Documentation
¶
Overview ¶
Package datapath defines the interfaces to abstract all platform specific datapath components.
Current datapath implementations:
pkg/datapath/linux pkg/datapath/fake
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Datapath ¶
type Datapath interface {
// Node must return the handler for node events
Node() NodeHandler
// LocalNodeAddressing must return the node addressing implementation
// of the local node
LocalNodeAddressing() NodeAddressing
// WriteNodeConfig writes the implementation-specific configuration of
// node-wide options into the specified writer.
WriteNodeConfig(io.Writer, *LocalNodeConfiguration) error
// WriteNetdevConfig writes the implementation-specific configuration
// of configurable options to the specified writer. Options specified
// here will apply to base programs and not to endpoints, though
// endpoints may have equivalent configurable options.
WriteNetdevConfig(io.Writer, DeviceConfiguration) error
// WriteTemplateConfig writes the implementation-specific configuration
// of configurable options for BPF templates to the specified writer.
WriteTemplateConfig(w io.Writer, cfg EndpointConfiguration) error
// WriteEndpointConfig writes the implementation-specific configuration
// of configurable options for the endpoint to the specified writer.
WriteEndpointConfig(w io.Writer, cfg EndpointConfiguration) error
// InstallProxyRules creates the necessary datapath config (e.g., iptables
// rules for redirecting host proxy traffic on a specific ProxyPort)
InstallProxyRules(proxyPort uint16, ingress bool, name string) error
// RemoveProxyRules creates the necessary datapath config (e.g., iptables
// rules for redirecting host proxy traffic on a specific ProxyPort)
RemoveProxyRules(proxyPort uint16, ingress bool, name string) error
// SupportsOriginalSourceAddr tells if the datapath supports
// use of original source addresses in proxy upstream
// connections.
SupportsOriginalSourceAddr() bool
}
Datapath is the interface to abstract all datapath interactions. The abstraction allows to implement the datapath requirements with multiple implementations
type DeviceConfiguration ¶
type DeviceConfiguration interface {
// GetCIDRPrefixLengths fetches the lists of unique IPv6 and IPv4
// prefix lengths used for datapath lookups, each of which is sorted
// from longest prefix to shortest prefix. It must return more than
// one element in each returned array.
GetCIDRPrefixLengths() (s6, s4 []int)
// GetOptions fetches the configurable datapath options from the owner.
GetOptions() *option.IntOptions
}
DeviceConfiguration is an interface for injecting configuration of datapath options that affect lookups and logic applied at a per-device level, whether those are devices associated with the endpoint or associated with the host.
type EndpointConfiguration ¶
type EndpointConfiguration interface {
DeviceConfiguration
// GetID returns a locally-significant endpoint identification number.
GetID() uint64
// StringID returns the string-formatted version of the ID from GetID().
StringID() string
// GetIdentity returns a globally-significant numeric security identity.
GetIdentity() identity.NumericIdentity
// GetIdentityLocked returns a globally-significant numeric security
// identity while assuming that the backing data structure is locked.
// This function should be removed in favour of GetIdentity()
GetIdentityLocked() identity.NumericIdentity
IPv4Address() addressing.CiliumIPv4
IPv6Address() addressing.CiliumIPv6
GetNodeMAC() mac.MAC
// TODO: Move this detail into the datapath
HasIpvlanDataPath() bool
ConntrackLocalLocked() bool
// RequireARPPassthrough returns true if the datapath must implement
// ARP passthrough for this endpoint
RequireARPPassthrough() bool
// RequireEgressProg returns true if the endpoint requires an egress
// program attached to the InterfaceName() invoking the section
// "to-container"
RequireEgressProg() bool
// RequireRouting returns true if the endpoint requires BPF routing to
// be enabled, when disabled, routing is delegated to Linux routing
RequireRouting() bool
// RequireEndpointRoute returns true if the endpoint wishes to have a
// per endpoint route installed in the host's routing table to point to
// the endpoint's interface
RequireEndpointRoute() bool
}
EndpointConfiguration provides datapath implementations a clean interface to access endpoint-specific configuration when configuring the datapath.
type LocalNodeConfiguration ¶
type LocalNodeConfiguration struct {
// MtuConfig is the MTU configuration of the node.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
MtuConfig mtu.Configuration
// AuxiliaryPrefixes is the list of auxiliary prefixes that should be
// configured in addition to the node PodCIDR
//
// This field is mutable. The implementation of
// NodeConfigurationChanged() must adjust the routes accordingly.
AuxiliaryPrefixes []*cidr.CIDR
// EnableIPv4 enables use of IPv4. Routing to the IPv4 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv4 bool
// EnableIPv6 enables use of IPv6. Routing to the IPv6 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv6 bool
// UseSingleClusterRoute enables the use of a single cluster-wide route
// to direct traffic from the host into the Cilium datapath. This
// avoids the requirement to install a separate route for each node
// CIDR and can thus improve the overhead when operating large clusters
// with significant node event churn due to auto-scaling.
//
// Use of UseSingleClusterRoute must be compatible with
// EnableAutoDirectRouting. When both are enabled, any direct node
// route must take precedence over the cluster-wide route as per LPM
// routing definition.
//
// This field is mutable. The implementation of
// NodeConfigurationChanged() must adjust the routes accordingly.
UseSingleClusterRoute bool
// EnableEncapsulation enables use of encapsulation in communication
// between nodes.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableEncapsulation bool
// EnableAutoDirectRouting enables the use of direct routes for
// communication between nodes if two nodes have direct L2
// connectivity.
//
// EnableAutoDirectRouting must be compatible with EnableEncapsulation
// and must provide a fallback to use encapsulation if direct routing
// is not feasible and encapsulation is enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableAutoDirectRouting bool
// EnableLocalNodeRoute enables installation of the route which points
// the allocation prefix of the local node. Disabling this option is
// useful when another component is responsible for the routing of the
// allocation CIDR IPs into Cilium endpoints.
EnableLocalNodeRoute bool
// EnableIPSec enables IPSec routes
EnableIPSec bool
// EncryptNode enables encrypting NodeIP traffic requires EnableIPSec
EncryptNode bool
// IPv4PodSubnets is a list of IPv4 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv4PodSubnets []*net.IPNet
// IPv6PodSubnets is a list of IPv6 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv6PodSubnets []*net.IPNet
}
LocalNodeConfiguration represents the configuration of the local node
type NodeAddressing ¶
type NodeAddressing interface {
IPv6() NodeAddressingFamily
IPv4() NodeAddressingFamily
}
NodeAddressing implements addressing of a node
type NodeAddressingFamily ¶
type NodeAddressingFamily interface {
// Router is the address that will act as the router on each node where
// an agent is running on. Endpoints have a default route that points
// to this address.
Router() net.IP
// PrimaryExternal is the primary external address of the node. Nodes
// must be able to reach each other via this address.
PrimaryExternal() net.IP
// AllocationCIDR is the CIDR used for IP allocation of all endpoints
// on the node
AllocationCIDR() *cidr.CIDR
// LocalAddresses lists all local addresses
LocalAddresses() ([]net.IP, error)
}
NodeAddressingFamily is the node addressing information for a particular address family
type NodeHandler ¶
type NodeHandler interface {
// NodeAdd is called when a node is discovered for the first time.
NodeAdd(newNode node.Node) error
// NodeUpdate is called when a node definition changes. Both the old
// and new node definition is provided. NodeUpdate() is never called
// before NodeAdd() is called for a particular node.
NodeUpdate(oldNode, newNode node.Node) error
// NodeDelete is called after a node has been deleted
NodeDelete(node node.Node) error
// NodeValidateImplementation is called to validate the implementation
// of the node in the datapath
NodeValidateImplementation(node node.Node) error
// NodeConfigurationChanged is called when the local node configuration
// has changed
NodeConfigurationChanged(config LocalNodeConfiguration) error
}
NodeHandler handles node related events such as addition, update or deletion of nodes or changes to the local node configuration.
Node events apply to the local node as well as to remote nodes. The implementation can differ between the own local node and remote nodes by calling node.IsLocal().
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate datapath object alignment.
|
Package alignchecker is a thin wrapper around pkg/alignchecker to validate datapath object alignment. |
|
Package fake is a fake datapath implementation.
|
Package fake is a fake datapath implementation. |
|
Package ipcache provides a BPF datapath implementation of the IPCache store.
|
Package ipcache provides a BPF datapath implementation of the IPCache store. |
|
Package iptables manages iptables-related configuration for Cilium.
|
Package iptables manages iptables-related configuration for Cilium. |
|
Package link provides the Cilium specific abstraction and useful helpers to manage network interfaces
|
Package link provides the Cilium specific abstraction and useful helpers to manage network interfaces |
|
Package linux implements the Linux specific datapath implementation
|
Package linux implements the Linux specific datapath implementation |
|
ipsec
Package ipsec provides the Linux datpaath specific abstraction and useful helpers to manage IPSec via Linux xfrm.
|
Package ipsec provides the Linux datpaath specific abstraction and useful helpers to manage IPSec via Linux xfrm. |
|
linux_defaults
Package linux_defaults provides the Linux datapath defaults
|
Package linux_defaults provides the Linux datapath defaults |
|
route
Package route provides the Cilium specific abstraction and useful helpers to manage network routes
|
Package route provides the Cilium specific abstraction and useful helpers to manage network routes |
|
Package loader provides accessors to compilation and BPF load routines necessary for creating datapath objects and attaching them to links.
|
Package loader provides accessors to compilation and BPF load routines necessary for creating datapath objects and attaching them to links. |
|
Package maps performs various lifecycle operations related to maps in the datapath.
|
Package maps performs various lifecycle operations related to maps in the datapath. |
|
Package prefilter provides a means of configuring XDP pre-filters for DDoS-mitigation.
|
Package prefilter provides a means of configuring XDP pre-filters for DDoS-mitigation. |
Click to show internal directories.
Click to hide internal directories.