Documentation
¶
Index ¶
- func AnnotateEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
- func AnnotatePartiallyEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
- func AnnotateUnenrollPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
- func CheckBooleanAnnotation(pod *corev1.Pod, annotationName string) (bool, bool)
- func GetPlugin(rawPlugin any) (plugin map[string]any, err error)
- func GetPlugins(cniConfigMap map[string]any) (plugins []any, err error)
- func GetPodIPsIfPresent(pod *corev1.Pod) []netip.Addr
- func IsZtunnelPod(systemNs string, pod *corev1.Pod) bool
- func MarshalCNIConfig(cniConfigMap map[string]any) ([]byte, error)
- func PodFullyEnrolled(pod *corev1.Pod) bool
- func PodPartiallyEnrolled(pod *corev1.Pod) bool
- func PodRedirectionEnabled(namespace *corev1.Namespace, pod *corev1.Pod) bool
- func ReadCNIConfigMap(path string) (map[string]any, error)
- type Watcher
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AnnotateEnrolledPod ¶
func AnnotateEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
func AnnotatePartiallyEnrolledPod ¶
func AnnotatePartiallyEnrolledPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
func AnnotateUnenrollPod ¶
func AnnotateUnenrollPod(client kubernetes.Interface, pod *metav1.ObjectMeta) error
func CheckBooleanAnnotation ¶
CheckBooleanAnnotation checks for the named boolean-style (as per strcov.ParseBool) annotation on the pod. Returns the bool value, and a bool indicating annotation presence on the pod.
If the bool value is false, not present, or unparsable, returns a false value. If the annotation is not present or unparsable, returns false for presence.
func GetPlugin ¶
Given the raw plugin interface, return the plugin asserted as a map[string]interface{}
func GetPlugins ¶
Given an unmarshalled CNI config JSON map, return the plugin list asserted as a []interface{}
func GetPodIPsIfPresent ¶
Get any IPs currently assigned to the Pod.
If 'PodIPs' exists, it is preferred (and should be guaranteed to contain the address in 'PodIP'), otherwise fallback to 'PodIP'.
Note that very early in the pod's lifecycle (before all the node CNI plugin invocations finish) K8S may not have received the pod IPs yet, and may not report the pod as having any.
func MarshalCNIConfig ¶
Marshal the CNI config map and append a new line
func PodFullyEnrolled ¶
PodFullyEnrolled reports on whether the pod _has_ actually been fully configured for traffic redirection.
That is, have we annotated it after successfully setting up iptables rules AND sending it to a node proxy instance.
If you just want to know if the pod _should be_ configured for traffic redirection, see PodRedirectionEnabled
func PodPartiallyEnrolled ¶
PodPartiallyEnrolled reports on whether the pod _has_ already been partially configured (e.g. for traffic redirection) but not fully configured.
That is, have we annotated it after setting iptables rules, but have not yet been able to send it to a node proxy instance.
Pods like this still need to undergo the removal process (to potentially undo the redirection).
If you just want to know if the pod _should be_ configured for traffic redirection, see PodRedirectionEnabled
func PodRedirectionEnabled ¶
PodRedirectionEnabled determines if a pod should or should not be configured to have traffic redirected thru the node proxy.
Types ¶
type Watcher ¶
type Watcher struct {
Events chan struct{}
Errors chan error
// contains filtered or unexported fields
}
func CreateFileWatcher ¶
Creates a file watcher that watches for any changes to the directory
Source Files