policysync

Documentation

Index

• Constants
• func AddIPSetsRule(r *proto.Rule, s map[string]bool)
• type EndpointInfo
• type JoinMetadata
• type JoinRequest
• type LeaveRequest
• type Processor
  • func NewProcessor(updates <-chan interface{}) *Processor
  • func (p *Processor) Start()
• type Server
  • func NewServer(joins chan<- interface{}, allocUID func() uint64) *Server
  • func (s *Server) RegisterGrpc(g *grpc.Server)
  • func (s *Server) Sync(_ *proto.SyncRequest, stream proto.PolicySync_SyncServer) error
• type UIDAllocator
  • func NewUIDAllocator() *UIDAllocator
  • func (a *UIDAllocator) NextUID() uint64

Constants

const (
	SockName       = "/policysync.sock"
	OrchestratorId = "k8s"
	EndpointId     = "eth0"
)

const MaxMembersPerMessage = 82200

MaxMembersPerMessage sets the limit on how many IP Set members to include in an outgoing gRPC message, which has a size limit of 4MB (4194304 bytes). Worst case, an IP Set member would be an IPv6 address including a port and protocol. 2001:0db8:0000:0000:0000:ff00:0042:8329,tcp:65535 = 49 characters Protobuf strings have 2 extra bytes of key/length (for lengths < 128), which gives 51 bytes per member, worst case. 4194304 / 51 = 82241, which we round down to 82200, giving about 2kB for the rest of the message.

const OutputQueueLen = 100

Functions

func AddIPSetsRule

func AddIPSetsRule(r *proto.Rule, s map[string]bool)

Types

type EndpointInfo

type EndpointInfo struct {
	// contains filtered or unexported fields
}

type JoinMetadata

type JoinMetadata struct {
	EndpointID proto.WorkloadEndpointID
	// JoinUID is a correlator, used to match stop requests with join requests.
	JoinUID uint64
}

type JoinRequest

type JoinRequest struct {
	JoinMetadata
	// C is the channel to send updates to the policy sync client.  Processor closes the channel when the
	// workload endpoint is removed, or when a new JoinRequest is received for the same endpoint.  If nil, indicates
	// the client wants to stop receiving updates.
	C chan<- proto.ToDataplane
}

JoinRequest is sent to the Processor when a new socket connection is accepted by the GRPC server, it provides the channel used to send sync messages back to the server goroutine.

type LeaveRequest

type LeaveRequest struct {
	JoinMetadata
}

type Processor

type Processor struct {
	Updates     <-chan interface{}
	JoinUpdates chan interface{}
	// contains filtered or unexported fields
}

func NewProcessor

func NewProcessor(updates <-chan interface{}) *Processor

func (*Processor) Start

func (p *Processor) Start()

type Server

type Server struct {
	JoinUpdates chan<- interface{}
	// contains filtered or unexported fields
}

Server implements the API that each policy-sync agent connects to in order to get policy information. There is a single instance of the Server, it disambiguates connections from different clients by the credentials present in the gRPC request.

func NewServer

func NewServer(joins chan<- interface{}, allocUID func() uint64) *Server

func (*Server) RegisterGrpc

func (s *Server) RegisterGrpc(g *grpc.Server)

func (*Server) Sync

func (s *Server) Sync(_ *proto.SyncRequest, stream proto.PolicySync_SyncServer) error

type UIDAllocator

type UIDAllocator struct {
	// contains filtered or unexported fields
}

func NewUIDAllocator

func NewUIDAllocator() *UIDAllocator

func (*UIDAllocator) NextUID

func (a *UIDAllocator) NextUID() uint64