Pod) []netip.Addr
- func IsZtunnelPod(systemNs string, pod *corev1.Pod) bool
- func MarshalCNIConfig(cniConfigMap map[string]any) ([]byte, error)
- func PodRedirectionActive(pod *corev1.Pod) bool
- func PodRedirectionEnabled(namespace *corev1.Namespace, pod *corev1.Pod) bool
- func ReadCNIConfigMap(path string) (map[string]any, error)
- type Watcher
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AnnotateEnrolledPod ¶
func AnnotateEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
func AnnotateUnenrollPod ¶
func AnnotateUnenrollPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
func CheckBooleanAnnotation ¶
CheckBooleanAnnotation checks for the named boolean-style (as per strcov.ParseBool) annotation on the pod. If not present, or the annotation value is unparsable, returns false. Otherwise, returns true. Returns a non-nil error if annotation value could not be parsed.
func GetPlugin ¶
Given the raw plugin interface, return the plugin asserted as a map[string]interface{}
func GetPlugins ¶
Given an unmarshalled CNI config JSON map, return the plugin list asserted as a []interface{}
func GetPodIPsIfPresent ¶
Get any IPs currently assigned to the Pod.
If 'PodIPs' exists, it is preferred (and should be guaranteed to contain the address in 'PodIP'), otherwise fallback to 'PodIP'.
Note that very early in the pod's lifecycle (before all the node CNI plugin invocations finish) K8S may not have received the pod IPs yet, and may not report the pod as having any.
func MarshalCNIConfig ¶
Marshal the CNI config map and append a new line
func PodRedirectionActive ¶
PodRedirectionActive reports on whether the pod _has_ actually been configured for traffic redirection.
That is, have we annotated it after successfully sending it to the node proxy and set up iptables rules.
If you just want to know if the pod _should be_ configured for traffic redirection, see PodRedirectionEnabled
func PodRedirectionEnabled ¶
PodRedirectionEnabled determines if a pod should or should not be configured to have traffic redirected thru the node proxy.
Types ¶
type Watcher ¶
type Watcher struct { Events chan struct{} Errors chan error // contains filtered or unexported fields }
func CreateFileWatcher ¶
Creates a file watcher that watches for any changes to the directory