GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

eni

package

v1.9.4 Latest Latest Go to latest Published: Feb 3, 2021 License: Apache-2.0 Imports: 16 Imported by: 5

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package eni implements AWS ENI allocation logic

Index ¶

type EC2API
type InstancesManager
- func NewInstancesManager(api EC2API, eniTags map[string]string) *InstancesManager
type Node

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type EC2API ¶

type EC2API interface {
	GetInstances(ctx context.Context, vpcs ipamTypes.VirtualNetworkMap, subnets ipamTypes.SubnetMap) (*ipamTypes.InstanceMap, error)
	GetSubnets(ctx context.Context) (ipamTypes.SubnetMap, error)
	GetVpcs(ctx context.Context) (ipamTypes.VirtualNetworkMap, error)
	GetSecurityGroups(ctx context.Context) (types.SecurityGroupMap, error)
	CreateNetworkInterface(ctx context.Context, toAllocate int64, subnetID, desc string, groups []string) (string, *eniTypes.ENI, error)
	AttachNetworkInterface(ctx context.Context, index int64, instanceID, eniID string) (string, error)
	DeleteNetworkInterface(ctx context.Context, eniID string) error
	ModifyNetworkInterface(ctx context.Context, eniID, attachmentID string, deleteOnTermination bool) error
	AssignPrivateIpAddresses(ctx context.Context, eniID string, addresses int64) error
	UnassignPrivateIpAddresses(ctx context.Context, eniID string, addresses []string) error
	TagENI(ctx context.Context, eniID string, eniTags map[string]string) error
}

EC2API is the API surface used of the EC2 API

type InstancesManager ¶

type InstancesManager struct {
	// contains filtered or unexported fields
}

InstancesManager maintains the list of instances. It must be kept up to date by calling resync() regularly.

func NewInstancesManager ¶

func NewInstancesManager(api EC2API, eniTags map[string]string) *InstancesManager

NewInstancesManager returns a new instances manager

func (*InstancesManager) CreateNode ¶

func (m *InstancesManager) CreateNode(obj *v2.CiliumNode, n *ipam.Node) ipam.NodeOperations

CreateNode is called on discovery of a new node and returns the ENI node allocation implementation for the new node

func (*InstancesManager) FindSecurityGroupByTags ¶

func (m *InstancesManager) FindSecurityGroupByTags(vpcID string, required ipamTypes.Tags) []*types.SecurityGroup

FindSecurityGroupByTags returns the security groups matching VPC ID and all required tags

The returned security groups slice is immutable so it can be safely accessed

func (*InstancesManager) FindSubnetByTags ¶

func (m *InstancesManager) FindSubnetByTags(vpcID, availabilityZone string, required ipamTypes.Tags) (bestSubnet *ipamTypes.Subnet)

FindSubnetByTags returns the subnet with the most addresses matching VPC ID, availability zone and all required tags

The returned subnet is immutable so it can be safely accessed

func (*InstancesManager) ForeachInstance ¶

func (m *InstancesManager) ForeachInstance(instanceID string, fn ipamTypes.InterfaceIterator)

ForeachInstance will iterate over each instance inside `instances`, and call `fn`. This function is read-locked for the entire execution.

func (*InstancesManager) GetPoolQuota ¶

func (m *InstancesManager) GetPoolQuota() ipamTypes.PoolQuotaMap

GetPoolQuota returns the number of available IPs in all IP pools

func (*InstancesManager) GetSubnet ¶

func (m *InstancesManager) GetSubnet(subnetID string) *ipamTypes.Subnet

GetSubnet returns the subnet by subnet ID

The returned subnet is immutable so it can be safely accessed

func (*InstancesManager) GetSubnets ¶

func (m *InstancesManager) GetSubnets(ctx context.Context) ipamTypes.SubnetMap

GetSubnets returns all the tracked subnets

The returned subnetMap is immutable so it can be safely accessed

func (*InstancesManager) Resync ¶

func (m *InstancesManager) Resync(ctx context.Context) time.Time

Resync fetches the list of EC2 instances and subnets and updates the local cache in the instanceManager. It returns the time when the resync has started or time.Time{} if it did not complete.

func (*InstancesManager) UpdateENI ¶

func (m *InstancesManager) UpdateENI(instanceID string, eni *eniTypes.ENI)

UpdateENI updates the ENI definition of an ENI for a particular instance. If the ENI is already known, the definition is updated, otherwise the ENI is added to the instance.

type Node ¶

type Node struct {
	// contains filtered or unexported fields
}

Node represents a Kubernetes node running Cilium with an associated CiliumNode custom resource

func (*Node) AllocateIPs ¶

func (n *Node) AllocateIPs(ctx context.Context, a *ipam.AllocationAction) error

AllocateIPs performs the ENI allocation oepration

func (*Node) CreateInterface ¶

func (n *Node) CreateInterface(ctx context.Context, allocation *ipam.AllocationAction, scopedLog *logrus.Entry) (int, string, error)

CreateInterface creates an additional interface with the instance and attaches it to the instance as specified by the CiliumNode. neededAddresses of secondary IPs are assigned to the interface up to the maximum number of addresses as allowed by the instance.

func (*Node) GetMaximumAllocatableIPv4 ¶

func (n *Node) GetMaximumAllocatableIPv4() int

GetMaximumAllocatableIPv4 returns the maximum amount of IPv4 addresses that can be allocated to the instance

func (*Node) PopulateStatusFields ¶

func (n *Node) PopulateStatusFields(k8sObj *v2.CiliumNode)

PopulateStatusFields fills in the status field of the CiliumNode custom resource with ENI specific information

func (*Node) PrepareIPAllocation ¶

func (n *Node) PrepareIPAllocation(scopedLog *logrus.Entry) (a *ipam.AllocationAction, err error)

PrepareIPAllocation returns the number of ENI IPs and interfaces that can be allocated/created.

func (*Node) PrepareIPRelease ¶

func (n *Node) PrepareIPRelease(excessIPs int, scopedLog *logrus.Entry) *ipam.ReleaseAction

PrepareIPRelease prepares the release of ENI IPs.

func (*Node) ReleaseIPs ¶

func (n *Node) ReleaseIPs(ctx context.Context, r *ipam.ReleaseAction) error

ReleaseIPs performs the ENI IP release operation

func (*Node) ResyncInterfacesAndIPs ¶

func (n *Node) ResyncInterfacesAndIPs(ctx context.Context, scopedLog *logrus.Entry) (ipamTypes.AllocationMap, error)

ResyncInterfacesAndIPs is called to retrieve and ENIs and IPs as known to the EC2 API and return them

func (*Node) UpdatedNode ¶

func (n *Node) UpdatedNode(obj *v2.CiliumNode)

UpdatedNode is called when an update to the CiliumNode is received.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
limits
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL