Documentation
¶
Index ¶
- Constants
- func CleanupClusterNode(name string) error
- func CleanupUDNHostIsolation() error
- func DummyMasqueradeIPs() []net.IP
- func DummyNextHopIPs() []net.IP
- func GetUDNMarkChain(pktMark string) string
- func IsCgroup2UnifiedMode() bool
- type BaseNodeNetworkController
- type CommonNodeNetworkControllerInfo
- type DefaultNodeNetworkController
- func (nc *DefaultNodeNetworkController) Init(ctx context.Context) error
- func (oc *DefaultNodeNetworkController) Reconcile(netInfo util.NetInfo) error
- func (nc *DefaultNodeNetworkController) Start(ctx context.Context) error
- func (nc *DefaultNodeNetworkController) Stop()
- func (nc *DefaultNodeNetworkController) WatchEndpointSlices() error
- func (nc *DefaultNodeNetworkController) WatchNamespaces() error
- func (nc *DefaultNodeNetworkController) WatchNodes() error
- type Gateway
- type GatewayInterfaceMismatchError
- type SecondaryNodeNetworkController
- type UDNHostIsolationManager
- type UserDefinedNetworkGateway
- func (g UserDefinedNetworkGateway) AddEgressIP(eip *egressipv1.EgressIP) error
- func (g UserDefinedNetworkGateway) AddEndpointSlice(epSlice *discovery.EndpointSlice) error
- func (udng *UserDefinedNetworkGateway) AddNetwork() error
- func (g UserDefinedNetworkGateway) AddService(svc *corev1.Service) error
- func (udng *UserDefinedNetworkGateway) DelNetwork() error
- func (g UserDefinedNetworkGateway) DeleteEgressIP(eip *egressipv1.EgressIP) error
- func (g UserDefinedNetworkGateway) DeleteEndpointSlice(epSlice *discovery.EndpointSlice) error
- func (g UserDefinedNetworkGateway) DeleteService(svc *corev1.Service) error
- func (g UserDefinedNetworkGateway) GetDefaultPodNetworkAdvertised() bool
- func (g UserDefinedNetworkGateway) GetGatewayBridgeIface() string
- func (g UserDefinedNetworkGateway) GetGatewayIface() string
- func (udng *UserDefinedNetworkGateway) GetNetworkRuleMetadata() string
- func (g UserDefinedNetworkGateway) Init(stopChan <-chan struct{}, wg *sync.WaitGroup) error
- func (udng *UserDefinedNetworkGateway) Reconcile()
- func (g UserDefinedNetworkGateway) SetDefaultGatewayBridgeMAC(macAddr net.HardwareAddr)
- func (g UserDefinedNetworkGateway) SetDefaultPodNetworkAdvertised(isPodNetworkAdvertised bool)
- func (g UserDefinedNetworkGateway) Start() error
- func (g UserDefinedNetworkGateway) SyncEgressIP(eips []interface{}) error
- func (g UserDefinedNetworkGateway) SyncServices(objs []interface{}) error
- func (g UserDefinedNetworkGateway) UpdateEgressIP(oldEIP, newEIP *egressipv1.EgressIP) error
- func (g UserDefinedNetworkGateway) UpdateEndpointSlice(oldEpSlice, newEpSlice *discovery.EndpointSlice) error
- func (g UserDefinedNetworkGateway) UpdateService(old, new *corev1.Service) error
Constants ¶
const (
// udn-isolation chain contains rules for udn isolation from the host side.
UDNIsolationChain = "udn-isolation"
)
const ( // UDNMasqueradeIPRulePriority the priority of the ip routing rules created for masquerade IP address // allocated for every user defined network. UDNMasqueradeIPRulePriority = 2000 )
Variables ¶
This section is empty.
Functions ¶
func CleanupClusterNode ¶
CleanupClusterNode cleans up OVS resources on the k8s node on ovnkube-node daemonset deletion. This is going to be a best effort cleanup.
func CleanupUDNHostIsolation ¶
func CleanupUDNHostIsolation() error
CleanupUDNHostIsolation removes all nftables chains and sets created by UDNHostIsolationManager.
func DummyMasqueradeIPs ¶
DummyMasqueradeIPs returns the fake host masquerade IPs used for service traffic routing. It is used in: br-ex, where we SNAT the traffic destined towards a service IP
func DummyNextHopIPs ¶
DummyNextHopIPs returns the fake next hops used for service traffic routing. It is used in: - br-ex, where we don't really care about the next hop GW in use as traffic is always routed to OVN - OVN, only when there is no default GW as it wouldn't matter since there is no external traffic
func GetUDNMarkChain ¶
GetUDNMarkChain returns the UDN mark chain name
func IsCgroup2UnifiedMode ¶
func IsCgroup2UnifiedMode() bool
this function is copied from github.com/opencontainers/runc/libcontainer/cgroups to avoid extra dependencies.
Types ¶
type BaseNodeNetworkController ¶
type BaseNodeNetworkController struct {
CommonNodeNetworkControllerInfo
// network information
util.ReconcilableNetInfo
// contains filtered or unexported fields
}
BaseNodeNetworkController structure per-network fields and network specific configuration
type CommonNodeNetworkControllerInfo ¶
type CommonNodeNetworkControllerInfo struct {
Kube kube.Interface
// contains filtered or unexported fields
}
func NewCommonNodeNetworkControllerInfo ¶
func NewCommonNodeNetworkControllerInfo(kubeClient clientset.Interface, apbExternalRouteClient adminpolicybasedrouteclientset.Interface, wf factory.NodeWatchFactory, eventRecorder record.EventRecorder, name string, routeManager *routemanager.Controller) *CommonNodeNetworkControllerInfo
NewCommonNodeNetworkControllerInfo creates and returns the base node network controller info
type DefaultNodeNetworkController ¶
type DefaultNodeNetworkController struct {
BaseNodeNetworkController
Gateway Gateway
// contains filtered or unexported fields
}
DefaultNodeNetworkController is the object holder for utilities meant for node management of default network
func NewDefaultNodeNetworkController ¶
func NewDefaultNodeNetworkController(cnnci *CommonNodeNetworkControllerInfo, networkManager networkmanager.Interface, ovsClient client.Client) (*DefaultNodeNetworkController, error)
NewDefaultNodeNetworkController creates a new network controller for node management of the default network
func (*DefaultNodeNetworkController) Init ¶
func (nc *DefaultNodeNetworkController) Init(ctx context.Context) error
Init executes the first steps to start the DefaultNodeNetworkController. It is split from Start() and executed before SecondaryNodeNetworkController (SNNC), to allow SNNC to reference the openflow manager created in Init.
func (*DefaultNodeNetworkController) Reconcile ¶
func (oc *DefaultNodeNetworkController) Reconcile(netInfo util.NetInfo) error
func (*DefaultNodeNetworkController) Start ¶
func (nc *DefaultNodeNetworkController) Start(ctx context.Context) error
Start learns the subnets assigned to it by the master controller and calls the SetupNode script which establishes the logical switch
func (*DefaultNodeNetworkController) Stop ¶
func (nc *DefaultNodeNetworkController) Stop()
Stop gracefully stops the controller deleteLogicalEntities will never be true for default network
func (*DefaultNodeNetworkController) WatchEndpointSlices ¶
func (nc *DefaultNodeNetworkController) WatchEndpointSlices() error
func (*DefaultNodeNetworkController) WatchNamespaces ¶
func (nc *DefaultNodeNetworkController) WatchNamespaces() error
func (*DefaultNodeNetworkController) WatchNodes ¶
func (nc *DefaultNodeNetworkController) WatchNodes() error
type Gateway ¶
type Gateway interface {
informer.ServiceAndEndpointsEventHandler
Init(<-chan struct{}, *sync.WaitGroup) error
Start() error
GetGatewayBridgeIface() string
GetGatewayIface() string
SetDefaultGatewayBridgeMAC(addr net.HardwareAddr)
SetDefaultPodNetworkAdvertised(bool)
Reconcile() error
}
Gateway responds to Service and Endpoint K8s events and programs OVN gateway functionality. It may also spawn threads to ensure the flow tables are kept in sync
type GatewayInterfaceMismatchError ¶
type GatewayInterfaceMismatchError struct {
// contains filtered or unexported fields
}
func (*GatewayInterfaceMismatchError) Error ¶
func (error *GatewayInterfaceMismatchError) Error() string
type SecondaryNodeNetworkController ¶
type SecondaryNodeNetworkController struct {
BaseNodeNetworkController
// contains filtered or unexported fields
}
SecondaryNodeNetworkController structure is the object which holds the controls for starting and reacting upon the watched resources (e.g. pods, endpoints) for secondary network
func NewSecondaryNodeNetworkController ¶
func NewSecondaryNodeNetworkController( cnnci *CommonNodeNetworkControllerInfo, netInfo util.NetInfo, vrfManager *vrfmanager.Controller, ruleManager *iprulemanager.Controller, defaultNetworkGateway Gateway, ) (*SecondaryNodeNetworkController, error)
NewSecondaryNodeNetworkController creates a new OVN controller for creating logical network infrastructure and policy for the given secondary network. It supports layer3, layer2 and localnet topology types.
func (*SecondaryNodeNetworkController) Cleanup ¶
func (nc *SecondaryNodeNetworkController) Cleanup() error
Cleanup cleans up node entities for the given secondary network
func (*SecondaryNodeNetworkController) Reconcile ¶
func (nc *SecondaryNodeNetworkController) Reconcile(netInfo util.NetInfo) error
Reconcile function reconciles three entities based on whether UDN network is advertised and the gateway mode: 1. IP rules 2. OpenFlows on br-ex bridge to forward traffic to correct ofports
func (*SecondaryNodeNetworkController) Start ¶
func (nc *SecondaryNodeNetworkController) Start(_ context.Context) error
Start starts the default controller; handles all events and creates all needed logical entities
func (*SecondaryNodeNetworkController) Stop ¶
func (nc *SecondaryNodeNetworkController) Stop()
Stop gracefully stops the controller
type UDNHostIsolationManager ¶
type UDNHostIsolationManager struct {
// contains filtered or unexported fields
}
UDNHostIsolationManager manages the host isolation for user defined networks. It uses nftables chain "udn-isolation" to only allow connection to primary UDN pods from kubelet. It also listens to systemd events to re-apply the rules after kubelet restart as cgroup matching is used.
func NewUDNHostIsolationManager ¶
func NewUDNHostIsolationManager(ipv4, ipv6 bool, podInformer coreinformers.PodInformer, nodeName string, recorder record.EventRecorder) *UDNHostIsolationManager
func (*UDNHostIsolationManager) Start ¶
func (m *UDNHostIsolationManager) Start(ctx context.Context) error
Start must be called on node setup.
func (*UDNHostIsolationManager) Stop ¶
func (m *UDNHostIsolationManager) Stop()
type UserDefinedNetworkGateway ¶
type UserDefinedNetworkGateway struct {
// network information
util.NetInfo
// contains filtered or unexported fields
}
UserDefinedNetworkGateway contains information required to program a UDN at each node's gateway. NOTE: Currently invoked only for primary networks.
func NewUserDefinedNetworkGateway ¶
func NewUserDefinedNetworkGateway(netInfo util.NetInfo, node *corev1.Node, nodeLister listers.NodeLister, kubeInterface kube.Interface, vrfManager *vrfmanager.Controller, ruleManager *iprulemanager.Controller, defaultNetworkGateway Gateway) (*UserDefinedNetworkGateway, error)
func (UserDefinedNetworkGateway) AddEgressIP ¶
func (g UserDefinedNetworkGateway) AddEgressIP(eip *egressipv1.EgressIP) error
func (UserDefinedNetworkGateway) AddEndpointSlice ¶
func (g UserDefinedNetworkGateway) AddEndpointSlice(epSlice *discovery.EndpointSlice) error
func (*UserDefinedNetworkGateway) AddNetwork ¶
func (udng *UserDefinedNetworkGateway) AddNetwork() error
AddNetwork will be responsible to create all plumbings required by this UDN on the gateway side
func (UserDefinedNetworkGateway) AddService ¶
func (*UserDefinedNetworkGateway) DelNetwork ¶
func (udng *UserDefinedNetworkGateway) DelNetwork() error
DelNetwork will be responsible to remove all plumbings used by this UDN on the gateway side. It's considered invalid to call this instance after DelNetwork has returned succesfully.
func (UserDefinedNetworkGateway) DeleteEgressIP ¶
func (g UserDefinedNetworkGateway) DeleteEgressIP(eip *egressipv1.EgressIP) error
func (UserDefinedNetworkGateway) DeleteEndpointSlice ¶
func (g UserDefinedNetworkGateway) DeleteEndpointSlice(epSlice *discovery.EndpointSlice) error
func (UserDefinedNetworkGateway) DeleteService ¶
func (UserDefinedNetworkGateway) GetDefaultPodNetworkAdvertised ¶
func (g UserDefinedNetworkGateway) GetDefaultPodNetworkAdvertised() bool
func (UserDefinedNetworkGateway) GetGatewayBridgeIface ¶
func (g UserDefinedNetworkGateway) GetGatewayBridgeIface() string
func (UserDefinedNetworkGateway) GetGatewayIface ¶
func (g UserDefinedNetworkGateway) GetGatewayIface() string
func (*UserDefinedNetworkGateway) GetNetworkRuleMetadata ¶
func (udng *UserDefinedNetworkGateway) GetNetworkRuleMetadata() string
func (*UserDefinedNetworkGateway) Reconcile ¶
func (udng *UserDefinedNetworkGateway) Reconcile()
func (UserDefinedNetworkGateway) SetDefaultGatewayBridgeMAC ¶
func (g UserDefinedNetworkGateway) SetDefaultGatewayBridgeMAC(macAddr net.HardwareAddr)
SetDefaultGatewayBridgeMAC updates the mac address for the OFM used to render flows with
func (UserDefinedNetworkGateway) SetDefaultPodNetworkAdvertised ¶
func (g UserDefinedNetworkGateway) SetDefaultPodNetworkAdvertised(isPodNetworkAdvertised bool)
func (UserDefinedNetworkGateway) SyncEgressIP ¶
func (g UserDefinedNetworkGateway) SyncEgressIP(eips []interface{}) error
func (UserDefinedNetworkGateway) SyncServices ¶
func (g UserDefinedNetworkGateway) SyncServices(objs []interface{}) error
func (UserDefinedNetworkGateway) UpdateEgressIP ¶
func (g UserDefinedNetworkGateway) UpdateEgressIP(oldEIP, newEIP *egressipv1.EgressIP) error
func (UserDefinedNetworkGateway) UpdateEndpointSlice ¶
func (g UserDefinedNetworkGateway) UpdateEndpointSlice(oldEpSlice, newEpSlice *discovery.EndpointSlice) error
func (UserDefinedNetworkGateway) UpdateService ¶
Source Files
¶
- base_node_network_controller_dpu.go
- default_node_network_controller.go
- gateway.go
- gateway_init.go
- gateway_iptables.go
- gateway_localnet.go
- gateway_nftables.go
- gateway_shared_intf.go
- gateway_udn.go
- healthcheck_node.go
- healthcheck_service.go
- helper_linux.go
- node_ip_handler_linux.go
- node_nftables.go
- obj_retry_gateway.go
- obj_retry_node.go
- obj_retry_test_helper.go
- openflow_manager.go
- port_claim.go
- secondary_node_network_controller.go
- startup-waiter.go
- udn_isolation.go
Directories