k8s

package

v0.0.31 Latest Latest Go to latest Published: Apr 15, 2025 License: MIT Imports: 57 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/microsoft/retina

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Start(ctx context.Context, k *watchers.K8sWatcher)
type APIServerEventHandler
type NoOpOrchestrator
type NoOpPolicyRepository

Constants ¶

View Source

const (
	K8sAPIGroupCiliumEndpointV2 = "cilium/v2::CiliumEndpoint"
	K8sAPIGroupServiceV1Core    = "core/v1::Service"
)

Variables ¶

View Source

var Cell = cell.Module(
	"k8s-watcher",
	"Kubernetes watchers needed by the agent",

	daemonk8s.PodTableCell,

	cell.Provide(
		tables.NewDeviceTable,
		statedb.RWTable[*tables.Device].ToTable,
	),

	cell.Invoke(func(db *statedb.DB, t statedb.Table[*tables.Device]) {
		err := db.RegisterTable(t)
		if err != nil {
			logrus.WithError(err).Fatal("Failed to register table")
		}
	}),

	cell.Provide(
		func() resource.Resource[*slim_corev1.Namespace] {
			return &fakeresource[*slim_corev1.Namespace]{}
		},
		func() daemonk8s.LocalNodeResource {
			return &fakeresource[*slim_corev1.Node]{}
		},
		func() daemonk8s.LocalCiliumNodeResource {
			return &fakeresource[*cilium_api_v2.CiliumNode]{}
		},
		func() resource.Resource[*slim_networkingv1.NetworkPolicy] {
			return &fakeresource[*slim_networkingv1.NetworkPolicy]{}
		},
		func() resource.Resource[*cilium_api_v2.CiliumNetworkPolicy] {
			return &fakeresource[*cilium_api_v2.CiliumNetworkPolicy]{}
		},
		func() resource.Resource[*cilium_api_v2.CiliumClusterwideNetworkPolicy] {
			return &fakeresource[*cilium_api_v2.CiliumClusterwideNetworkPolicy]{}
		},
		func() resource.Resource[*cilium_api_v2alpha1.CiliumCIDRGroup] {
			return &fakeresource[*cilium_api_v2alpha1.CiliumCIDRGroup]{}
		},
		func() resource.Resource[*cilium_api_v2alpha1.CiliumEndpointSlice] {
			return &fakeresource[*cilium_api_v2alpha1.CiliumEndpointSlice]{}
		},
		func() resource.Resource[*cilium_api_v2.CiliumNode] {
			return &fakeresource[*cilium_api_v2.CiliumNode]{}
		},
		func() watchers.WatcherConfiguration {
			return &watcherconfig{}
		},
	),

	svcCacheCell,

	metrics.Cell,

	endpointmanager.Cell,

	cell.Provide(func() *policy.Updater {
		return &policy.Updater{}
	}),

	cell.Provide(func() *redirectpolicy.Manager {
		return &redirectpolicy.Manager{}
	}),

	cell.Provide(func() datapath.BandwidthManager {
		return &fakeBandwidthManager{}
	}),

	cell.Provide(func() service.ServiceManager {
		return &service.Service{}
	}),

	cgmngr.Cell,

	cell.Provide(func(lc cell.Lifecycle, cs client.Clientset) (resource.Resource[*k8sTypes.CiliumEndpoint], error) {
		return ciliumk8s.CiliumSlimEndpointResource(ciliumk8s.CiliumResourceParams{
			Lifecycle: lc,
			ClientSet: cs,
		}, nil, func(*metav1.ListOptions) {})
	}),

	cell.Provide(func(l *slog.Logger, lc cell.Lifecycle, cs client.Clientset) (resource.Resource[*ciliumk8s.Endpoints], error) {

		return ciliumk8s.EndpointsResource(l, lc, ciliumk8s.Config{
			EnableK8sEndpointSlice: true,
			K8sServiceProxyName:    "",
		}, cs)
	}),

	cell.Provide(func(lc cell.Lifecycle, cs client.Clientset) (resource.Resource[*slim_corev1.Service], error) {

		return ciliumk8s.ServiceResource(
			lc,
			ciliumk8s.Config{
				EnableK8sEndpointSlice: false,
			},
			cs,
			func(*metav1.ListOptions) {},
		)
	}),

	cell.Provide(
		func() policy.PolicyRepository {
			return &NoOpPolicyRepository{}
		},
		func() datapath.Orchestrator {
			return &NoOpOrchestrator{}
		},
	),

	identitycachecell.Cell,

	cell.Provide(
		func() *ipcache.IPCache {
			alloc := cache.NewCachingIdentityAllocator(
				&identityAllocatorOwner{},
				cache.AllocatorConfig{},
			)
			idAlloc := &cachingIdentityAllocator{
				alloc,
				nil,
			}
			return ipcache.NewIPCache(&ipcache.Configuration{
				Context:           context.Background(),
				IdentityAllocator: idAlloc,
				PolicyHandler:     &policyhandler{},
				DatapathHandler:   &datapathhandler{},
			})
		},
	),

	cell.Provide(func() node.LocalNodeSynchronizer {
		return &nodeSynchronizer{
			l: logrus.WithField("module", "node-synchronizer"),
		}
	}),

	cell.Provide(func() ipset.Manager {
		return &fakeIpsetMgr{}
	}),

	node.LocalNodeStoreCell,

	synced.Cell,
	cell.Provide(newAPIServerEventHandler),

	cell.Provide(func() watchers.ResourceGroupFunc { return watcherResourceGroups }),

	watchers.Cell,

	cell.Invoke(func(a *APIServerEventHandler) {
		ps := pubsub.New()
		fn := pubsub.CallBackFunc(a.handleAPIServerEvent)
		uuid := ps.Subscribe(common.PubSubAPIServer, &fn)
		a.l.WithFields(logrus.Fields{
			"uuid": uuid,
		}).Info("Subscribed to PubSub APIServer")
	}),
)

Functions ¶

func Start ¶

func Start(ctx context.Context, k *watchers.K8sWatcher)

Types ¶

type APIServerEventHandler ¶

type APIServerEventHandler struct {
	// contains filtered or unexported fields
}

type NoOpOrchestrator ¶ added in v0.0.30

type NoOpOrchestrator struct{}

func (*NoOpOrchestrator) EndpointHash ¶ added in v0.0.30

func (n *NoOpOrchestrator) EndpointHash(datapathtypes.EndpointConfiguration) (string, error)

func (*NoOpOrchestrator) Reinitialize ¶ added in v0.0.30

func (n *NoOpOrchestrator) Reinitialize(context.Context) error

func (*NoOpOrchestrator) ReinitializeXDP ¶ added in v0.0.30

func (n *NoOpOrchestrator) ReinitializeXDP(context.Context, []string) error

func (*NoOpOrchestrator) ReloadDatapath ¶ added in v0.0.30

func (n *NoOpOrchestrator) ReloadDatapath(context.Context, datapathtypes.Endpoint, *metrics.SpanStat) (string, error)

func (*NoOpOrchestrator) Unload ¶ added in v0.0.30

func (n *NoOpOrchestrator) Unload(datapathtypes.Endpoint)

func (*NoOpOrchestrator) WriteEndpointConfig ¶ added in v0.0.30

func (n *NoOpOrchestrator) WriteEndpointConfig(io.Writer, datapathtypes.EndpointConfiguration) error

type NoOpPolicyRepository ¶ added in v0.0.30

type NoOpPolicyRepository struct{}

NoOpPolicyRepository is a no-op implementation of the PolicyRepository interface.

func (*NoOpPolicyRepository) BumpRevision ¶ added in v0.0.30

func (n *NoOpPolicyRepository) BumpRevision() uint64

func (*NoOpPolicyRepository) GetAuthTypes ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetAuthTypes(identity.NumericIdentity, identity.NumericIdentity) policy.AuthTypes

func (*NoOpPolicyRepository) GetEnvoyHTTPRules ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetEnvoyHTTPRules(*api.L7Rules, string) (*cilium.HttpNetworkPolicyRules, bool)

func (*NoOpPolicyRepository) GetRevision ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetRevision() uint64

func (*NoOpPolicyRepository) GetRulesList ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetRulesList() *models.Policy

func (*NoOpPolicyRepository) GetSelectorCache ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetSelectorCache() *policy.SelectorCache

func (*NoOpPolicyRepository) GetSelectorPolicy ¶ added in v0.0.30

func (n *NoOpPolicyRepository) GetSelectorPolicy(*identity.Identity, uint64, policy.GetPolicyStatistics, uint64) (policy.SelectorPolicy, uint64, error)

func (*NoOpPolicyRepository) Iterate ¶ added in v0.0.30

func (n *NoOpPolicyRepository) Iterate(func(*api.Rule))

func (*NoOpPolicyRepository) ReplaceByLabels ¶ added in v0.0.30

func (n *NoOpPolicyRepository) ReplaceByLabels(api.Rules, []labels.LabelArray) (affectedIDs *set.Set[identity.NumericIdentity], rev uint64, oldRevCnt int)

func (*NoOpPolicyRepository) ReplaceByResource ¶ added in v0.0.30

func (n *NoOpPolicyRepository) ReplaceByResource(api.Rules, ipcachetypes.ResourceID) (affectedIDs *set.Set[identity.NumericIdentity], rev uint64, oldRevCnt int)

func (*NoOpPolicyRepository) Search ¶ added in v0.0.30

func (n *NoOpPolicyRepository) Search(labels.LabelArray) (r api.Rules, i uint64)

func (*NoOpPolicyRepository) SetEnvoyRulesFunc ¶ added in v0.0.30

func (n *NoOpPolicyRepository) SetEnvoyRulesFunc(func(certificatemanager.SecretManager, *api.L7Rules, string, string) (*cilium.HttpNetworkPolicyRules, bool))

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL