endpoint

package
v1.6.12 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2020 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// StateCreating is used to set the endpoint is being created.
	StateCreating = string(models.EndpointStateCreating)

	// StateWaitingForIdentity is used to set if the endpoint is waiting
	// for an identity from the KVStore.
	StateWaitingForIdentity = string(models.EndpointStateWaitingForIdentity)

	// StateReady specifies if the endpoint is ready to be used.
	StateReady = string(models.EndpointStateReady)

	// StateWaitingToRegenerate specifies when the endpoint needs to be regenerated, but regeneration has not started yet.
	StateWaitingToRegenerate = string(models.EndpointStateWaitingToRegenerate)

	// StateRegenerating specifies when the endpoint is being regenerated.
	StateRegenerating = string(models.EndpointStateRegenerating)

	// StateDisconnecting indicates that the endpoint is being disconnected
	StateDisconnecting = string(models.EndpointStateDisconnecting)

	// StateDisconnected is used to set the endpoint is disconnected.
	StateDisconnected = string(models.EndpointStateDisconnected)

	// StateRestoring is used to set the endpoint is being restored.
	StateRestoring = string(models.EndpointStateRestoring)

	// StateInvalid is used when an endpoint failed during creation due to
	// invalid data.
	StateInvalid = string(models.EndpointStateInvalid)

	// IpvlanMapName specifies the tail call map for EP on egress used with ipvlan.
	IpvlanMapName = "cilium_lxc_ipve_"

	// HealthCEPPrefix is the prefix used to name the cilium health endpoints' CEP
	HealthCEPPrefix = "cilium-health-"
)
View Source 
const (
	// EndpointGenerationTimeout specifies timeout for proxy completion context
	EndpointGenerationTimeout = 330 * time.Second
)

Variables

View Source 
var (
	EndpointMutableOptionLibrary = option.GetEndpointMutableOptionLibrary()
)
View Source 
var (
	// ErrNotAlive is an error which indicates that the endpoint should not be
	// rlocked because it is currently being removed.
	ErrNotAlive = errors.New("rlock failed: endpoint is in the process of being removed")
)
View Source 
var (
	Subsystem = "endpoint"
)

Functions

func APICanModify 

func APICanModify(e *Endpoint) error

APICanModify determines whether API requests from a user are allowed to modify this endpoint.

func FilterEPDir 

func FilterEPDir(dirFiles []os.FileInfo) []string

FilterEPDir returns a list of directories' names that possible belong to an endpoint.

func ParseExternalRegenerationMetadata 

func ParseExternalRegenerationMetadata(ctx context.Context, c context.CancelFunc, e *regeneration.ExternalRegenerationMetadata) *regenerationContext

func ReadEPsFromDirNames 

func ReadEPsFromDirNames(owner regeneration.Owner, basePath string, eptsDirNames []string) map[uint16]*Endpoint

ReadEPsFromDirNames returns a mapping of endpoint ID to endpoint of endpoints from a list of directory names that can possible contain an endpoint.

Types

type DeleteConfig 

type DeleteConfig struct {
	NoIPRelease       bool
	NoIdentityRelease bool
}

DeleteConfig is the endpoint deletion configuration

type Endpoint 

type Endpoint struct {

	// ID of the endpoint, unique in the scope of the node
	ID uint16

	// ContainerName is the name given to the endpoint by the container runtime
	ContainerName string

	// ContainerID is the container ID that docker has assigned to the endpoint
	// Note: The JSON tag was kept for backward compatibility.
	ContainerID string `json:"dockerID,omitempty"`

	// DockerNetworkID is the network ID of the libnetwork network if the
	// endpoint is a docker managed container which uses libnetwork
	DockerNetworkID string

	// DockerEndpointID is the Docker network endpoint ID if managed by
	// libnetwork
	DockerEndpointID string

	// Corresponding BPF map identifier for tail call map of ipvlan datapath
	DatapathMapID int

	// IfName is the name of the host facing interface (veth pair) which
	// connects into the endpoint
	IfName string

	// IfIndex is the interface index of the host face interface (veth pair)
	IfIndex int

	// OpLabels is the endpoint's label configuration
	//
	// FIXME: Rename this field to Labels
	OpLabels pkgLabels.OpLabels

	// LXCMAC is the MAC address of the endpoint
	//
	// FIXME: Rename this field to MAC
	LXCMAC mac.MAC // Container MAC address.

	// IPv6 is the IPv6 address of the endpoint
	IPv6 addressing.CiliumIPv6

	// IPv4 is the IPv4 address of the endpoint
	IPv4 addressing.CiliumIPv4

	// NodeMAC is the MAC of the node (agent). The MAC is different for every endpoint.
	NodeMAC mac.MAC

	// SecurityIdentity is the security identity of this endpoint. This is computed from
	// the endpoint's labels.
	SecurityIdentity *identityPkg.Identity `json:"SecLabel"`

	// PolicyMap is the policy related state of the datapath including
	// reference to all policy related BPF
	PolicyMap *policymap.PolicyMap `json:"-"`

	// Options determine the datapath configuration of the endpoint.
	Options *option.IntOptions

	// Status are the last n state transitions this endpoint went through
	Status *EndpointStatus `json:"-"`

	// DNSHistory is the collection of still-valid DNS responses intercepted for
	// this endpoint.
	DNSHistory *fqdn.DNSCache

	// K8sPodName is the Kubernetes pod name of the endpoint
	K8sPodName string

	// K8sNamespace is the Kubernetes namespace of the endpoint
	K8sNamespace string

	// BuildMutex synchronizes builds of individual endpoints and locks out
	// deletion during builds
	//
	// FIXME: Mark private once endpoint deletion can be moved into
	// `pkg/endpoint`
	BuildMutex lock.Mutex `json:"-"`

	EventQueue *eventqueue.EventQueue `json:"-"`

	// DatapathConfiguration is the endpoint's datapath configuration as
	// passed in via the plugin that created the endpoint, e.g. the CNI
	// plugin which performed the plumbing will enable certain datapath
	// features according to the mode selected.
	DatapathConfiguration models.EndpointDatapathConfiguration
	// contains filtered or unexported fields
}

Endpoint represents a container or similar which can be individually addresses on L3 with its own IP addresses. This structured is managed by the endpoint manager in pkg/endpointmanager.

WARNING - STABLE API This structure is written as JSON to StateDir/{ID}/lxc_config.h to allow to restore endpoints when the agent is being restarted. The restore operation will read the file and re-create all endpoints with all fields which are not marked as private to JSON marshal. Do NOT modify this structure in ways which is not JSON forward compatible.

func NewEndpointFromChangeModel 

func NewEndpointFromChangeModel(owner regeneration.Owner, base *models.EndpointChangeRequest) (*Endpoint, error)

NewEndpointFromChangeModel creates a new endpoint from a request

func NewEndpointWithState 

func NewEndpointWithState(owner regeneration.Owner, ID uint16, state string) *Endpoint

NewEndpointWithState creates a new endpoint useful for testing purposes

func ParseEndpoint 

func ParseEndpoint(owner regeneration.Owner, strEp string) (*Endpoint, error)

ParseEndpoint parses the given strEp which is in the form of: common.CiliumCHeaderPrefix + common.Version + ":" + endpointBase64 Note that the parse'd endpoint's identity is only partially restored. The caller must call `SetIdentity()` to make the returned endpoint's identity useful.

func (*Endpoint) Allows 

func (e *Endpoint) Allows(id identityPkg.NumericIdentity) bool

Allows is only used for unit testing

func (*Endpoint) ApplyPolicyMapChanges 

func (e *Endpoint) ApplyPolicyMapChanges(proxyWaitGroup *completion.WaitGroup) error

ApplyPolicyMapChanges updates the Endpoint's PolicyMap with the changes that have accumulated for the PolicyMap via various outside events (e.g., identities added / deleted). 'proxyWaitGroup' may not be nil.

func (*Endpoint) BPFConfigMapPath 

func (e *Endpoint) BPFConfigMapPath() string

BPFConfigMapPath returns the path to the BPF config map of endpoint.

func (*Endpoint) BPFIpvlanMapPath 

func (e *Endpoint) BPFIpvlanMapPath() string

BPFIpvlanMapPath returns the path to the ipvlan tail call map of an endpoint.

func (*Endpoint) BuilderSetStateLocked 

func (e *Endpoint) BuilderSetStateLocked(toState, reason string) bool

BuilderSetStateLocked modifies the endpoint's state endpoint.Mutex must be held endpoint BuildMutex must be held!

func (*Endpoint) CallsMapPathLocked 

func (e *Endpoint) CallsMapPathLocked() string

CallsMapPathLocked returns the path to cilium tail calls map of an endpoint.

func (*Endpoint) CloseBPFProgramChannel 

func (e *Endpoint) CloseBPFProgramChannel()

CloseBPFProgramChannel closes the channel that signals whether the endpoint has had its BPF program compiled. If the channel is already closed, this is a no-op.

func (*Endpoint) ConntrackLocal 

func (e *Endpoint) ConntrackLocal() bool

ConntrackLocal determines whether this endpoint is currently using a local table to handle connection tracking (true), or the global table (false).

func (*Endpoint) ConntrackLocalLocked 

func (e *Endpoint) ConntrackLocalLocked() bool

ConntrackLocalLocked is the same as ConntrackLocal, but assumes that the endpoint is already locked for reading.

func (*Endpoint) ConntrackName 

func (e *Endpoint) ConntrackName() string

ConntrackName returns the name suffix for the endpoint-specific bpf conntrack map, which is a 5-digit endpoint ID, or "global" when the global map should be used. Must be called with the endpoint locked.

func (*Endpoint) DeleteBPFProgramLocked 

func (e *Endpoint) DeleteBPFProgramLocked() error

DeleteBPFProgramLocked delete the BPF program associated with the endpoint's veth interface.

func (*Endpoint) DeleteMapsLocked 

func (e *Endpoint) DeleteMapsLocked() []error

DeleteMapsLocked releases references to all BPF maps associated with this endpoint.

For each error that occurs while releasing these references, an error is added to the resulting error slice which is returned.

Returns nil on success.

func (*Endpoint) DirectoryPath 

func (e *Endpoint) DirectoryPath() string

DirectoryPath returns the directory name for this endpoint bpf program.

func (*Endpoint) FailedDirectoryPath 

func (e *Endpoint) FailedDirectoryPath() string

FailedDirectoryPath returns the directory name for this endpoint bpf program failed builds.

func (*Endpoint) ForcePolicyCompute 

func (e *Endpoint) ForcePolicyCompute()

ForcePolicyCompute marks the endpoint for forced bpf regeneration.

func (*Endpoint) FormatGlobalEndpointID 

func (e *Endpoint) FormatGlobalEndpointID() string

FormatGlobalEndpointID returns the global ID of endpoint in the format / <global ID Prefix>:<cluster name>:<node name>:<endpoint ID> as a string.

func (*Endpoint) GetBPFKeys 

func (e *Endpoint) GetBPFKeys() []*lxcmap.EndpointKey

GetBPFKeys returns all keys which should represent this endpoint in the BPF endpoints map

func (*Endpoint) GetBPFValue 

func (e *Endpoint) GetBPFValue() (*lxcmap.EndpointInfo, error)

GetBPFValue returns the value which should represent this endpoint in the BPF endpoints map

func (*Endpoint) GetCIDRPrefixLengths 

func (e *Endpoint) GetCIDRPrefixLengths() (s6, s4 []int)

GetCIDRPrefixLengths returns the sorted list of unique prefix lengths used for CIDR policy or IPcache lookup from this endpoint.

func (*Endpoint) GetCiliumEndpointStatus 

func (e *Endpoint) GetCiliumEndpointStatus() *cilium_v2.EndpointStatus

GetCiliumEndpointStatus creates a cilium_v2.EndpointStatus of an endpoint. See cilium_v2.EndpointStatus for a detailed explanation of each field.

func (*Endpoint) GetContainerID 

func (e *Endpoint) GetContainerID() string

GetContainerID returns the endpoint's container ID

func (*Endpoint) GetDockerNetworkID 

func (e *Endpoint) GetDockerNetworkID() string

GetDockerNetworkID returns the endpoint's Docker Endpoint ID

func (*Endpoint) GetEgressPolicyEnabledLocked 

func (e *Endpoint) GetEgressPolicyEnabledLocked() bool

GetEgressPolicyEnabledLocked returns whether egress policy enforcement is enabled for endpoint or not. The endpoint's mutex must be held.

func (*Endpoint) GetHealthModel 

func (e *Endpoint) GetHealthModel() *models.EndpointHealth

GetHealthModel returns the endpoint's health object.

func (*Endpoint) GetID 

func (e *Endpoint) GetID() uint64

GetID returns the endpoint's ID as a 64-bit unsigned integer.

func (*Endpoint) GetID16 

func (e *Endpoint) GetID16() uint16

GetID16 returns the endpoint's ID as a 16-bit unsigned integer.

func (*Endpoint) GetIPv4Address 

func (e *Endpoint) GetIPv4Address() string

GetIPv4Address returns the IPv4 address of the endpoint as a string

func (*Endpoint) GetIPv6Address 

func (e *Endpoint) GetIPv6Address() string

GetIPv6Address returns the IPv6 address of the endpoint as a string

func (*Endpoint) GetIdentity 

func (e *Endpoint) GetIdentity() identityPkg.NumericIdentity

GetIdentity returns the numeric security identity of the endpoint

func (*Endpoint) GetIdentityLocked 

func (e *Endpoint) GetIdentityLocked() identityPkg.NumericIdentity

GetIdentityLocked is identical to GetIdentity() but assumes that a.mutex is already held. This function is obsolete and should no longer be used.

func (*Endpoint) GetIngressPolicyEnabledLocked 

func (e *Endpoint) GetIngressPolicyEnabledLocked() bool

GetIngressPolicyEnabledLocked returns whether ingress policy enforcement is enabled for endpoint or not. The endpoint's mutex must be held.

func (*Endpoint) GetK8sNamespace 

func (e *Endpoint) GetK8sNamespace() string

GetK8sNamespace returns the name of the pod if the endpoint represents a Kubernetes pod

func (*Endpoint) GetK8sNamespaceAndPodNameLocked 

func (e *Endpoint) GetK8sNamespaceAndPodNameLocked() string

GetK8sNamespaceAndPodNameLocked returns the namespace and pod name. This function requires e.Mutex to be held.

func (*Endpoint) GetK8sPodLabels 

func (e *Endpoint) GetK8sPodLabels() pkgLabels.Labels

GetK8sPodLabels returns all labels that exist in the endpoint and were derived from k8s pod.

func (*Endpoint) GetK8sPodName 

func (e *Endpoint) GetK8sPodName() string

GetK8sPodName returns the name of the pod if the endpoint represents a Kubernetes pod

func (*Endpoint) GetLabels 

func (e *Endpoint) GetLabels() []string

GetLabels returns the labels as slice

func (*Endpoint) GetLabelsSHA 

func (e *Endpoint) GetLabelsSHA() string

GetLabelsSHA returns the SHA of labels

func (*Endpoint) GetModel 

func (e *Endpoint) GetModel() *models.Endpoint

GetModel returns the API model of endpoint e.

func (*Endpoint) GetModelRLocked 

func (e *Endpoint) GetModelRLocked() *models.Endpoint

GetModelRLocked returns the API model of endpoint e. e.mutex must be RLocked.

func (*Endpoint) GetNodeMAC 

func (e *Endpoint) GetNodeMAC() mac.MAC

GetNodeMAC returns the MAC address of the node from this endpoint's perspective.

func (*Endpoint) GetOpLabels 

func (e *Endpoint) GetOpLabels() []string

GetOpLabels returns the labels as slice

func (*Endpoint) GetOptions 

func (e *Endpoint) GetOptions() *option.IntOptions

GetOptions returns the datapath configuration options of the endpoint.

func (*Endpoint) GetPolicyModel 

func (e *Endpoint) GetPolicyModel() *models.EndpointPolicyStatus

GetPolicyModel returns the endpoint's policy as an API model.

Must be called with e.Mutex locked.

func (*Endpoint) GetSecurityIdentity 

func (e *Endpoint) GetSecurityIdentity() *identityPkg.Identity

GetSecurityIdentity returns the security identity of the endpoint. It assumes the endpoint's mutex is held.

func (*Endpoint) GetShortContainerID 

func (e *Endpoint) GetShortContainerID() string

GetShortContainerID returns the endpoint's shortened container ID

func (*Endpoint) GetState 

func (e *Endpoint) GetState() string

GetState returns the endpoint's state endpoint.Mutex may only be.RLockAlive()ed

func (*Endpoint) GetStateLocked 

func (e *Endpoint) GetStateLocked() string

GetState returns the endpoint's state endpoint.Mutex may only be.RLockAlive()ed

func (*Endpoint) HasBPFProgram 

func (e *Endpoint) HasBPFProgram() bool

HasBPFProgram returns whether a BPF program has been generated for this endpoint.

func (*Endpoint) HasIpvlanDataPath 

func (e *Endpoint) HasIpvlanDataPath() bool

HasIpvlanDataPath returns whether the daemon is running in ipvlan mode.

func (*Endpoint) HasLabels 

func (e *Endpoint) HasLabels(l pkgLabels.Labels) bool

HasLabels returns whether endpoint e contains all labels l. Will return 'false' if any label in l is not in the endpoint's labels.

func (*Endpoint) HasSidecarProxy 

func (e *Endpoint) HasSidecarProxy() bool

func (*Endpoint) HumanStringLocked 

func (e *Endpoint) HumanStringLocked() string

HumanStringLocked returns the endpoint's most human readable identifier as string

func (*Endpoint) IPs 

func (e *Endpoint) IPs() []net.IP

IPs returns the slice of valid IPs for this endpoint.

func (*Endpoint) IPv4Address 

func (e *Endpoint) IPv4Address() addressing.CiliumIPv4

IPv4Address returns the IPv4 address of the endpoint

func (*Endpoint) IPv6Address 

func (e *Endpoint) IPv6Address() addressing.CiliumIPv6

IPv6Address returns the IPv6 address of the endpoint

func (*Endpoint) InsertEvent 

func (e *Endpoint) InsertEvent()

InsertEvent is called when the endpoint is inserted into the endpoint manager.

func (*Endpoint) IsDatapathMapPinnedLocked 

func (e *Endpoint) IsDatapathMapPinnedLocked() bool

IsDatapathMapPinnedLocked returns whether the endpoint's datapath map has been pinned

func (*Endpoint) IsDisconnecting 

func (e *Endpoint) IsDisconnecting() bool

IsDisconnecting returns true if the endpoint is being disconnected or already disconnected

This function must be called after re-acquiring the endpoint mutex to verify that the endpoint has not been removed in the meantime.

endpoint.mutex must be held in read mode at least

func (*Endpoint) IsInit 

func (e *Endpoint) IsInit() bool

IsInit returns true if the endpoint still hasn't received identity labels, i.e. has the special identity with label reserved:init.

func (*Endpoint) K8sNamespaceAndPodNameIsSet 

func (e *Endpoint) K8sNamespaceAndPodNameIsSet() bool

K8sNamespaceAndPodNameIsSet returns true if the pod name is set

func (*Endpoint) LeaveLocked 

func (e *Endpoint) LeaveLocked(proxyWaitGroup *completion.WaitGroup, conf DeleteConfig) []error

LeaveLocked removes the endpoint's directory from the system. Must be called with Endpoint's mutex AND BuildMutex locked.

Note: LeaveLocked() is called indirectly from endpoint restore logic for endpoints which failed to be restored. Any cleanup routine of LeaveLocked() which depends on kvstore connectivity must be protected by a flag in DeleteConfig and the restore logic must opt-out of it.

func (*Endpoint) LockAlive 

func (e *Endpoint) LockAlive() error

LockAlive returns error if endpoint was removed, locks underlying mutex otherwise

func (*Endpoint) LogDisconnectedMutexAction 

func (e *Endpoint) LogDisconnectedMutexAction(err error, context string)

LogDisconnectedMutexAction gets the logger and logs given error with context

func (*Endpoint) LogStatus 

func (e *Endpoint) LogStatus(typ StatusType, code StatusCode, msg string)

func (*Endpoint) LogStatusOK 

func (e *Endpoint) LogStatusOK(typ StatusType, msg string)

func (*Endpoint) LogStatusOKLocked 

func (e *Endpoint) LogStatusOKLocked(typ StatusType, msg string)

LogStatusOKLocked will log an OK message of the given status type with the given msg string. must be called with endpoint.Mutex held

func (*Endpoint) Logger 

func (e *Endpoint) Logger(subsystem string) *logrus.Entry

Logger returns a logrus object with EndpointID, ContainerID and the Endpoint revision fields. The caller must specify their subsystem.

func (*Endpoint) LookupRedirectPort 

func (e *Endpoint) LookupRedirectPort(l4Filter *policy.L4Filter) uint16

lookupRedirectPort returns the redirect L4 proxy port for the given L4 policy map key, in host byte order. Returns 0 if not found or the filter doesn't require a redirect. Must be called with Endpoint.Mutex held.

func (*Endpoint) ModifyIdentityLabels 

func (e *Endpoint) ModifyIdentityLabels(addLabels, delLabels pkgLabels.Labels) error

ModifyIdentityLabels changes the custom and orchestration identity labels of an endpoint. Labels can be added or deleted. If a label change is performed, the endpoint will receive a new identity and will be regenerated. Both of these operations will happen in the background.

func (*Endpoint) NextDirectoryPath 

func (e *Endpoint) NextDirectoryPath() string

NextDirectoryPath returns the directory name for this endpoint bpf program next bpf builds.

func (*Endpoint) OnProxyPolicyUpdate 

func (e *Endpoint) OnProxyPolicyUpdate(revision uint64)

OnProxyPolicyUpdate is a callback used to update the Endpoint's proxyPolicyRevision when the specified revision has been applied in the proxy.

func (*Endpoint) PinDatapathMap 

func (e *Endpoint) PinDatapathMap() error

PinDatapathMap retrieves a file descriptor from the map ID from the API call and pins the corresponding map into the BPF file system.

func (*Endpoint) PolicyMapPathLocked 

func (e *Endpoint) PolicyMapPathLocked() string

PolicyMapPathLocked returns the path to the policy map of endpoint.

func (*Endpoint) PolicyRevisionBumpEvent 

func (e *Endpoint) PolicyRevisionBumpEvent(rev uint64)

PolicyRevisionBumpEvent queues an event for the given endpoint to set its realized policy revision to rev. This may block depending on if events have been queued up for the given endpoint. It blocks until the event has succeeded, or if the event has been cancelled.

func (*Endpoint) ProxyID 

func (e *Endpoint) ProxyID(l4 *policy.L4Filter) string

ProxyID returns a unique string to identify a proxy mapping.

func (*Endpoint) RLockAlive 

func (e *Endpoint) RLockAlive() error

RLockAlive returns error if endpoint was removed, read locks underlying mutex otherwise

func (*Endpoint) RUnlock 

func (e *Endpoint) RUnlock()

RUnlock read unlocks endpoint mutex

func (*Endpoint) Regenerate 

func (e *Endpoint) Regenerate(regenMetadata *regeneration.ExternalRegenerationMetadata) <-chan bool

Regenerate forces the regeneration of endpoint programs & policy Should only be called with e.state == StateWaitingToRegenerate or with e.state == StateWaitingForIdentity

func (*Endpoint) RegenerateIfAlive 

func (e *Endpoint) RegenerateIfAlive(regenMetadata *regeneration.ExternalRegenerationMetadata) <-chan bool

RegenerateIfAlive queue a regeneration of this endpoint into the build queue of the endpoint and returns a channel that is closed when the regeneration of the endpoint is complete. The channel returns:

  • false if the regeneration failed
  • true if the regeneration succeed
  • nothing and the channel is closed if the regeneration did not happen

func (*Endpoint) RegenerateWait 

func (e *Endpoint) RegenerateWait(reason string) error

RegenerateWait should only be called when endpoint's state has successfully been changed to "waiting-to-regenerate"

func (*Endpoint) RequireARPPassthrough 

func (e *Endpoint) RequireARPPassthrough() bool

RequireARPPassthrough returns true if the datapath must implement ARP passthrough for this endpoint

func (*Endpoint) RequireEgressProg 

func (e *Endpoint) RequireEgressProg() bool

RequireEgressProg returns true if the endpoint requires bpf_lxc with esction "to-container" to be attached at egress on the host facing veth pair

func (*Endpoint) RequireEndpointRoute 

func (e *Endpoint) RequireEndpointRoute() bool

RequireEndpointRoute returns if the endpoint wants a per endpoint route

func (*Endpoint) RequireRouting 

func (e *Endpoint) RequireRouting() (required bool)

RequireRouting returns true if the endpoint requires BPF routing to be enabled, when disabled, routing is delegated to Linux routing

func (*Endpoint) RunMetadataResolver 

func (e *Endpoint) RunMetadataResolver(resolveMetadata MetadataResolverCB)

RunMetadataResolver starts a controller associated with the received endpoint which will periodically attempt to resolve the metadata for the endpoint and update the endpoint with the related. It stops resolving after either the first successful metadata resolution or when the endpoint is removed.

This assumes that after the initial successful resolution, other mechanisms will handle updates (such as pkg/k8s/watchers informers).

func (*Endpoint) SetContainerID 

func (e *Endpoint) SetContainerID(id string)

SetContainerID modifies the endpoint's container ID

func (*Endpoint) SetContainerName 

func (e *Endpoint) SetContainerName(name string)

SetContainerName modifies the endpoint's container name

func (*Endpoint) SetDatapathMapIDAndPinMapLocked 

func (e *Endpoint) SetDatapathMapIDAndPinMapLocked(id int) error

SetDatapathMapIDAndPinMapLocked modifies the endpoint's datapath map ID

func (*Endpoint) SetDefaultOpts 

func (e *Endpoint) SetDefaultOpts(opts *option.IntOptions)

SetDefaultOpts initializes the endpoint Options and configures the specified options.

func (*Endpoint) SetDesiredEgressPolicyEnabled 

func (e *Endpoint) SetDesiredEgressPolicyEnabled(egress bool)

SetDesiredEgressPolicyEnabled sets Endpoint's egress policy enforcement configuration to the specified value. The endpoint's mutex must not be held.

func (*Endpoint) SetDesiredEgressPolicyEnabledLocked 

func (e *Endpoint) SetDesiredEgressPolicyEnabledLocked(egress bool)

SetDesiredEgressPolicyEnabledLocked sets Endpoint's egress policy enforcement configuration to the specified value. The endpoint's mutex must be held.

func (*Endpoint) SetDesiredIngressPolicyEnabled 

func (e *Endpoint) SetDesiredIngressPolicyEnabled(ingress bool)

SetDesiredIngressPolicyEnabled sets Endpoint's ingress policy enforcement configuration to the specified value. The endpoint's mutex must not be held.

func (*Endpoint) SetDesiredIngressPolicyEnabledLocked 

func (e *Endpoint) SetDesiredIngressPolicyEnabledLocked(ingress bool)

SetDesiredIngressPolicyEnabledLocked sets Endpoint's ingress policy enforcement configuration to the specified value. The endpoint's mutex must be held.

func (*Endpoint) SetDockerEndpointID 

func (e *Endpoint) SetDockerEndpointID(id string)

SetDockerEndpointID modifies the endpoint's Docker Endpoint ID

func (*Endpoint) SetDockerNetworkID 

func (e *Endpoint) SetDockerNetworkID(id string)

SetDockerNetworkID modifies the endpoint's Docker Endpoint ID

func (*Endpoint) SetIdentity 

func (e *Endpoint) SetIdentity(identity *identityPkg.Identity, newEndpoint bool)

SetIdentity resets endpoint's policy identity to 'id'. Caller triggers policy regeneration if needed. Called with e.Mutex Locked

func (*Endpoint) SetK8sNamespace 

func (e *Endpoint) SetK8sNamespace(name string)

SetK8sNamespace modifies the endpoint's pod name

func (*Endpoint) SetK8sPodName 

func (e *Endpoint) SetK8sPodName(name string)

SetK8sPodName modifies the endpoint's pod name

func (*Endpoint) SetNodeMACLocked 

func (e *Endpoint) SetNodeMACLocked(m mac.MAC)

SetNodeMACLocked updates the node MAC inside the endpoint.

func (*Endpoint) SetPolicyRevision 

func (e *Endpoint) SetPolicyRevision(rev uint64)

SetPolicyRevision sets the endpoint's policy revision with the given revision.

func (*Endpoint) SetState 

func (e *Endpoint) SetState(toState, reason string) bool

SetState modifies the endpoint's state Returns true only if endpoints state was changed as requested

func (*Endpoint) SetStateLocked 

func (e *Endpoint) SetStateLocked(toState, reason string) bool

SetStateLocked modifies the endpoint's state endpoint.Mutex must be held Returns true only if endpoints state was changed as requested

func (*Endpoint) SkipStateClean 

func (e *Endpoint) SkipStateClean()

SkipStateClean can be called on a endpoint before its first build to skip the cleaning of state such as the conntrack table. This is useful when an endpoint is being restored from state and the datapath state should not be claned.

The endpoint lock must NOT be held.

func (*Endpoint) StartRegenerationFailureHandler 

func (e *Endpoint) StartRegenerationFailureHandler()

StartRegenerationFailureHandler is a wrapper of startRegenerationFailureHandler, this function was created for the backports of an upstream commit.

func (*Endpoint) StateDirectoryPath 

func (e *Endpoint) StateDirectoryPath() string

StateDirectoryPath returns the directory name for this endpoint bpf program.

func (*Endpoint) String 

func (e *Endpoint) String() string

String returns endpoint on a JSON format.

func (*Endpoint) StringID 

func (e *Endpoint) StringID() string

StringID returns the endpoint's ID in a string.

func (*Endpoint) SyncEndpointHeaderFile 

func (e *Endpoint) SyncEndpointHeaderFile() error

SyncEndpointHeaderFile it bumps the current DNS History information for the endpoint in the lxc_config.h file.

func (*Endpoint) UnconditionalLock 

func (e *Endpoint) UnconditionalLock()

UnconditionalLock should be used only for locking endpoint for - setting its state to StateDisconnected or StateInvalid - handling regular Lock errors - reporting endpoint status (like in LogStatus method) Use Lock in all other cases

func (*Endpoint) UnconditionalRLock 

func (e *Endpoint) UnconditionalRLock()

UnconditionalRLock should be used only for reporting endpoint state

func (*Endpoint) Unlock 

func (e *Endpoint) Unlock()

Unlock unlocks endpoint mutex

func (*Endpoint) Update 

func (e *Endpoint) Update(cfg *models.EndpointConfigurationSpec) error

Update modifies the endpoint options and *always* tries to regenerate the endpoint's program. Returns an error if the provided options are not valid, if there was an issue triggering policy updates for the given endpoint, or if endpoint regeneration was unable to be triggered. Note that the LabelConfiguration in the EndpointConfigurationSpec is *not* consumed here.

func (*Endpoint) UpdateController 

func (e *Endpoint) UpdateController(name string, params controller.ControllerParams) *controller.Controller

UpdateController updates the controller with the specified name with the provided list of parameters in endpoint's list of controllers.

func (*Endpoint) UpdateLabels 

func (e *Endpoint) UpdateLabels(ctx context.Context, identityLabels, infoLabels pkgLabels.Labels, blocking bool)

UpdateLabels is called to update the labels of an endpoint. Calls to this function do not necessarily mean that the labels actually changed. The container runtime layer will periodically synchronize labels.

If a net label changed was performed, the endpoint will receive a new identity and will be regenerated. Both of these operations will happen in the background.

func (*Endpoint) UpdateLogger 

func (e *Endpoint) UpdateLogger(fields map[string]interface{})

UpdateLogger creates a logger instance specific to this endpoint. It will create a custom Debug logger for this endpoint when the option on it is set. If fields is not nil only the those specific fields will be updated in the endpoint's logger, otherwise a full update of those fields is executed. Note: You must hold Endpoint.Mutex for reading if fields is nil.

func (*Endpoint) UpdateProxyStatistics 

func (e *Endpoint) UpdateProxyStatistics(l4Protocol string, port uint16, ingress, request bool, verdict accesslog.FlowVerdict)

UpdateProxyStatistics updates the Endpoint's proxy statistics to account for a new observed flow with the given characteristics.

func (*Endpoint) WaitForPolicyRevision 

func (e *Endpoint) WaitForPolicyRevision(ctx context.Context, rev uint64, done func(ts time.Time)) <-chan struct{}

WaitForPolicyRevision returns a channel that is closed when one or more of the following conditions have met:

  • the endpoint is disconnected state
  • the endpoint's policy revision reaches the wanted revision

When the done callback is non-nil it will be called just before the channel is closed.

func (*Endpoint) WaitForProxyCompletions 

func (e *Endpoint) WaitForProxyCompletions(proxyWaitGroup *completion.WaitGroup) error

WaitForProxyCompletions blocks until all proxy changes have been completed. Called with BuildMutex held.

type EndpointRegenerationEvent 

type EndpointRegenerationEvent struct {
	// contains filtered or unexported fields
}

EndpointRegenerationEvent contains all fields necessary to regenerate an endpoint.

func (*EndpointRegenerationEvent) Handle 

func (ev *EndpointRegenerationEvent) Handle(res chan interface{})

Handle handles the regeneration event for the endpoint.

type EndpointRegenerationResult 

type EndpointRegenerationResult struct {
	// contains filtered or unexported fields
}

EndpointRegenerationResult contains the results of an endpoint regeneration.

type EndpointRevisionBumpEvent 

type EndpointRevisionBumpEvent struct {
	Rev uint64
	// contains filtered or unexported fields
}

EndpointRevisionBumpEvent contains all fields necessary to bump the policy revision of a given endpoint.

func (*EndpointRevisionBumpEvent) Handle 

func (ev *EndpointRevisionBumpEvent) Handle(res chan interface{})

Handle handles the revision bump event for the Endpoint.

type EndpointStatus 

type EndpointStatus struct {
	// CurrentStatuses is the last status of a given priority.
	CurrentStatuses componentStatus `json:"current-status,omitempty"`
	// Contains the last maxLogs messages for this endpoint.
	Log statusLog `json:"log,omitempty"`
	// Index is the index in the statusLog, is used to keep track the next
	// available position to write a new log message.
	Index int `json:"index"`
	// contains filtered or unexported fields
}

EndpointStatus represents the endpoint status.

func NewEndpointStatus 

func NewEndpointStatus() *EndpointStatus

func (*EndpointStatus) CurrentStatus 

func (e *EndpointStatus) CurrentStatus() StatusCode

func (*EndpointStatus) GetModel 

func (e *EndpointStatus) GetModel() []*models.EndpointStatusChange

func (*EndpointStatus) String 

func (e *EndpointStatus) String() string

type MetadataResolverCB 

type MetadataResolverCB func(*Endpoint) (identityLabels labels.Labels, infoLabels labels.Labels, err error)

MetadataResolverCB provides an implementation for resolving the endpoint metadata for an endpoint such as the associated labels and annotations.

type Status 

type Status struct {
	Code  StatusCode `json:"code"`
	Msg   string     `json:"msg"`
	Type  StatusType `json:"status-type"`
	State string     `json:"state"`
}

func (Status) String 

func (s Status) String() string

type StatusCode 

type StatusCode int
const (
	OK       StatusCode = 0
	Warning  StatusCode = -1
	Failure  StatusCode = -2
	Disabled StatusCode = -3
)

func (StatusCode) ColorString 

func (sc StatusCode) ColorString() string

func (StatusCode) String 

func (sc StatusCode) String() string

type StatusResponse 

type StatusResponse struct {
	KVStore    Status              `json:"kvstore"`
	Docker     Status              `json:"docker"`
	Kubernetes Status              `json:"kubernetes"`
	Cilium     Status              `json:"cilium"`
	IPAMStatus map[string][]string `json:",omitempty"`
}

type StatusType 

type StatusType int

StatusType represents the type for the given status, higher the value, higher the priority. 

const (
	BPF    StatusType = 200
	Policy StatusType = 100
	Other  StatusType = 0
)

type UpdateCompilationError 

type UpdateCompilationError struct {
	// contains filtered or unexported fields
}

func (UpdateCompilationError) Error 

func (e UpdateCompilationError) Error() string

type UpdateStateChangeError 

type UpdateStateChangeError struct {
	// contains filtered or unexported fields
}

UpdateStateChangeError is an error that indicates that updating the state of an endpoint was unsuccessful. Implements error interface.

func (UpdateStateChangeError) Error 

func (e UpdateStateChangeError) Error() string

type UpdateValidationError 

type UpdateValidationError struct {
	// contains filtered or unexported fields
}

func (UpdateValidationError) Error 

func (e UpdateValidationError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
Package connector is responsible for the datapath specific plumbing to connect an endpoint to the network
 Package connector is responsible for the datapath specific plumbing to connect an endpoint to the network

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.