controller

package
v0.0.0-...-bf19cfb Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 82 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ACIContainersTaintName string = "aci-containers-host/unavailable"
)

Name of the taint to add to nodes that are not ready

View Source 
const DefaultServiceContractScope = "context"

Default service contract scope value

View Source 
const DefaultServiceExtSubNetShared = false

Default service ext subnet scope - enable shared security

Variables

View Source 
var Acc_provision_config_path = "/usr/local/etc/acc-provision/acc-provision-operator.conf"
View Source 
var Aci_operator_config_path = "/usr/local/etc/aci-containers/aci-operator.conf"
View Source 
var Dnsoper = map[string]bool{
	"openshift-4.3": true,
}
View Source 
var Version = map[string]bool{
	"openshift-4.3":                        true,
	"cloud":                                true,
	"openshift-4.4-openstack":              true,
	"openshift-4.5-openstack":              true,
	"openshift-4.6-openstack":              true,
	"openshift-4.7-openstack":              true,
	"openshift-4.8-openstack":              true,
	"openshift-4.9-openstack":              true,
	"openshift-4.10-openstack":             true,
	"openshift-4.11-openstack":             true,
	"openshift-4.12-openstack":             true,
	"openshift-4.13-openstack":             true,
	"openshift-4.14-openstack":             true,
	"openshift-4.6-baremetal":              true,
	"openshift-4.7-baremetal":              true,
	"openshift-4.8-baremetal":              true,
	"openshift-4.9-baremetal":              true,
	"openshift-4.10-baremetal":             true,
	"openshift-4.11-baremetal":             true,
	"openshift-4.12-baremetal":             true,
	"openshift-4.13-baremetal":             true,
	"openshift-4.14-baremetal":             true,
	"openshift-4.14-agent-based-baremetal": true,
	"openshift-4.4-esx":                    true,
	"openshift-4.5-esx":                    true,
	"openshift-4.6-esx":                    true,
	"openshift-4.7-esx":                    true,
	"openshift-4.8-esx":                    true,
	"openshift-4.9-esx":                    true,
	"openshift-4.10-esx":                   true,
	"openshift-4.11-esx":                   true,
	"openshift-4.12-esx":                   true,
	"openshift-4.13-esx":                   true,
	"openshift-4.14-esx":                   true,
	"openshift-4.14-agent-based-esx":       true,
}

Functions

func ErspanPolicyLogger 

func ErspanPolicyLogger(log *logrus.Logger, erspan *erspanpolicy.ErspanPolicy) *logrus.Entry

func InitFlags 

func InitFlags(config *ControllerConfig)

func NetflowPolicyLogger 

func NetflowPolicyLogger(log *logrus.Logger, netflow *netflowpolicy.NetflowPolicy) *logrus.Entry

func NodeFabricNetworkAttachmentLogger 

func NodeFabricNetworkAttachmentLogger(log *logrus.Logger, nodeFabNetAtt *fabattv1.NodeFabricNetworkAttachment) *logrus.Entry

func QosPolicyLogger 

func QosPolicyLogger(log *logrus.Logger, qos *qospolicy.QosPolicy) *logrus.Entry

func RdConfigLogger 

func RdConfigLogger(log *logrus.Logger, r *rdConfigv1.RdConfig) *logrus.Entry

func SnatPolicyLogger 

func SnatPolicyLogger(log *logrus.Logger, snat *snatpolicy.SnatPolicy) *logrus.Entry

func StringFromInfo 

func StringFromInfo(ver *VersionInfo) string

StringFromInfo prints the versioning details

func VersionString 

func VersionString() string

String returns printable version string

Types

type AciController 

type AciController struct {
	// contains filtered or unexported fields
}

func NewController 

func NewController(config *ControllerConfig, env Environment, log *logrus.Logger, unittestmode bool) *AciController

func (*AciController) BuildSubnetDnCache 

func (cont *AciController) BuildSubnetDnCache(dn, aciVrfDn string)

func (*AciController) Init 

func (cont *AciController) Init()

func (*AciController) RdConfigAdded 

func (cont *AciController) RdConfigAdded(obj interface{})

