Documentation ¶
Overview ¶
Copyright 2016 Authors of Cilium
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016 Authors of Cilium ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- type Config
- type Conn
- type Daemon
- func (d *Daemon) AddOrUpdateUINode(id uint32, lbls []types.Label, refCount int)
- func (d *Daemon) AllocateIP(ipamType ipam.IPAMType, options ipam.IPAMReq) (*ipam.IPAMRep, error)
- func (d *Daemon) DeleteLabelsBySHA256(sha256Sum string, contID string) error
- func (d *Daemon) DeleteLabelsByUUID(id uint32, contID string) error
- func (d *Daemon) DeleteUINode(id uint32)
- func (d *Daemon) EnableConntrackGC()
- func (d *Daemon) EnableConsulWatcher(maxSeconds time.Duration)
- func (d *Daemon) EnableDockerEventListener() error
- func (d *Daemon) EnableDockerSync(once bool)
- func (d *Daemon) EnableK8sWatcher(maxSeconds time.Duration) error
- func (d *Daemon) EnableLearningTraffic()
- func (d *Daemon) EnableLogstash(LogstashAddr string, refreshTime int)
- func (d *Daemon) EndpointGet(endpointID uint16) (*types.Endpoint, error)
- func (d *Daemon) EndpointGetByDockerEPID(dockerEPID string) (*types.Endpoint, error)
- func (d *Daemon) EndpointGetByDockerID(dockerID string) (*types.Endpoint, error)
- func (d *Daemon) EndpointJoin(ep types.Endpoint) error
- func (d *Daemon) EndpointLabelsGet(epID uint16) (*types.OpLabels, error)
- func (d *Daemon) EndpointLabelsUpdate(epID uint16, labelOps types.LabelOp) error
- func (d *Daemon) EndpointLeave(epID uint16) error
- func (d *Daemon) EndpointLeaveByDockerEPID(dockerEPID string) error
- func (d *Daemon) EndpointSave(ep types.Endpoint) error
- func (d *Daemon) EndpointUpdate(epID uint16, opts types.OptionMap) error
- func (d *Daemon) EndpointsGet() ([]types.Endpoint, error)
- func (d *Daemon) GetCachedLabelList(ID uint32) ([]types.Label, error)
- func (d *Daemon) GetIPAMConf(ipamType ipam.IPAMType, options ipam.IPAMReq) (*ipam.IPAMConfigRep, error)
- func (d *Daemon) GetLabels(id uint32) (*types.SecCtxLabel, error)
- func (d *Daemon) GetLabelsBySHA256(sha256sum string) (*types.SecCtxLabel, error)
- func (d *Daemon) GetMaxID() (uint32, error)
- func (d *Daemon) GetUIIP() (*net.TCPAddr, error)
- func (d *Daemon) GetUIPath() (string, error)
- func (d *Daemon) InsertEndpoint(ep *types.Endpoint)
- func (d *Daemon) ListenBuildUIEvents()
- func (d *Daemon) Ping() (*types.PingResponse, error)
- func (d *Daemon) PolicyAdd(path string, node *types.PolicyNode) error
- func (d *Daemon) PolicyCanConsume(ctx *types.SearchContext) (*types.SearchContextReply, error)
- func (d *Daemon) PolicyDelete(path string) error
- func (d *Daemon) PolicyGet(path string) (*types.PolicyNode, error)
- func (d *Daemon) PolicyInit() error
- func (d *Daemon) PutLabels(labels types.Labels, contID string) (*types.SecCtxLabel, bool, error)
- func (d *Daemon) RegisterUIListener(conn *websocket.Conn) (chan types.UIUpdateMsg, error)
- func (d *Daemon) ReleaseIP(ipamType ipam.IPAMType, options ipam.IPAMReq) error
- func (d *Daemon) SyncState(dir string, clean bool) error
- func (d *Daemon) Update(opts types.OptionMap) error
- type LogstashStat
Constants ¶
const (
GcInterval int = 10
)
const (
OptionPolicyTracing = "PolicyTracing"
)
Variables ¶
var ( OptionSpecPolicyTracing = types.Option{ Description: "Enable tracing when resolving policy (Debug)", } DaemonOptionLibrary = types.OptionLibrary{ types.OptionNAT46: &types.OptionSpecNAT46, types.OptionDropNotify: &types.OptionSpecDropNotify, types.OptionDebug: &types.OptionSpecDebug, types.OptionPolicy: &types.OptionSpecPolicy, types.OptionConntrack: &types.OptionSpecConntrack, types.OptionConntrackAccounting: &types.OptionSpecConntrackAccounting, OptionPolicyTracing: &OptionSpecPolicyTracing, } )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { LibDir string // Cilium library directory RunDir string // Cilium runtime directory LXCMap *lxcmap.LXCMap // LXCMap where all LXCs are stored NodeAddress *addressing.NodeAddress // Node IPv6 Address NAT46Prefix *net.IPNet // NAT46 IPv6 Prefix Device string // Receive device ConsulConfig *consulAPI.Config // Consul configuration DockerEndpoint string // Docker endpoint IPv4Enabled bool // Gives IPv4 addresses to containers K8sEndpoint string // Kubernetes endpoint ValidLabelPrefixes *types.LabelPrefixCfg // Label prefixes used to filter from all labels ValidLabelPrefixesMU sync.RWMutex UIServerAddr string // TCP address for UI server UIEnabled bool LBMode bool // Set to true on load balancer node Tunnel string // Tunnel mode DryMode bool // Do not create BPF maps, devices, .. RestoreState bool // RestoreState restores the state from previous running daemons. // Options changeable at runtime Opts *types.BoolOptions OptsMU sync.RWMutex }
Config is the configuration used by Daemon.
func (*Config) IsUIEnabled ¶
type Daemon ¶
type Daemon struct {
// contains filtered or unexported fields
}
Daemon is the cilium daemon that is in charge of perform all necessary plumbing, monitoring when a LXC starts.
func (*Daemon) AddOrUpdateUINode ¶
func (*Daemon) AllocateIP ¶
AllocateIP allocates and returns a free IPv6 address with plugin configurations specific set up.
func (*Daemon) DeleteLabelsBySHA256 ¶
DeleteLabelsBySHA256 deletes the SecCtxLabels that belong to the labels' sha256Sum.
func (*Daemon) DeleteLabelsByUUID ¶
DeleteLabelsByUUID deletes the SecCtxLabels belonging to the given id.
func (*Daemon) DeleteUINode ¶
func (*Daemon) EnableConntrackGC ¶
func (d *Daemon) EnableConntrackGC()
func (*Daemon) EnableConsulWatcher ¶
EnableConsulWatcher watches for consul changes in the common.LastFreeIDKeyPath key. Triggers policy updates every time the value of that key is changed.
func (*Daemon) EnableDockerEventListener ¶
EnableDockerEventListener watches for docker events. Performs the plumbing for the containers started or dead.
func (*Daemon) EnableDockerSync ¶
func (*Daemon) EnableLearningTraffic ¶
func (d *Daemon) EnableLearningTraffic()
func (*Daemon) EnableLogstash ¶
func (*Daemon) EndpointGet ¶
EndpointGet returns a copy of the endpoint for the given endpointID, or nil if the endpoint was not found.
func (*Daemon) EndpointGetByDockerEPID ¶
EndpointGetByDockerEPID returns a copy of the endpoint for the given dockerEPID, or nil if the endpoint was not found.
func (*Daemon) EndpointGetByDockerID ¶
EndpointGetByDockerID returns a copy of the endpoint for the given dockerEPID, or nil if the endpoint was not found.
func (*Daemon) EndpointJoin ¶
EndpointJoin sets up the endpoint working directory.
func (*Daemon) EndpointLabelsGet ¶
func (*Daemon) EndpointLabelsUpdate ¶
func (*Daemon) EndpointLeave ¶
EndpointLeave cleans the directory used by the endpoint epID and all relevant details with the epID.
func (*Daemon) EndpointLeaveByDockerEPID ¶
EndpointLeaveByDockerEPID cleans the directory used by the endpoint dockerEPID and all relevant details with the epID.
func (*Daemon) EndpointSave ¶
EndpointSave saves the endpoint in the daemon internal endpoint map.
func (*Daemon) EndpointUpdate ¶
EndpointUpdate updates the given endpoint and recompiles the bpf map.
func (*Daemon) EndpointsGet ¶
EndpointsGet returns a copy of all the endpoints or nil if there are no endpoints.
func (*Daemon) GetCachedLabelList ¶
func (*Daemon) GetIPAMConf ¶
func (d *Daemon) GetIPAMConf(ipamType ipam.IPAMType, options ipam.IPAMReq) (*ipam.IPAMConfigRep, error)
GetIPAMConf returns the IPAM configuration details of the given IPAM type.
func (*Daemon) GetLabels ¶
func (d *Daemon) GetLabels(id uint32) (*types.SecCtxLabel, error)
GetLabels returns the SecCtxLabels that belongs to the given id.
func (*Daemon) GetLabelsBySHA256 ¶
func (d *Daemon) GetLabelsBySHA256(sha256sum string) (*types.SecCtxLabel, error)
GetLabelsBySHA256 returns the SecCtxLabels that have the given SHA256SUM.
func (*Daemon) InsertEndpoint ¶
Public API to insert an endpoint without connecting it to a container
func (*Daemon) ListenBuildUIEvents ¶
func (d *Daemon) ListenBuildUIEvents()
func (*Daemon) PolicyCanConsume ¶
func (d *Daemon) PolicyCanConsume(ctx *types.SearchContext) (*types.SearchContextReply, error)
PolicyCanConsume calculates if the ctx allows the consumer to be consumed. This public function returns a SearchContextReply with the consumable decision and the tracing log if ctx.Trace was set.
func (*Daemon) PolicyDelete ¶
PolicyDelete deletes the policy set in path from the policy tree.
func (*Daemon) PolicyGet ¶
func (d *Daemon) PolicyGet(path string) (*types.PolicyNode, error)
PolicyGet returns the policy of the given path.
func (*Daemon) PolicyInit ¶
func (*Daemon) PutLabels ¶
PutLabels stores to given labels in consul and returns the SecCtxLabels created for the given labels.