Documentation ¶
Index ¶
- Constants
- func AddressSet(isValid func(ip net.IP) bool, addrs []net.Addr) sets.Set[string]
- func AppendPortIfNeeded(addr string, port int32) string
- func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error
- func FilterInterfaceAddrsByCIDRStrings(nw NetworkInterfacer, cidrStrings []string) ([]net.IP, error)
- func FilterInterfaceAddrsByCIDRs(nw NetworkInterfacer, cidrs []*net.IPNet) ([]net.IP, error)
- func GetClusterIPByFamily(ipFamily v1.IPFamily, service *v1.Service) string
- func GetIPFamilyFromIP(ip net.IP) v1.IPFamily
- func IPPart(s string) string
- func IsVIPMode(ing v1.LoadBalancerIngress) bool
- func IsZeroCIDR(cidr string) bool
- func LogAndEmitIncorrectIPVersionEvent(recorder events.EventRecorder, ...)
- func MapCIDRsByIPFamily(cidrsStrings []string) map[v1.IPFamily][]*net.IPNet
- func MapIPsByIPFamily(ipStrings []string) map[v1.IPFamily][]net.IP
- func OtherIPFamily(ipFamily v1.IPFamily) v1.IPFamily
- func ShouldSkipService(service *v1.Service) bool
- type LineBuffer
- type LocalTrafficDetector
- type NetworkInterfacer
- type NodePortAddresses
- type RealNetwork
Constants ¶
const ( // IPv4ZeroCIDR is the CIDR block for the whole IPv4 address space IPv4ZeroCIDR = "0.0.0.0/0" // IPv6ZeroCIDR is the CIDR block for the whole IPv6 address space IPv6ZeroCIDR = "::/0" )
Variables ¶
This section is empty.
Functions ¶
func AddressSet ¶ added in v1.23.0
AddressSet validates the addresses in the slice using the "isValid" function. Addresses that pass the validation are returned as a string Set.
func AppendPortIfNeeded ¶ added in v1.15.0
AppendPortIfNeeded appends the given port to IP address unless it is already in "ipv4:port" or "[ipv6]:port" format.
func EnsureSysctl ¶ added in v1.19.0
func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error
EnsureSysctl sets a kernel sysctl to a given numeric value.
func FilterInterfaceAddrsByCIDRStrings ¶
func FilterInterfaceAddrsByCIDRStrings(nw NetworkInterfacer, cidrStrings []string) ([]net.IP, error)
FilterInterfaceAddrsByCIDRStrings is a wrapper around FilterInterfaceAddrsByCIDRs which accepts CIDRs as list of strings.
func FilterInterfaceAddrsByCIDRs ¶
FilterInterfaceAddrsByCIDRs filters the IP addresses of the provided NetworkInterfacer, returning only those that belong to any of the CIDRs specified in the given list.
func GetClusterIPByFamily ¶ added in v1.20.0
GetClusterIPByFamily returns a service clusterip by family
func GetIPFamilyFromIP ¶ added in v1.29.0
GetIPFamilyFromIP Returns the IP family of ipStr, or IPFamilyUnknown if ipStr can't be parsed as an IP
func IPPart ¶ added in v1.9.0
IPPart returns just the IP part of an IP or IP:port or endpoint string. If the IP part is an IPv6 address enclosed in brackets (e.g. "[fd00:1::5]:9999"), then the brackets are stripped as well.
func IsVIPMode ¶ added in v1.29.0
func IsVIPMode(ing v1.LoadBalancerIngress) bool
func IsZeroCIDR ¶ added in v1.10.0
IsZeroCIDR checks whether the input CIDR string is either the IPv4 or IPv6 zero CIDR
func LogAndEmitIncorrectIPVersionEvent ¶ added in v1.10.0
func LogAndEmitIncorrectIPVersionEvent(recorder events.EventRecorder, fieldName, fieldValue, svcNamespace, svcName string, svcUID types.UID)
LogAndEmitIncorrectIPVersionEvent logs and emits incorrect IP version event.
func MapCIDRsByIPFamily ¶ added in v1.21.0
MapCIDRsByIPFamily maps a slice of CIDRs to their respective IP families (v4 or v6)
func MapIPsByIPFamily ¶ added in v1.21.0
MapIPsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6)
func OtherIPFamily ¶ added in v1.21.0
OtherIPFamily returns the other ip family
func ShouldSkipService ¶ added in v1.8.0
ShouldSkipService checks if a given service should skip proxying
Types ¶
type LineBuffer ¶ added in v1.23.0
type LineBuffer interface { // Write takes a list of arguments, each a string or []string, joins all the // individual strings with spaces, terminates with newline, and writes them to the // buffer. Any other argument type will panic. Write(args ...interface{}) // WriteBytes writes bytes to the buffer, and terminates with newline. WriteBytes(bytes []byte) // Reset clears the buffer Reset() // Bytes returns the contents of the buffer as a []byte Bytes() []byte // String returns the contents of the buffer as a string String() string // Lines returns the number of lines in the buffer. Note that more precisely, this // returns the number of times Write() or WriteBytes() was called; it assumes that // you never wrote any newlines to the buffer yourself. Lines() int }
LineBuffer is an interface for writing lines of input to a bytes.Buffer
func NewDiscardLineBuffer ¶ added in v1.28.0
func NewDiscardLineBuffer() LineBuffer
NewDiscardLineBuffer returns a dummy LineBuffer that counts the number of writes but throws away the data. (This is used for iptables proxy partial syncs, to keep track of how many rules we managed to avoid having to sync.)
func NewLineBuffer ¶ added in v1.28.0
func NewLineBuffer() LineBuffer
NewLineBuffer returns a new "real" LineBuffer
type LocalTrafficDetector ¶ added in v1.31.0
type LocalTrafficDetector interface { // IsImplemented returns true if the implementation does something, false // otherwise. You should not call the other methods if IsImplemented() returns // false. IsImplemented() bool // IfLocal returns iptables arguments that will match traffic from a local pod. IfLocal() []string // IfNotLocal returns iptables arguments that will match traffic that is not from // a local pod. IfNotLocal() []string // IfLocalNFT returns nftables arguments that will match traffic from a local pod. IfLocalNFT() []string // IfNotLocalNFT returns nftables arguments that will match traffic that is not // from a local pod. IfNotLocalNFT() []string }
LocalTrafficDetector generates iptables or nftables rules to detect traffic from local pods.
func NewDetectLocalByBridgeInterface ¶ added in v1.31.0
func NewDetectLocalByBridgeInterface(interfaceName string) LocalTrafficDetector
NewDetectLocalByBridgeInterface returns a LocalTrafficDetector that considers traffic from interfaceName to be from a local pod, and traffic from other interfaces to be non-local.
func NewDetectLocalByCIDR ¶ added in v1.31.0
func NewDetectLocalByCIDR(cidr string) LocalTrafficDetector
NewDetectLocalByCIDR returns a LocalTrafficDetector that considers traffic from the provided cidr to be from a local pod, and other traffic to be non-local. cidr is assumed to be valid.
func NewDetectLocalByInterfaceNamePrefix ¶ added in v1.31.0
func NewDetectLocalByInterfaceNamePrefix(interfacePrefix string) LocalTrafficDetector
NewDetectLocalByInterfaceNamePrefix returns a LocalTrafficDetector that considers traffic from interfaces starting with interfacePrefix to be from a local pod, and traffic from other interfaces to be non-local.
func NewNoOpLocalDetector ¶ added in v1.31.0
func NewNoOpLocalDetector() LocalTrafficDetector
NewNoOpLocalDetector returns a no-op implementation of LocalTrafficDetector.
type NetworkInterfacer ¶ added in v1.10.0
NetworkInterfacer defines an interface for several net library functions. Production code will forward to net library functions, and unit tests will override the methods for testing purposes.
type NodePortAddresses ¶ added in v1.27.0
type NodePortAddresses struct {
// contains filtered or unexported fields
}
NodePortAddresses is used to handle the --nodeport-addresses flag
func NewNodePortAddresses ¶ added in v1.27.0
func NewNodePortAddresses(family v1.IPFamily, cidrStrings []string) *NodePortAddresses
NewNodePortAddresses takes an IP family and the `--nodeport-addresses` value (which is assumed to contain only valid CIDRs, potentially of both IP families) and returns a NodePortAddresses object for the given family. If there are no CIDRs of the given family then the CIDR "0.0.0.0/0" or "::/0" will be added (even if there are CIDRs of the other family).
func (*NodePortAddresses) ContainsIPv4Loopback ¶ added in v1.27.0
func (npa *NodePortAddresses) ContainsIPv4Loopback() bool
ContainsIPv4Loopback returns true if npa's CIDRs contain an IPv4 loopback address.
func (*NodePortAddresses) GetNodeIPs ¶ added in v1.28.0
func (npa *NodePortAddresses) GetNodeIPs(nw NetworkInterfacer) ([]net.IP, error)
GetNodeIPs return all matched node IP addresses for npa's CIDRs. If no matching IPs are found, it returns an empty list. NetworkInterfacer is injected for test purpose.
func (*NodePortAddresses) MatchAll ¶ added in v1.28.0
func (npa *NodePortAddresses) MatchAll() bool
MatchAll returns true if npa matches all node IPs (of npa's given family)
func (*NodePortAddresses) String ¶ added in v1.27.0
func (npa *NodePortAddresses) String() string
type RealNetwork ¶ added in v1.10.0
type RealNetwork struct{}
RealNetwork implements the NetworkInterfacer interface for production code, just wrapping the underlying net library function calls.
func (RealNetwork) InterfaceAddrs ¶ added in v1.22.0
func (RealNetwork) InterfaceAddrs() ([]net.Addr, error)
InterfaceAddrs wraps net.InterfaceAddrs(), it's a part of NetworkInterfacer interface.