Documentation
¶
Index ¶
- Constants
- Variables
- func Ct4MapPath(id int) string
- func Ct6MapPath(id int) string
- func FilterEPDir(dirFiles []os.FileInfo) []string
- func NewCiliumID(id int64) string
- func NewID(prefix PrefixType, id string) string
- func OptionChanged(key string, value bool, data interface{})
- func OrderEndpointAsc(eps []Endpoint)
- func ParseBase64ToEndpoint(str string, ep *Endpoint) error
- func ParseCiliumID(id string) (int64, error)
- func PolicyMapPath(id int) string
- type Endpoint
- func (e *Endpoint) Allows(id policy.NumericIdentity) bool
- func (e *Endpoint) ApplyOpts(opts map[string]string) bool
- func (ep Endpoint) Base64() (string, error)
- func (e *Endpoint) CreateDirectory() error
- func (e *Endpoint) Ct4MapPath() string
- func (e *Endpoint) Ct6MapPath() string
- func (e *Endpoint) DeepCopy() *Endpoint
- func (e *Endpoint) DirectoryPath() string
- func (e *Endpoint) GetModel() *models.Endpoint
- func (e *Endpoint) InvalidatePolicy()
- func (e *Endpoint) Leave(owner Owner)
- func (e *Endpoint) LogStatus(code StatusCode, msg string)
- func (e *Endpoint) LogStatusOK(msg string)
- func (e *Endpoint) PolicyMapPath() string
- func (e *Endpoint) Regenerate(owner Owner) error
- func (e *Endpoint) RegenerateIfReady(owner Owner) error
- func (e *Endpoint) RemoveDirectory()
- func (ep *Endpoint) SetDefaultOpts(opts *option.BoolOptions)
- func (e *Endpoint) SetID()
- func (e *Endpoint) SetIdentity(owner Owner, id *policy.Identity)
- func (e Endpoint) String() string
- func (e *Endpoint) StringID() string
- func (e *Endpoint) TriggerPolicyUpdates(owner Owner) error
- func (e *Endpoint) Update(owner Owner, opts models.ConfigurationMap) error
- type EndpointStatus
- type Owner
- type PortMap
- type PrefixType
- type Status
- type StatusCode
- type StatusResponse
- type UpdateCompilationError
- type UpdateValidationError
Constants ¶
View Source
const ( OptionAllowToHost = "AllowToHost" OptionAllowToWorld = "AllowToWorld" OptionConntrackAccounting = "ConntrackAccounting" OptionConntrack = "Conntrack" OptionDebug = "Debug" OptionDropNotify = "DropNotification" OptionNAT46 = "NAT46" OptionPolicy = "Policy" )
View Source
const ( StateCreating = string(models.EndpointStateCreating) StateDisconnected = string(models.EndpointStateDisconnected) StateWaitingForIdentity = string(models.EndpointStateWaitingForIdentity) StateReady = string(models.EndpointStateReady) )
View Source
const ( CiliumLocalIdPrefix PrefixType = "cilium-local" CiliumGlobalIdPrefix = "cilium-global" ContainerIdPrefix = "container-id" DockerEndpointPrefix = "docker-endpoint" )
View Source
const (
ProxyMaxElements = 1024
)
Variables ¶
View Source
var ( OptionSpecAllowToHost = option.Option{ Define: "ALLOW_TO_HOST", Immutable: true, Description: "Allow all traffic to local host", } OptionSpecAllowToWorld = option.Option{ Define: "ALLOW_TO_WORLD", Immutable: true, Description: "Allow all traffic to outside world", } OptionSpecConntrackAccounting = option.Option{ Define: "CONNTRACK_ACCOUNTING", Description: "Enable per flow (conntrack) statistics", } OptionSpecConntrack = option.Option{ Define: "CONNTRACK", Description: "Enable stateful connection tracking", } OptionSpecDebug = option.Option{ Define: "DEBUG", Description: "Enable debugging trace statements", } OptionSpecDropNotify = option.Option{ Define: "DROP_NOTIFY", Description: "Enable drop notifications", } OptionSpecNAT46 = option.Option{ Define: "ENABLE_NAT46", Description: "Enable automatic NAT46 translation", } OptionSpecPolicy = option.Option{ Define: "POLICY_ENFORCEMENT", Description: "Enable policy enforcement", } EndpointMutableOptionLibrary = option.OptionLibrary{ OptionConntrackAccounting: &OptionSpecConntrackAccounting, OptionConntrack: &OptionSpecConntrack, OptionDebug: &OptionSpecDebug, OptionDropNotify: &OptionSpecDropNotify, OptionNAT46: &OptionSpecNAT46, OptionPolicy: &OptionSpecPolicy, } EndpointOptionLibrary = option.OptionLibrary{ OptionAllowToHost: &OptionSpecAllowToHost, OptionAllowToWorld: &OptionSpecAllowToWorld, } )
Functions ¶
func Ct4MapPath ¶
func Ct6MapPath ¶
func FilterEPDir ¶
FilterEPDir returns a list of directories' names that possible belong to an endpoint.
func NewCiliumID ¶
func NewID ¶
func NewID(prefix PrefixType, id string) string
func OptionChanged ¶
func OrderEndpointAsc ¶
func OrderEndpointAsc(eps []Endpoint)
OrderEndpointAsc orders the slice of Endpoint in ascending ID order.
func ParseBase64ToEndpoint ¶
ParseBase64ToEndpoint parses the endpoint stored in the given base64 string.
func ParseCiliumID ¶
Parses id as cilium endpoint id and returns numeric portion
Types ¶
type Endpoint ¶
type Endpoint struct {
ID uint16 // Endpoint ID.
DockerID string // Docker ID.
DockerNetworkID string // Docker network ID.
DockerEndpointID string // Docker endpoint ID.
IfName string // Container's interface name.
LXCMAC mac.MAC // Container MAC address.
IPv6 addressing.CiliumIPv6 // Container IPv6 address.
IPv4 addressing.CiliumIPv4 // Container IPv4 address.
IfIndex int // Host's interface index.
NodeMAC mac.MAC // Node MAC address.
NodeIP net.IP // Node IPv6 address.
SecLabel *policy.Identity // Security Label set to this endpoint.
PortMap []PortMap // Port mapping used for this endpoint.
Consumable *policy.Consumable
PolicyMap *policymap.PolicyMap
Opts *option.BoolOptions // Endpoint bpf options.
Status *EndpointStatus
State string
}
Endpoint contains all the details for a particular LXC and the host interface to where is connected to.
func NewEndpointFromChangeModel ¶
func NewEndpointFromChangeModel(base *models.EndpointChangeRequest) (*Endpoint, error)
func ParseEndpoint ¶
ParseEndpoint parses the given strEp which is in the form of: common.CiliumCHeaderPrefix + common.Version + ":" + endpointBase64
func (*Endpoint) CreateDirectory ¶
func (*Endpoint) Ct4MapPath ¶
Return path to IPv4 connection tracking map of endpoint
func (*Endpoint) Ct6MapPath ¶
Return path to IPv6 connection tracking map of endpoint
func (*Endpoint) DirectoryPath ¶
func (*Endpoint) InvalidatePolicy ¶
func (e *Endpoint) InvalidatePolicy()
func (*Endpoint) LogStatus ¶
func (e *Endpoint) LogStatus(code StatusCode, msg string)
func (*Endpoint) LogStatusOK ¶
func (*Endpoint) PolicyMapPath ¶
Return path to policy map of endpoint
func (*Endpoint) Regenerate ¶
Force regeneration of endpoint programs & policy
func (*Endpoint) RegenerateIfReady ¶
func (*Endpoint) RemoveDirectory ¶
func (e *Endpoint) RemoveDirectory()
func (*Endpoint) SetDefaultOpts ¶
func (ep *Endpoint) SetDefaultOpts(opts *option.BoolOptions)
func (*Endpoint) TriggerPolicyUpdates ¶
Called to indicate that a policy change is likely to affect this endpoint. Will update all required endpoint configuration and state to reflect new policy and regenerate programs if required.
type EndpointStatus ¶
type EndpointStatus struct {
Log []*statusLog `json:"log,omitempty"`
Index int `json:"index"`
// contains filtered or unexported fields
}
func (*EndpointStatus) DeepCopy ¶
func (es *EndpointStatus) DeepCopy() *EndpointStatus
func (*EndpointStatus) GetModel ¶
func (e *EndpointStatus) GetModel() []*models.EndpointStatusChange
func (*EndpointStatus) String ¶
func (e *EndpointStatus) String() string
type Owner ¶
type Owner interface {
// Must return true if tracing of the policy resolution is to be enabled
TracingEnabled() bool
// Must return true if dry mode is enabled
DryModeEnabled() bool
// Must return an instance of a ConsumableCache
GetConsumableCache() *policy.ConsumableCache
// Must resolve label id to an identiy
GetCachedLabelList(ID policy.NumericIdentity) ([]labels.Label, error)
// Must return the policy tree object
GetPolicyTree() *policy.Tree
// Return the next available global identity
GetMaxLabelID() (policy.NumericIdentity, error)
// Must synchronize endpoint object with datapath
WriteEndpoint(ep *Endpoint) error
// Must return path to runtime directory
GetRuntimeDir() string
// Must return path to library directory
GetLibraryDir() string
}
This interface defines the requirements for anybody owning policies
type PrefixType ¶
type PrefixType string
func ParseID ¶
func ParseID(id string) (PrefixType, string, error)
Parses specified id and returns normalized id as string
func SplitID ¶
func SplitID(id string) (PrefixType, string)
Splits ID into prefix and id. No validation is performed on prefix
func ValidateID ¶
func ValidateID(id string) (PrefixType, string, error)
Parses specified id and returns normalized id as string
func (PrefixType) String ¶
func (s PrefixType) String() string
type Status ¶
type Status struct {
Code StatusCode `json:"code"`
Msg string `json:"msg"`
}
func NewStatusOK ¶
type StatusCode ¶
type StatusCode int
const ( OK StatusCode = 0 Warning StatusCode = -1 Failure StatusCode = -2 Disabled StatusCode = -3 )
func (StatusCode) String ¶
func (sc StatusCode) String() string
type StatusResponse ¶
type UpdateCompilationError ¶
type UpdateCompilationError struct {
// contains filtered or unexported fields
}
func (UpdateCompilationError) Error ¶
func (e UpdateCompilationError) Error() string
type UpdateValidationError ¶
type UpdateValidationError struct {
// contains filtered or unexported fields
}
func (UpdateValidationError) Error ¶
func (e UpdateValidationError) Error() string
Source Files
Click to show internal directories.
Click to hide internal directories.