ipvsfullsate

package module

v0.0.0-...-501ccff Latest Latest Go to latest Published: Apr 25, 2023 License: Apache-2.0 Imports: 23 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

IPVS Fullstate Implementation

This implementation simply requests the creation of all the network objects required to program Kubernetes services data path for every callback, leverages diffstore to maintain the states of all the network components, and operates only on the changes returned by the diffstore.

1. Controller

Controller on initialization set sysctls for IPVS, creates dummy interface, initializes IPSets, writes required IPTable rules and most importantly handles the full state callback. On processing full state controller interacts with Managers which acts as a proxy to the actual IPVS and IPSet resource creation.

addServiceEndpointsForClusterIP The logic for programing a ClusterIP service
addServiceEndpointsForNodePort The logic for programing a NodePort service
addServiceEndpointsForLoadBalancer The logic for programing a LoadBalancer service

2. Managers

Manager leverages diffstore for storing all the resource manipulation operations (create virtual server, add destination, add entry to ipset) required to render the full state and only acts on the changes in the store.

ipvs

Resource definitions and methods for IPVS manipulation. IPVS manager holds virtual server and destination definitions
ipsets

Resource definitions and methods for IPSets manipulation.

IPSets manager
iptables

Resource definitions and methods for IPTables manipulation.

Documentation ¶

Index ¶

Constants
Variables
func BindFlags(flags *pflag.FlagSet)
func GetFilterRules(supportsFullyRandomized bool, ipFamily v1.IPFamily) []ipt.Rule
func GetNatRules(supportsFullyRandomized bool, ipFamily v1.IPFamily) []ipt.Rule
type Controller
type ServiceType
- func (st ServiceType) String() string
type SessionAffinity

Constants ¶

View Source

const KubeFireWallChain = ipt.Chain("KUBE-FIREWALL")

KubeFireWallChain is the kubernetes firewall chain.

View Source

const KubeForwardChain = ipt.Chain("KUBE-FORWARD")

KubeForwardChain is the kubernetes forward chain.

View Source

const KubeLoadBalancerChain = ipt.Chain("KUBE-LOAD-BALANCER")

KubeLoadBalancerChain is the kubernetes chain for loadbalancer type service.

View Source

const KubeMarkDropChain = ipt.Chain("KUBE-MARK-DROP")

KubeMarkDropChain is the mark-for-drop chain.

View Source

const KubeMarkMasqChain = ipt.Chain("KUBE-MARK-MASQ")

KubeMarkMasqChain is the mark-for-masquerade chain.

View Source

const KubeNodePortChain = ipt.Chain("KUBE-NODE-PORT")

KubeNodePortChain is the kubernetes node port chain.

Variables ¶

View Source

var (
	// IPVS ipvs sink flags
	BackendFlags = &pflag.FlagSet{}

	DryRun                = BackendFlags.Bool("dry-run", false, "dry run (print instead of applying)")
	NodeAddresses         = BackendFlags.StringArray("node-address", interfaceAddresses(), "A comma-separated list of IPs to associate when using NodePort type. Defaults to all the Node addresses")
	IPVSSchedulingMethod  = BackendFlags.String("scheduling-method", "rr", "Algorithm for allocating TCP conn & UDP datagrams to real servers. Values: rr,wrr,lc,wlc,lblc,lblcr,dh,sh,seq,nq")
	IPVSDestinationWeight = BackendFlags.Int32("weight", 1, "An integer specifying the capacity of server relative to others in the pool")
	// MasqueradeAll
	// flags.Int32Var(s.masqueradeBit, "iptables-masquerade-bit", Int32PtrDerefOr(s.masqueradeBit, 14), "If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with.  Must be within the range [0, 31].")
	MasqueradeAll = BackendFlags.Bool("masquerade-all", false, "If using the pure iptables proxy, SNAT all traffic sent via Service cluster IPs (this not commonly needed)")
)

Functions ¶

func BindFlags ¶

func BindFlags(flags *pflag.FlagSet)

func GetFilterRules ¶

func GetFilterRules(supportsFullyRandomized bool, ipFamily v1.IPFamily) []ipt.Rule

func GetNatRules ¶

func GetNatRules(supportsFullyRandomized bool, ipFamily v1.IPFamily) []ipt.Rule

Types ¶

type Controller ¶

type Controller struct {
	// contains filtered or unexported fields
}

Controller handles the callbacks

func (*Controller) Callback ¶

func (c *Controller) Callback(ch <-chan *client.ServiceEndpoints)

func (*Controller) ServeProxyMode ¶

func (c *Controller) ServeProxyMode(errCh chan error)

ServeProxyMode runs a HTTP listener for proxyMode detection.

func (*Controller) SetUpHttpListen ¶

func (c *Controller) SetUpHttpListen() error

type ServiceType ¶

type ServiceType string

const (
	ClusterIPService    ServiceType = "ClusterIP"
	NodePortService     ServiceType = "NodePort"
	LoadBalancerService ServiceType = "LoadBalancer"
)

func (ServiceType) String ¶

func (st ServiceType) String() string

String returns ServiceType as string.

type SessionAffinity ¶

type SessionAffinity struct {
	ClientIP *localv1.Service_ClientIP
}

SessionAffinity contains data about assigned session affinity.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
internal
ipsets
iptables
ipvs

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL