iptables

package module
v0.0.0-...-edb81cd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2024 License: Apache-2.0 Imports: 30 Imported by: 2

README

Structure of the IPTables Backend

The IPTables backend for KPNG is derived from the upstream kubernetes iptables implementation.

To make the upstream implementation work in kpng, we implement the decoder interface.

The decoder sends new Kubernetes events down to the iptables backend and the job of the IPTables backend is then to write iptables proxying rules using the same logic as Kubernetes upstream kube-proxy does.

The Sink object sends information to the iptables backend

The Sink object is defined in the kpng decoder package.

Its job is to tell the iptables backend, which implements the Decoder interface, to "do stuff".

A decoder is an object which recieves information about changes to the networking topology in Kubernetes (services, and endpoints) and then acts on that topology. The specific functions implemented by a decoder are:

  • SetService
  • DeleteService
  • SetEndpoint
  • DeleteEndpoint
  • Setup
  • WaitRequest
  • Reset

The decoder package has a Sink object, which is responsible for calling these functions when different events happen in the Kubernetes API.

Make sure not to confuse Sink, the machinery which processes upstream Kubernetes events and sends them to backends, with Sync, the downstream backends which ultimately need to get synchronized periodically for implementing the service routing rules using (i.e. iptables implementation is done in the Sync call, whereas the Sink object is the "thing" that recieves events over GRPC from the Kpng server and acts on them).

Domain specific logic for managing IPTables routing rules: iptables.go

Since every backend in KPNG is independent of the 'frontend' which tracks changes in the apiserver.

Thus the Backend interface in KPNG has a Setup implementation which allows a Kpng backend to set itself up, one time, when it is being created.

Someone calling iptables needs to make an EndpointChangeTracker and a ServiceChangeTracker.
These objects then write the internal data of the iptables struct. Periodically, the changes are read in during the sync() method.

Implementation of the Decoder interface: sink.go

  • Methods for the KPNG Backend include
    • Sink: Creates a decoder, and providers it to a new filterreset, with the iptables backend as the Decoder implementation.
    • BindFlags: not implmented, but binds any configuration we send in.
    • Setup: Creates ipv4 and ip6 implementations of the Iptables proxier, and serviceChange and endpointChange objects.
      • serviceChange and endpointChange both make NewServiceChangeTracker and EndpointChangeTracker objects.
      • Ultimately it writes to the array of implementations : IptablesImpl[protocol] = iptable
    • Reset: not implemented
    • Sync: runs sync() on each of the IPtables implementations (v4, v6)
    • Endpoint and Service management
    • Any KPNG backend must ultimately deal with two events: creation of services and endpoints. The Backend struct for iptables thus has Set/Delete functions which are triggered by the KPNG control server, for these two types. These can be thought of as the interface between a Kubernetes watch and the iptables backend.
      • SetService/DeleteService: Calling of the Update/Delete functions on the serviceChanges datastructure
      • SetEndpoint/DeleteEndpoint: Same as above, but for Endpoints

Documentation

Index

Constants

View Source 
const (

	// KubeMarkMasqChain is the mark-for-masquerade chain
	KubeMarkMasqChain util.Chain = "KUBE-MARK-MASQ"
	// KubeMarkDropChain is the mark-for-drop chain
	KubeMarkDropChain util.Chain = "KUBE-MARK-DROP"
)
View Source 
const (
	// IPv4ZeroCIDR is the CIDR block for the whole IPv4 address space
	IPv4ZeroCIDR = "0.0.0.0/0"

	// IPv6ZeroCIDR is the CIDR block for the whole IPv6 address space
	IPv6ZeroCIDR = "::/0"
)

Variables

View Source 
var (
	// ErrAddressNotAllowed indicates the address is not allowed
	ErrAddressNotAllowed = errors.New("address not allowed")

	// ErrNoAddresses indicates there are no addresses for the hostname
	ErrNoAddresses = errors.New("No addresses for hostname")
)
View Source 
var (
	// SyncProxyRulesLatency is the latency of one round of kube-proxy syncing proxy rules.
	SyncProxyRulesLatency = metrics.NewHistogram(
		&metrics.HistogramOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_duration_seconds",
			Help:           "SyncProxyRules latency in seconds",
			Buckets:        metrics.ExponentialBuckets(0.001, 2, 15),
			StabilityLevel: metrics.ALPHA,
		},
	)

	// SyncProxyRulesLastTimestamp is the timestamp proxy rules were last
	// successfully synced.
	SyncProxyRulesLastTimestamp = metrics.NewGauge(
		&metrics.GaugeOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_last_timestamp_seconds",
			Help:           "The last time proxy rules were successfully synced",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// NetworkProgrammingLatency is defined as the time it took to program the network - from the time
	// the service or pod has changed to the time the change was propagated and the proper kube-proxy
	// rules were synced. Exported for each endpoints object that were part of the rules sync.
	// See https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
	// Note that the metrics is partially based on the time exported by the endpoints controller on
	// the master machine. The measurement may be inaccurate if there is a clock drift between the
	// node and master machine.
	NetworkProgrammingLatency = metrics.NewHistogram(
		&metrics.HistogramOpts{
			Subsystem: kubeProxySubsystem,
			Name:      "network_programming_duration_seconds",
			Help:      "In Cluster Network Programming Latency in seconds",
			Buckets: merge(
				metrics.LinearBuckets(0.25, 0.25, 2),
				metrics.LinearBuckets(1, 1, 59),
				metrics.LinearBuckets(60, 5, 12),
				metrics.LinearBuckets(120, 30, 7),
			),
			StabilityLevel: metrics.ALPHA,
		},
	)

	// EndpointChangesPending is the number of pending endpoint changes that
	// have not yet been synced to the proxy.
	EndpointChangesPending = metrics.NewGauge(
		&metrics.GaugeOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_endpoint_changes_pending",
			Help:           "Pending proxy rules Endpoint changes",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// EndpointChangesTotal is the number of endpoint changes that the proxy
	// has seen.
	EndpointChangesTotal = metrics.NewCounter(
		&metrics.CounterOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_endpoint_changes_total",
			Help:           "Cumulative proxy rules Endpoint changes",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// ServiceChangesPending is the number of pending service changes that
	// have not yet been synced to the proxy.
	ServiceChangesPending = metrics.NewGauge(
		&metrics.GaugeOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_service_changes_pending",
			Help:           "Pending proxy rules Service changes",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// ServiceChangesTotal is the number of service changes that the proxy has
	// seen.
	ServiceChangesTotal = metrics.NewCounter(
		&metrics.CounterOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_service_changes_total",
			Help:           "Cumulative proxy rules Service changes",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// IptablesRestoreFailuresTotal is the number of iptables restore failures that the proxy has
	// seen.
	IptablesRestoreFailuresTotal = metrics.NewCounter(
		&metrics.CounterOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_iptables_restore_failures_total",
			Help:           "Cumulative proxy iptables restore failures",
			StabilityLevel: metrics.ALPHA,
		},
	)

	// IptablesRulesTotal is the number of iptables rules that the iptables proxy installs.
	IptablesRulesTotal = metrics.NewGaugeVec(
		&metrics.GaugeOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_iptables_total",
			Help:           "Number of proxy iptables rules programmed",
			StabilityLevel: metrics.ALPHA,
		},
		[]string{"table"},
	)

	// SyncProxyRulesLastQueuedTimestamp is the last time a proxy sync was
	// requested. If this is much larger than
	// kubeproxy_sync_proxy_rules_last_timestamp_seconds, then something is hung.
	SyncProxyRulesLastQueuedTimestamp = metrics.NewGauge(
		&metrics.GaugeOpts{
			Subsystem:      kubeProxySubsystem,
			Name:           "sync_proxy_rules_last_queued_timestamp_seconds",
			Help:           "The last time a sync of proxy rules was queued",
			StabilityLevel: metrics.ALPHA,
		},
	)
)
View Source 
var IptablesImpl map[v1.IPFamily]*iptables
View Source 
var ListenPortOpener listenPortOpener

ListenPortOpener opens ports by calling bind() and listen().

Functions

func BindFlags 

func BindFlags(flags *pflag.FlagSet)

func CountBytesLines 

func CountBytesLines(b []byte) int

CountBytesLines counts the number of lines in a bytes slice

func GetClusterIPByFamily 

func GetClusterIPByFamily(ipFamily v1.IPFamily, service *localv1.Service) string

GetClusterIPByFamily returns a service clusterip by family

func GetLocalAddrSet 

func GetLocalAddrSet() utilnet.IPSet

GetLocalAddrSet return a local IPSet. If failed to get local addr, will assume no local ips.

func GetLocalAddrs 

func GetLocalAddrs() ([]net.IP, error)

GetLocalAddrs returns a list of all network addresses on the local system

func GetNodeAddresses 

func GetNodeAddresses(cidrs []string, nw NetworkInterfacer) (sets.String, error)

GetNodeAddresses return all matched node IP addresses based on given cidr slice. Some callers, e.g. IPVS proxier, need concrete IPs, not ranges, which is why this exists. NetworkInterfacer is injected for test purpose. We expect the cidrs passed in is already validated. Given an empty input `[]`, it will return `0.0.0.0/0` and `::/0` directly. If multiple cidrs is given, it will return the minimal IP sets, e.g. given input `[1.2.0.0/16, 0.0.0.0/0]`, it will only return `0.0.0.0/0`. NOTE: GetNodeAddresses only accepts CIDRs, if you want concrete IPs, e.g. 1.2.3.4, then the input should be 1.2.3.4/32.

func IPPart 

func IPPart(s string) string

IPPart returns just the IP part of an IP or IP:port or endpoint string. If the IP part is an IPv6 address enclosed in brackets (e.g. "[fd00:1::5]:9999"), then the brackets are stripped as well.

func IsServiceIPSet 

func IsServiceIPSet(service *localv1.Service) bool

func IsZeroCIDR 

func IsZeroCIDR(cidr string) bool

IsZeroCIDR checks whether the input CIDR string is either the IPv4 or IPv6 zero CIDR

func LogAndEmitIncorrectIPVersionEvent 

func LogAndEmitIncorrectIPVersionEvent(recorder events.EventRecorder, fieldName, fieldValue, svcNamespace, svcName string, svcUID types.UID)

LogAndEmitIncorrectIPVersionEvent logs and emits incorrect IP version event.

func MapCIDRsByIPFamily 

func MapCIDRsByIPFamily(cidrStrings []string) map[v1.IPFamily][]string

MapCIDRsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6)

func MapIPsByIPFamily 

func MapIPsByIPFamily(ips *localv1.IPSet) map[v1.IPFamily][]string

MapIPsByIPFamily maps a slice of IPs to their respective IP families (v4 or v6)

func NewIptables 

func NewIptables() *iptables

func OtherIPFamily 

func OtherIPFamily(ipFamily v1.IPFamily) v1.IPFamily

OtherIPFamily returns the other ip family

func PortPart 

func PortPart(s string) (int, error)

PortPart returns just the port part of an endpoint string.

func RegisterMetrics 

func RegisterMetrics()

RegisterMetrics registers kube-proxy metrics.

func RequestsOnlyLocalTraffic 

func RequestsOnlyLocalTraffic(service *localv1.Service) bool

RequestsOnlyLocalTraffic checks if service requests OnlyLocal traffic.

func RevertPorts 

func RevertPorts(replacementPortsMap, originalPortsMap map[utilnet.LocalPort]utilnet.Closeable)

RevertPorts is closing ports in replacementPortsMap but not in originalPortsMap. In other words, it only closes the ports opened in this sync.

func SinceInSeconds 

func SinceInSeconds(start time.Time) float64

SinceInSeconds gets the time since the specified start in seconds.

func ToCIDR 

func ToCIDR(ip net.IP) string

ToCIDR returns a host address of the form <ip-address>/32 for IPv4 and <ip-address>/128 for IPv6

func WriteBytesLine 

func WriteBytesLine(buf *bytes.Buffer, bytes []byte)

WriteBytesLine write bytes to buffer, terminate with newline

func WriteLine 

func WriteLine(buf *bytes.Buffer, words ...string)

WriteLine join all words with spaces, terminate with newline and write to buff.

func WriteRuleLine 

func WriteRuleLine(buf *bytes.Buffer, chainName string, words ...string)

WriteRuleLine prepends the strings "-A" and chainName to the buffer and calls WriteLine to join all the words into the buffer and terminate with newline.

Types

type Backend 

type Backend struct {
	localsink.Config
}

func New 

func New() *Backend

func (*Backend) BindFlags 

func (s *Backend) BindFlags(flags *pflag.FlagSet)

func (*Backend) DeleteEndpoint 

func (s *Backend) DeleteEndpoint(namespace, serviceName, key string)

func (*Backend) DeleteService 

func (s *Backend) DeleteService(namespace, name string)

func (*Backend) Reset 

func (s *Backend) Reset()

func (*Backend) SetEndpoint 

func (s *Backend) SetEndpoint(namespace, serviceName, key string, endpoint *localv1.Endpoint)

func (*Backend) SetService 

func (s *Backend) SetService(svc *localv1.Service)

func (*Backend) Setup 

func (s *Backend) Setup()

func (*Backend) Sink 

func (s *Backend) Sink() localsink.Sink

func (*Backend) Sync 

func (s *Backend) Sync()

type BaseServiceInfo 

type BaseServiceInfo struct {
	// contains filtered or unexported fields
}

BaseServiceInfo contains base information that defines a service. This could be used directly by proxier while processing services, or can be used for constructing a more specific ServiceInfo struct defined by the proxier if needed.

func (*BaseServiceInfo) ClusterIP 

func (info *BaseServiceInfo) ClusterIP() net.IP

ClusterIP is part of ServicePort interface.

func (*BaseServiceInfo) ExternalIPStrings 

func (info *BaseServiceInfo) ExternalIPStrings() []string

ExternalIPStrings is part of ServicePort interface.

func (*BaseServiceInfo) HealthCheckNodePort 

func (info *BaseServiceInfo) HealthCheckNodePort() int

HealthCheckNodePort is part of ServicePort interface.

func (*BaseServiceInfo) HintsAnnotation 

func (info *BaseServiceInfo) HintsAnnotation() string

HintsAnnotation is part of ServicePort interface.

func (*BaseServiceInfo) InternalTrafficPolicy 

func (info *BaseServiceInfo) InternalTrafficPolicy() *v1.ServiceInternalTrafficPolicyType

InternalTrafficPolicy is part of ServicePort interface

func (*BaseServiceInfo) LoadBalancerIPStrings 

func (info *BaseServiceInfo) LoadBalancerIPStrings() []string

LoadBalancerIPStrings is part of ServicePort interface.

func (*BaseServiceInfo) LoadBalancerSourceRanges 

func (info *BaseServiceInfo) LoadBalancerSourceRanges() []string

LoadBalancerSourceRanges is part of ServicePort interface

func (*BaseServiceInfo) NodeLocalExternal 

func (info *BaseServiceInfo) NodeLocalExternal() bool

NodeLocalExternal is part of ServicePort interface.

func (*BaseServiceInfo) NodeLocalInternal 

func (info *BaseServiceInfo) NodeLocalInternal() bool

NodeLocalInternal is part of ServicePort interface

func (*BaseServiceInfo) NodePort 

func (info *BaseServiceInfo) NodePort() int

NodePort is part of the ServicePort interface.

func (*BaseServiceInfo) Port 

func (info *BaseServiceInfo) Port() int

Port is part of ServicePort interface.

func (*BaseServiceInfo) PortName 

func (info *BaseServiceInfo) PortName() string

PortName is part of ServicePort interface.

func (*BaseServiceInfo) Protocol 

func (info *BaseServiceInfo) Protocol() localv1.Protocol

Protocol is part of ServicePort interface.

func (*BaseServiceInfo) SessionAffinity 

func (info *BaseServiceInfo) SessionAffinity() SessionAffinity

SessionAffinity is part of the ServicePort interface.

func (*BaseServiceInfo) String 

func (info *BaseServiceInfo) String() string

String is part of ServicePort interface.

func (*BaseServiceInfo) TargetPort 

func (info *BaseServiceInfo) TargetPort() int

Port is part of ServicePort interface.

func (*BaseServiceInfo) TargetPortName 

func (info *BaseServiceInfo) TargetPortName() string

type Closeable 

type Closeable interface {
	Close() error
}

Closeable closes an opened LocalPort.

type Endpoint 

type Endpoint interface {
	// String returns endpoint string.  An example format can be: `IP:Port`.
	// We take the returned value as ServiceEndpoint.Endpoint.
	String() string
	// GetIsLocal returns true if the endpoint is running in same host as kube-proxy, otherwise returns false.
	GetIsLocal() bool
	// IsReady returns true if an endpoint is ready and not terminating.
	// This is only set when watching EndpointSlices. If using Endpoints, this is always
	// true since only ready endpoints are read from Endpoints.
	IsReady() bool
	// IsServing returns true if an endpoint is ready. It does not account
	// for terminating state.
	// This is only set when watching EndpointSlices. If using Endpoints, this is always
	// true since only ready endpoints are read from Endpoints.
	IsServing() bool
	// IsTerminating retruns true if an endpoint is terminating. For pods,
	// that is any pod with a deletion timestamp.
	// This is only set when watching EndpointSlices. If using Endpoints, this is always
	// false since terminating endpoints are always excluded from Endpoints.
	IsTerminating() bool
	// GetTopology returns the topology information of the endpoint.
	GetTopology() map[string]string
	// GetZoneHint returns the zone hint for the endpoint. This is based on
	// endpoint.hints.forZones[0].name in the EndpointSlice API.
	GetZoneHints() sets.String
	// IP returns IP part of the endpoint.
	IP() string
	// Port returns the Port part of the endpoint.
	Port() (int, error)
	// Equal checks if two endpoints are equal.
	Equal(Endpoint) bool
}

Endpoint in an interface which abstracts information about an endpoint. TODO: Rename functions to be consistent with ServicePort.

type EndpointChangeTracker 

type EndpointChangeTracker struct {
	// contains filtered or unexported fields
}

EndpointChangeTracker carries state about uncommitted changes to an arbitrary number of Endpoints, keyed by their namespace and name.

func NewEndpointChangeTracker 

func NewEndpointChangeTracker(hostname string, ipFamily v1.IPFamily, recorder events.EventRecorder) *EndpointChangeTracker

NewEndpointChangeTracker initializes an EndpointsChangeMap

func (*EndpointChangeTracker) EndpointUpdate 

func (ect *EndpointChangeTracker) EndpointUpdate(namespace, serviceName, key string, endpoint *localv1.Endpoint)

type EndpointsCache 

type EndpointsCache struct {
	// contains filtered or unexported fields
}

EndpointsCache is used as a cache of EndpointSlice information.

func NewEndpointsCache 

func NewEndpointsCache(hostname string, ipFamily v1.IPFamily, recorder events.EventRecorder) *EndpointsCache

NewEndpointsCache initializes an EndpointCache.

type EndpointsMap 

type EndpointsMap map[types.NamespacedName]*endpointsInfoByName

EndpointChangesTotal is the number of endpoint changes that the proxy has seen. var EndpointChangesTotal = metrics.NewCounter( 

&metrics.CounterOpts{
	Subsystem:      kubeProxySubsystem,
	Name:           "sync_proxy_rules_endpoint_changes_total",
	Help:           "Cumulative proxy rules Endpoint changes",
	StabilityLevel: metrics.ALPHA,
},

) EndpointsMap maps a service name to a list of all its Endpoints.

func (EndpointsMap) Update 

func (em EndpointsMap) Update(changes *EndpointChangeTracker) (result UpdateEndpointMapResult)

Update updates endpointsMap base on the given changes.

type IPFamily 

type IPFamily string

IPFamily refers to a specific family if not empty, i.e. "4" or "6". 

const (
	IPv4 IPFamily = "4"
	IPv6          = "6"
)

Constants for valid IPFamilys:

type LocalPort 

type LocalPort struct {
	// Description is an arbitrary string.
	Description string
	// IP is the IP address part of a given local port.
	// If this string is empty, the port binds to all local IP addresses.
	IP string
	// If IPFamily is not empty, the port binds only to addresses of this
	// family.
	// IF empty along with IP, bind to local addresses of any family.
	IPFamily IPFamily
	// Port is the port number.
	// A value of 0 causes a port to be automatically chosen.
	Port int
	// Protocol is the protocol, e.g. TCP
	Protocol Protocol
}

LocalPort represents an IP address and port pair along with a protocol and potentially a specific IP family. A LocalPort can be opened and subsequently closed.

func NewLocalPort 

func NewLocalPort(desc, ip string, ipFamily IPFamily, port int, protocol Protocol) (*LocalPort, error)

NewLocalPort returns a LocalPort instance and ensures IPFamily and IP are consistent and that the given protocol is valid.

func (*LocalPort) String 

func (lp *LocalPort) String() string

type LocalTrafficDetector 

type LocalTrafficDetector interface {
	// IsImplemented returns true if the implementation does something, false otherwise
	IsImplemented() bool

	// JumpIfLocal appends conditions to jump to a target chain if traffic detected to be
	// of local origin
	JumpIfLocal(args []string, toChain string) []string

	// JumpINotfLocal appends conditions to jump to a target chain if traffic detected not to be
	// of local origin
	JumpIfNotLocal(args []string, toChain string) []string
}

LocalTrafficDetector in a interface to take action (jump) based on whether traffic originated locally at the node or not

func NewDetectLocalByCIDR 

func NewDetectLocalByCIDR(cidr string, ipt utiliptables.Interface) (LocalTrafficDetector, error)

NewDetectLocalByCIDR implements the LocalTrafficDetector interface using a CIDR. This can be used when a single CIDR range can be used to capture the notion of local traffic.

func NewNoOpLocalDetector 

func NewNoOpLocalDetector() LocalTrafficDetector

NewNoOpLocalDetector is a no-op implementation of LocalTrafficDetector

type NetworkInterfacer 

type NetworkInterfacer interface {
	Addrs(intf *net.Interface) ([]net.Addr, error)
	Interfaces() ([]net.Interface, error)
}

NetworkInterfacer defines an interface for several net library functions. Production code will forward to net library functions, and unit tests will override the methods for testing purposes.

type PortOpener 

type PortOpener interface {
	OpenLocalPort(lp *LocalPort) (Closeable, error)
}

PortOpener can open a LocalPort and allows later closing it.

type Protocol 

type Protocol string

Protocol is a network protocol support by LocalPort. 

const (
	TCP Protocol = "TCP"
	UDP Protocol = "UDP"
)

Constants for valid protocols:

type ServiceChangeTracker 

type ServiceChangeTracker struct {
	// contains filtered or unexported fields
}

ServiceChangeTracker carries state about uncommitted changes to an arbitrary number of Services, keyed by their namespace and name.

func NewServiceChangeTracker 

func NewServiceChangeTracker(makeServiceInfo makeServicePortFunc, ipFamily v1.IPFamily, recorder events.EventRecorder) *ServiceChangeTracker

NewServiceChangeTracker initializes a ServiceChangeTracker

func (*ServiceChangeTracker) Delete 

func (sct *ServiceChangeTracker) Delete(namespace, name string) bool

func (*ServiceChangeTracker) Update 

func (sct *ServiceChangeTracker) Update(current *localv1.Service) bool

Update updates given service's change map based on the <previous, current> service pair. It returns true if items changed, otherwise return false. Update can be used to add/update/delete items of ServiceChangeMap. For example, Add item

  • pass <nil, service> as the <previous, current> pair.

Update item

  • pass <oldService, service> as the <previous, current> pair.

Delete item

  • pass <service, nil> as the <previous, current> pair.

type ServiceEndpoint 

type ServiceEndpoint struct {
	Endpoint        string
	ServicePortName ServicePortName
}

ServiceEndpoint is used to identify a service and one of its endpoint pair.

type ServicePort 

type ServicePort interface {
	// String returns service string.  An example format can be: `IP:Port/Protocol`.
	String() string
	// GetClusterIP returns service cluster IP in net.IP format.
	ClusterIP() net.IP
	// GetPort returns service port if present. If return 0 means not present.
	Port() int
	// GetSessionAffinityType returns service session affinity type
	SessionAffinity() SessionAffinity
	// ExternalIPStrings returns service ExternalIPs as a string array.
	ExternalIPStrings() []string
	// LoadBalancerIPStrings returns service LoadBalancerIPs as a string array.
	LoadBalancerIPStrings() []string
	// GetProtocol returns service protocol.
	Protocol() localv1.Protocol
	// LoadBalancerSourceRanges returns service LoadBalancerSourceRanges if present empty array if not
	LoadBalancerSourceRanges() []string
	// GetHealthCheckNodePort returns service health check node port if present.  If return 0, it means not present.
	HealthCheckNodePort() int
	// GetNodePort returns a service Node port if present. If return 0, it means not present.
	NodePort() int
	// NodeLocalExternal returns if a service has only node local endpoints for external traffic.
	NodeLocalExternal() bool
	// NodeLocalInternal returns if a service has only node local endpoints for internal traffic.
	NodeLocalInternal() bool
	// InternalTrafficPolicy returns service InternalTrafficPolicy
	InternalTrafficPolicy() *v1.ServiceInternalTrafficPolicyType
	// HintsAnnotation returns the value of the v1.AnnotationTopologyAwareHints annotation.
	HintsAnnotation() string
}

ServicePort is an interface which abstracts information about a service.

type ServicePortName 

type ServicePortName struct {
	types.NamespacedName
	Port     string
	Protocol localv1.Protocol
}

ServicePortName carries a namespace + name + portname. This is the unique identifier for a load-balanced service.

func (ServicePortName) String 

func (spn ServicePortName) String() string

type ServicesSnapshot 

type ServicesSnapshot map[types.NamespacedName]serviceChange

func (*ServicesSnapshot) Update 

func (svcSnap *ServicesSnapshot) Update(changes *ServiceChangeTracker) (result UpdateServiceMapResult)

type SessionAffinity 

type SessionAffinity struct {
	ClientIP *localv1.Service_ClientIP
}

SessionAffinity contains data about assinged session affinity

type UpdateEndpointMapResult 

type UpdateEndpointMapResult struct {
	// HCEndpointsLocalIPSize maps an endpoints name to the length of its local IPs.
	HCEndpointsLocalIPSize map[types.NamespacedName]int
	// StaleEndpoints identifies if an endpoints service pair is stale.
	StaleEndpoints []ServiceEndpoint
	// StaleServiceNames identifies if a service is stale.
	StaleServiceNames []ServicePortName
	// List of the trigger times for all endpoints objects that changed. It's used to export the
	// network programming latency.
	// NOTE(oxddr): this can be simplified to []time.Time if memory consumption becomes an issue.
	LastChangeTriggerTimes map[types.NamespacedName][]time.Time
}

UpdateEndpointMapResult is the updated results after applying endpoints changes.

type UpdateServiceMapResult 

type UpdateServiceMapResult struct {
	// HCServiceNodePorts is a map of Service names to node port numbers which indicate the health of that Service on this Node.
	// The value(uint16) of HCServices map is the service health check node port.
	HCServiceNodePorts map[types.NamespacedName]uint16
	// UDPStaleClusterIP holds stale (no longer assigned to a Service) Service IPs that had UDP ports.
	// Callers can use this to abort timeout-waits or clear connection-tracking information.
	UDPStaleClusterIP sets.String
}

UpdateServiceMapResult is the updated results after applying service changes.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.