func (*AciController) RdConfigDeleted 

func (cont *AciController) RdConfigDeleted(obj interface{})

func (*AciController) RdConfigUpdated 

func (cont *AciController) RdConfigUpdated(oldobj, newobj interface{})

func (*AciController) Run 

func (cont *AciController) Run(stopCh <-chan struct{})

func (*AciController) RunStatus 

func (cont *AciController) RunStatus()

func (*AciController) SubnetChanged 

func (cont *AciController) SubnetChanged(obj apicapi.ApicObject, aciVrfDn string)

func (*AciController) SubnetDeleted 

func (cont *AciController) SubnetDeleted(dn string)

func (*AciController) UpdateSubnetDnCache 

func (cont *AciController) UpdateSubnetDnCache(subnetDn, subnetIp, aciVrfDn string)

func (*AciController) UpdateSubnetDnCacheForDn 

func (cont *AciController) UpdateSubnetDnCacheForDn(subnetDn, subnetIp string)

type AciResources 

type AciResources struct {
	Deployment    *appsv1.Deployment
	HostDaemonset *appsv1.DaemonSet
	OvsDaemonset  *appsv1.DaemonSet
}

AciResources is a struct for handeling the resources of aci fabric

type AdditionalNetworkMeta 

type AdditionalNetworkMeta struct {
	NetworkName string
	EncapVlan   string
	//node+localiface->fabricLinks
	FabricLink map[string]map[string]LinkData
	NodeCache  map[string]*fabattv1.NodeFabricNetworkAttachment
	Mode       util.EncapMode
}

type ContPodSelector 

type ContPodSelector struct {
	Labels    map[string]string
	Namespace string
}

type ContPortRange 

type ContPortRange struct {
	Start int `json:"start,omitempty"`
	End   int `json:"end,omitempty"`
}

type ContSnatPolicy 

type ContSnatPolicy struct {
	SnatIp            []string
	Selector          ContPodSelector
	PortRange         []ContPortRange
	Protocols         []string
	ExpandedSnatIps   []string
	ExpandedSnatPorts []snatglobalinfo.PortRange
}

type Controller 

type Controller struct {
	Logger *log.Entry

	Operator_Clientset          operatorclientset.Interface
	AccProvisionInput_Clientset accprovisioninputclientset.Interface
	K8s_Clientset               kubernetes.Interface
	Operator_Queue              workqueue.RateLimitingInterface
	Deployment_Queue            workqueue.RateLimitingInterface
	Daemonset_Queue             workqueue.RateLimitingInterface
	Node_Queue                  workqueue.RateLimitingInterface
	Route_Queue                 workqueue.RateLimitingInterface
	Config_Map_Queue            workqueue.RateLimitingInterface
	Informer_Operator           cache.SharedIndexInformer
	Informer_Deployment         cache.SharedIndexInformer
	Informer_Daemonset          cache.SharedIndexInformer
	Informer_Node               cache.SharedIndexInformer
	Informer_Route              cache.SharedIndexInformer
	Informer_Config             cache.SharedIndexInformer
	Resources                   AciResources
	DnsOperatorClient           client.Client             // This client is specific dnsopenshift operator
	RoutesClient                routesClientset.Interface // This client is specific routes openshift operator
	Openshiftflavor             bool
	// contains filtered or unexported fields
}

func NewAciContainersOperator 

func NewAciContainersOperator(
	acicnioperatorclient operatorclientset.Interface,
	accprovisioninputclient accprovisioninputclientset.Interface,
	k8sclient kubernetes.Interface) *Controller

func (*Controller) CheckOwnerReference 

func (c *Controller) CheckOwnerReference(reference []metav1.OwnerReference) bool

func (*Controller) CreateAccProvisionInputCR 

func (c *Controller) CreateAccProvisionInputCR() error

func (*Controller) CreateAccProvisionInputObj 

func (c *Controller) CreateAccProvisionInputObj() *accprovisioninput.AccProvisionInput

func (*Controller) CreateAciContainersOperatorCR 

func (c *Controller) CreateAciContainersOperatorCR() error

func (*Controller) CreateAciContainersOperatorObj 

func (c *Controller) CreateAciContainersOperatorObj() *operators.AciContainersOperator

func (*Controller) GetAccProvisionInputCR 

func (c *Controller) GetAccProvisionInputCR() (*accprovisioninput.AccProvisionInput, error)

func (*Controller) GetAciContainersOperatorCR 

func (c *Controller) GetAciContainersOperatorCR() (*operators.AciContainersOperator, error)

func (*Controller) ReadConfigMap 

func (c *Controller) ReadConfigMap(field string) ([]byte, error)

func (*Controller) Run 

func (c *Controller) Run(stopCh <-chan struct{})

func (*Controller) UpdateDeploymentOwnerReference 

func (c *Controller) UpdateDeploymentOwnerReference(acicontainersoperator *operators.AciContainersOperator) bool

func (*Controller) UpdateHostDaemonsetOwnerReference 

func (c *Controller) UpdateHostDaemonsetOwnerReference(acicontainersoperator *operators.AciContainersOperator) bool

func (*Controller) UpdateOvsDaemonsetOwnerReference 

func (c *Controller) UpdateOvsDaemonsetOwnerReference(acicontainersoperator *operators.AciContainersOperator) bool

func (*Controller) WriteConfigMap 

func (c *Controller) WriteConfigMap(field string, data *corev1.ConfigMap) error

type ControllerConfig 

type ControllerConfig struct {
	// Log level
	LogLevel string `json:"log-level,omitempty"`

	// Absolute path to a kubeconfig file
	KubeConfig string `json:"kubeconfig,omitempty"`

	// TCP port to run status server on (or 0 to disable)
	StatusPort int `json:"status-port,omitempty"`

	// Default endpoint group annotation value
	DefaultEg OpflexGroup `json:"default-endpoint-group,omitempty"`

	// Default security group annotation value
	DefaultSg []OpflexGroup `json:"default-security-group,omitempty"`

	// Override default endpoint group assignments for a namespace
	// map ns name -> group
	NamespaceDefaultEg map[string]OpflexGroup `json:"namespace-default-endpoint-group,omitempty"`

	// Override default security group assignments for namespaces
	// map ns name -> slice of groups
	NamespaceDefaultSg map[string][]OpflexGroup `json:"namespace-default-security-group,omitempty"`

	// The hostnames or IPs for connecting to apic
	ApicHosts []string `json:"apic-hosts,omitempty"`

	// The username for connecting to APIC
	ApicUsername string `json:"apic-username,omitempty"`

	// The password for connecting to APIC
	ApicPassword string `json:"apic-password,omitempty"`

	// The number of seconds that APIC should wait before timing
	// out a subscription on a websocket connection. If not
	// explicitly set, then a default of 1800 seconds will
	// be sent in websocket subscriptions. If it is set to 0,
	// then a timeout will not be sent in websocket
	// subscriptions, and APIC will use it's default timeout
	// of 80 seconds. If set to a non-zero value, then the
	// timeout value will be provided when we subscribe to
	// a URL on APIC. NOTE: the subscription timeout is not
	// supported by APIC versions before 3.2(3), so this
	// value must not be set when used with APIC versions
	// older than that release.
	// Also, note that this is a string.
	ApicRefreshTimer string `json:"apic-refreshtime,omitempty"`

	// Delay in milliseconds after each subscription query
	// Will be defaulted to 100ms.
	ApicSubscriptionDelay int `json:"apic-subscription-delay,omitempty"`

	// How early (seconds) the subscriptions to be refreshed than
	// actual subscription refresh-timeout. Will be defaulted to 150Seconds.
	ApicRefreshTickerAdjust string `json:"apic-refreshticker-adjust,omitempty"`

	// A path for a PEM-encoded private key for client certificate
	// authentication for APIC API
	ApicPrivateKeyPath string `json:"apic-private-key-path,omitempty"`

	// A path for a PEM-encoded public certificate for APIC server to
	// enable secure TLS server verifification
	ApicCertPath string `json:"apic-cert-path,omitempty"`

	// The type of the ACI VMM domain: either "kubernetes",
	// "openshift"
	AciVmmDomainType string `json:"aci-vmm-type,omitempty"`

	// The name of the ACI VMM domain
	AciVmmDomain string `json:"aci-vmm-domain,omitempty"`

	// The name of the ACI VMM domain controller instance
	AciVmmController string `json:"aci-vmm-controller,omitempty"`

	// Name prefix to use when creating policy to avoid namespace
	// collisions
	AciPrefix string `json:"aci-prefix,omitempty"`

	// Tenant to use when creating policy objects in APIC
	AciPolicyTenant string `json:"aci-policy-tenant,omitempty"`

	// Load Balancer Type
	LBType string `json:"lb-type,omitempty"`

	// Physical domain used for service device clusters
	AciServicePhysDom string `json:"aci-service-phys-dom,omitempty"`

	// Encap used for service device clusters
	AciServiceEncap string `json:"aci-service-encap,omitempty"`

	// Time in seconds between service node ICMP probes for more
	// quickly removing failed nodes from service pools
	// 0 (default) means don't monitor
	AciServiceMonitorInterval int `json:"aci-service-monitor-interval,omitempty"`

	// Whether to enable PBR tracking for non-SNAT services
	// when AciServiceMonitorInterval is set to non-zero, PBR tracking
	// is enabled for snat
	AciPbrTrackingNonSnat bool `json:"aci-pbr-tracking-non-snat,omitempty"`

	// The tenants related to AciVrf where BDs/EPGs/Subnets could exist.
	// Usually AciVrfTenant and AciPolicyTenant
	AciVrfRelatedTenants []string `json:"aci-vrf-related-tenants,omitempty"`

	// ACI Pod-BD for this kubernetes instance
	AciPodBdDn string `json:"aci-podbd-dn,omitempty"`

	// ACI Node-BD for this kubernetes instance
	AciNodeBdDn string `json:"aci-nodebd-dn,omitempty"`

	// ACI VRF for this kubernetes instance
	AciVrf string `json:"aci-vrf,omitempty"`

	// ACI VRF for this kubernetes instance
	AciVrfDn string `json:"aci-vrf-dn,omitempty"`

	// Tenant containing the ACI VRF for this kubernetes instance
	AciVrfTenant string `json:"aci-vrf-tenant,omitempty"`

	// L3 out to use for services, service device clusters need to be
	// created in this tenant
	AciL3Out string `json:"aci-l3out,omitempty"`

	// L3 external networks (within the l3out) that will be able to
	// access the service IPs
	AciExtNetworks []string `json:"aci-ext-networks,omitempty"`

	// IP addresses used for pod network
	PodIpPool []ipam.IpRange `json:"pod-ip-pool,omitempty"`

	// The number of IP addresses to allocate when a pod starts to run low
	PodIpPoolChunkSize int `json:"pod-subnet-chunk-size,omitempty"`

	// Pod subnet CIDRs in the form <gateway-address>/<prefix-length> that
	// cover all pod-ip-pools
	PodSubnet []string `json:"pod-subnet,omitempty"`

	// Whether to allocate service IPs or to assume they will be
	// allocated by another controller
	AllocateServiceIps *bool `json:"allocate-service-ips,omitempty"`

	// IP addresses used for externally exposed load balanced services
	ServiceIpPool []ipam.IpRange `json:"service-ip-pool,omitempty"`

	// IP addresses that can be requested as static service IPs in
	// service spec
	StaticServiceIpPool []ipam.IpRange `json:"static-service-ip-pool,omitempty"`

	// IP addresses to use for node service endpoints
	NodeServiceIpPool []ipam.IpRange `json:"node-service-ip-pool,omitempty"`

	// a list of subnet/gateway CIDR addresses that cover the
	// addresses in the node service IP pool
	NodeServiceSubnets []string `json:"node-service-subnets,omitempty"`

	// default port range to use for SNAT svc graph filter
	SnatDefaultPortRangeStart int `json:"snat-default-port-range-start,omitempty"`
	SnatDefaultPortRangeEnd   int `json:"snat-default-port-range-end,omitempty"`

	// Contract scope used for SNAT svc graph
	SnatSvcContractScope string `json:"snat-contract-scope,omitempty"`

	// Maximum number of nodes permitted in a svc graph
	MaxSvcGraphNodes int `json:"max-nodes-svc-graph,omitempty"`

	// Disable routine to sync snatglobalinfo with nodeinfo
	// periodically
	DisablePeriodicSnatGlobalInfoSync bool `json:"disable-periodic-snat-global-info-sync,omitempty"`

	// True when we dont want to wait for service ep to be ready
	// before adding it to service graph
	// Default is false
	NoWaitForServiceEpReadiness bool `json:"no-wait-for-service-ep-readiness,omitempty"`

	ServiceGraphEndpointAddDelay serviceGraphEpAddDelay `json:"service-graph-endpoint-add-delay,omitempty"`
	// True when to add extern_dynamic and extern_static subnets to rdconfig
	// Default is false
	AddExternalSubnetsToRdconfig bool `json:"add-external-subnets-to-rdconfig,omitempty"`

	ExternStatic []string `json:"extern-static,omitempty"`

	ExternDynamic []string `json:"extern-dynamic,omitempty"`

	// Default is false
	HppOptimization bool `json:"hpp-optimization,omitempty"`

	// Default is false
	AciMultipod bool `json:"aci-multipod,omitempty"`

	// If true, enable opflex agent reconnect after vm migration
	// Default is false
	EnableOpflexAgentReconnect bool `json:"enable-opflex-agent-reconnect,omitempty"`

	// Timeout in seconds to wait for reconnect when opflexOdev is diconnected for a node
	// before triggering a dhcp release and renew of vlan interface
	// Applicable only for multipod case
	// default is 5s
	OpflexDeviceReconnectWaitTimeout int `json:"opflex-device-reconnect-wait-timeout,omitempty"`

	// Install Istio ControlPlane components
	InstallIstio bool `json:"install-istio,omitempty"`

	// Maximum CSR tunnels
	MaxCSRTunnels   int `json:"max-csr-tunnels,omitempty"`
	CSRTunnelIDBase int `json:"csr-tunnel-id-base,omitempty"`
	// enable EndpointSlice
	EnabledEndpointSlice bool `json:"enable_endpointslice,omitempty"`

	// Cluster Flavour
	Flavor string `json:"flavor,omitempty"`

	// Enable creation of VmmInjectedLabel, default is false
	EnableVmmInjectedLabels bool `json:"enable-vmm-injected-labels,omitempty"`

	// Timeout to delete old opflex devices
	OpflexDeviceDeleteTimeout float64 `json:"opflex-device-delete-timeout,omitempty"`

	// Configure sleep time for global SNAT sync
	SleepTimeSnatGlobalInfoSync int `json:"sleep-time-snat-global-info-sync,omitempty"`

	// PhysDom for additional networks in chained mode
	AciPhysDom string `json:"aci-phys-dom,omitempty"`

	// CNI is in chained mode
	ChainedMode bool `json:"chained-mode,omitempty"`

	// AEP for additional networks in chained mode
	AciAdditionalAep string `json:"aci-additional-aep,omitempty"`

	//User can provision Static Objects separately, so have a knob
	ReconcileStaticObjects bool `json:"reconcileStaticObjects,omitempty"`

	//In chained mode, global l2 port policy has been configured, so enable shared vlan pool
	AciUseGlobalScopeVlan bool `json:"aci-use-global-scope-vlan,omitempty"`

	// Metrics
	EnableMetrics bool `json:"enable-metrics,omitempty"`
	MetricsPort   int  `json:"metrics-port,omitempty"`

	// Labels to filter nodes from SNAT redirect policy
	NodeSnatRedirectExclude []NodeSnatRedirectExclude `json:"node-snat-redirect-exclude,omitempty"`

	// Application Profile
	AppProfile string `json:"app-profile,omitempty"`

	// Add external contract to default epg (contract is created for LoadBalancer Service type), default is false
	AddExternalContractToDefaultEPG bool `json:"add-external-contract-to-default-epg,omitempty"`

	// Number of times the connection to APIC should be retried before switching to another APIC
	ApicConnectionRetryLimit int `json:"apic-connection-retry-limit,omitempty"`

	// Disable hpp rendering if set to true
	DisableHppRendering bool `json:"disable-hpp-rendering,omitempty"`

	// Enable/disable making node unschedulable when it's not ready
	TaintNotReadyNode bool `json:"taint-not-ready-node,omitempty"`
}

Configuration for the controller

func NewConfig 

func NewConfig() *ControllerConfig

type DelayedEpSlice 

type DelayedEpSlice struct {
	ServiceKey  string
	OldEpSlice  *discovery.EndpointSlice
	NewEpSlice  *discovery.EndpointSlice
	DelayedTime time.Time
}

type EndPointData 

type EndPointData struct {
	MacAddr    string
	EPG        string
	Namespace  string
	AppProfile string
}

EndPointData holds PodIF data in controller.

type Environment 

type Environment interface {
	Init(agent *AciController) error
	PrepareRun(stopCh <-chan struct{}) error
	InitStaticAciObjects()
	NodePodNetworkChanged(nodeName string)
	NodeAnnotationChanged(nodeName string)
	NodeServiceChanged(nodeName string)
	VmmPolicy() string
	OpFlexDeviceType() string
	ServiceBd() string
	RESTConfig() *restclient.Config
}

type K8sEnvironment 

type K8sEnvironment struct {
	// contains filtered or unexported fields
}

func NewK8sEnvironment 

func NewK8sEnvironment(config *ControllerConfig, log *logrus.Logger) (*K8sEnvironment, error)

func (*K8sEnvironment) Init 

func (env *K8sEnvironment) Init(cont *AciController) error

func (*K8sEnvironment) InitStaticAciObjects 

func (env *K8sEnvironment) InitStaticAciObjects()

func (*K8sEnvironment) NodeAnnotationChanged 

func (env *K8sEnvironment) NodeAnnotationChanged(nodeName string)

func (*K8sEnvironment) NodePodNetworkChanged 

func (env *K8sEnvironment) NodePodNetworkChanged(nodeName string)

func (*K8sEnvironment) NodeServiceChanged 

func (env *K8sEnvironment) NodeServiceChanged(nodeName string)

func (*K8sEnvironment) OpFlexDeviceType 

func (env *K8sEnvironment) OpFlexDeviceType() string

func (*K8sEnvironment) PrepareRun 

func (env *K8sEnvironment) PrepareRun(stopCh <-chan struct{}) error

func (*K8sEnvironment) RESTConfig 

func (env *K8sEnvironment) RESTConfig() *restclient.Config

func (*K8sEnvironment) ServiceBd 

func (env *K8sEnvironment) ServiceBd() string

func (*K8sEnvironment) VmmPolicy 

func (env *K8sEnvironment) VmmPolicy() string

type LinkData 

type LinkData struct {
	Link []string
	Pods []string
}

type NfcData 

type NfcData struct {
	Aeps map[string]bool
	Epg  fabattv1.Epg
}

type NodeSnatRedirectExclude 

type NodeSnatRedirectExclude struct {
	Group  string   `json:"group"`
	Labels []string `json:"labels"`
}

type OpflexGroup 

type OpflexGroup struct {
	PolicySpace string `json:"policy-space,omitempty"`
	Name        string `json:"name,omitempty"`
}

type ServiceEndPointType 

type ServiceEndPointType interface {
	InitClientInformer(kubeClient *kubernetes.Clientset)
	Run(stopCh <-chan struct{})
	Wait(stopCh <-chan struct{})
	UpdateServicesForNode(nodename string)
	GetnodesMetadata(key string, service *v1.Service, nodeMap map[string]*metadata.ServiceEndpoint)
	SetServiceApicObject(aobj apicapi.ApicObject, service *v1.Service) bool
	SetNpServiceAugmentForService(servicekey string, service *v1.Service, prs *portRemoteSubnet,
		portAugments map[string]*portServiceAugment, subnetIndex cidranger.Ranger, logger *logrus.Entry)
}

type Severity 

type Severity int

type VersionInfo 

type VersionInfo struct {
	GitCommit string
	BuildTime string
}

Info enlists version and build information

func GetVersion 

func GetVersion() *VersionInfo

Get gets the version information

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.