Documentation
¶
Index ¶
- Constants
- Variables
- func NormalizeCloudString(s string) string
- type AWSIPRanges
- type AWSIPv6Prefix
- type AWSPrefix
- type AzureIPRanges
- type AzurePrefixGroup
- type AzurePrefixGroupProperties
- type Cloud
- type ConnectionClass
- type ConnectionFlag
- type ConnectionFlags
- type Environment
- type FlowData
- type GCPIPRanges
- type GCPPrefix
- type GoogleIPRange
- type GoogleIPRanges
- type Labeler
- func (labeler *Labeler) GetNodeByInternalIP(ip string) (*corev1.Node, error)
- func (labeler *Labeler) GetNodeByName(name string) (*corev1.Node, error)
- func (labeler *Labeler) GetPodsByIP(ip string) ([]*corev1.Pod, error)
- func (labeler *Labeler) LabelFlow(node string, flow *pb.Observation_Flow) (*FlowData, error)
- type LabelerInterface
- type RemoteLabeler
Constants ¶
const ( Ingress direction = "ingress" Egress direction = "egress" )
const ( // TCP protocol. IP_PROTO_TCP = 6 // UDP protocol. IP_PROTO_UDP = 17 )
const ( AmazonService = "amazon" AmazonS3 = "s3" AmazonGlobalRegion = "global" GoogleService = "googleservice" GoogleGlobalRegion = "global" AzureStorageService = "azurestorage" AzureGlobalRegion = "global" AzureCloudService = "azurecloud" AzureService = "azureservice" )
Variables ¶
var ErrCannotIdentifykubenetmonirection error = errors.New("cannot identify flow direction")
The flow belongs to a connection between either unknown endpoints or between two endpoints on some other nodes. Maybe this is a connection that was never opened or that is already dying.
Not a problem as long as these warnings don't appear too frequently or more than once for any flow.
This can happen also for pods that were starting up but failed to start, etc. In this case their connections will linger for a bit in conntrack but kubelet will not have information about the pods.
var ErrIPv6Flow error = errors.New("ignoring flows with IPv6 endpoints")
ErrIPv6Flow is returned by LabelFlow when the flow has an IPv6 address for one of its endpoints. We currently don't label such flows for simplicity.
var ErrIgnoredUDPFlow error = errors.New("ignoring UDP flows")
ErrIgnoredUDPFlow is returned if the Labeler is configured to ignore UDP flows.
var ErrInvalidIP error = errors.New("invalid IP")
ErrInvalidIP is returned when an IP from a protobuf message can't be parsed.
var ErrNodeFlow error = errors.New("ignoring flow to or from a node")
ErrNodeFlow is returned by LabelFlow when the flow has a node (or a hostNetwork pod) as one of its endpoints. We ignore such flows because they are difficult disambiguate.
Functions ¶
func NormalizeCloudString ¶
Types ¶
type AWSIPRanges ¶
type AWSIPRanges struct {
SyncToken string `json:"syncToken"`
CreateDate string `json:"createDate"`
Prefixes []AWSPrefix `json:"prefixes"`
IPv6Prefixes []AWSIPv6Prefix `json:"ipv6_prefixes"`
}
AWS IP range structs
type AWSIPv6Prefix ¶
type AzureIPRanges ¶
type AzureIPRanges struct {
ChangeNumber int `json:"changeNumber"`
Cloud string `json:"cloud"`
PrefixGroups []AzurePrefixGroup `json:"values"`
}
Azure IP range structs
type AzurePrefixGroup ¶
type AzurePrefixGroup struct {
Name string `json:"name"`
ID string `json:"id"`
Properties AzurePrefixGroupProperties `json:"properties"`
}
type AzurePrefixGroupProperties ¶
type AzurePrefixGroupProperties struct {
ChangeNumber int `json:"changeNumber"`
Region string `json:"region"`
RegionID int `json:"regionId"`
Platform string `json:"platform"`
SystemService string `json:"systemService"`
AddressPrefixes []string `json:"addressPrefixes"`
NetworkFeatures []string `json:"networkFeatures"`
}
type Cloud ¶
type Cloud string
type ConnectionClass ¶
type ConnectionClass string
const ( Unknown ConnectionClass = "UNKNOWN" IntraVPC ConnectionClass = "INTRA_VPC" IntraRegion ConnectionClass = "INTRA_REGION" InterRegion ConnectionClass = "INTER_REGION" PublicInternet ConnectionClass = "PUBLIC_INTERNET" )
func (ConnectionClass) String ¶
func (c ConnectionClass) String() string
Needed for ClickHouse client to convert the type to string.
type ConnectionFlag ¶
type ConnectionFlag string
ConnectionFlag is a type for keys in the ConnectionFlags map.
const TEST_FLAG ConnectionFlag = "TEST_FLAG"
func (ConnectionFlag) String ¶
func (f ConnectionFlag) String() string
Needed for ClickHouse client to convert the type to string.
type ConnectionFlags ¶
type ConnectionFlags map[ConnectionFlag]bool
func (ConnectionFlags) String ¶
func (m ConnectionFlags) String() string
Needed for ClickHouse client to convert the type to string.
type Environment ¶
type Environment string
const ( Development Environment = "development" Staging Environment = "staging" Production Environment = "production" )
func NewEnvironment ¶
func NewEnvironment(environment string) Environment
NewEnvironment creates and validates the Environment name from a string.
func (Environment) String ¶
func (e Environment) String() string
type FlowData ¶
type FlowData struct {
PacketsIn uint64
BytesIn uint64
PacketsOut uint64
BytesOut uint64
Proto protocol
LocalAvailabilityZone string
LocalNode string
LocalInstanceID string
LocalNamespace string
LocalPod string
LocalIP netip.Addr
LocalPort uint16
LocalApp string
RemoteCloud Cloud
// Remote cloud region. If remote is not a k8s pod that kubenetmon server knows
// of, it will derive it from cloud provider's IP range.
RemoteRegion string
RemoteCluster string
RemoteAvailabilityZone string
RemoteNode string
RemoteInstanceID string
RemoteNamespace string
RemotePod string
RemoteIP netip.Addr
RemotePort uint16
RemoteApp string
// The cloud service that the remote side associates with based on cloud
// provider's IP range, e.g. s3.
RemoteCloudService string
// Classification of the connection.
ConnectionClass ConnectionClass
// Additional flags describing the connection. These can be used for things
// that are only relevant for some clusters or special cases and therefore
// don't make sense to have as dedicated columns.
ConnectionFlags ConnectionFlags
}
FlowdData describes all the information needed for all Prometheus metrics related to a conntrack connection (one flow toward the local pod, one flow out of the local pod).
type GCPIPRanges ¶
type GCPIPRanges struct {
SyncToken string `json:"syncToken"`
CreationTime string `json:"creationTime"`
Prefixes []GCPPrefix `json:"prefixes"`
}
GCP IP Range structs
type GoogleIPRange ¶
type GoogleIPRange struct {
IPv4PrefixStr string `json:"ipv4Prefix,omitempty"`
IPv6PrefixStr string `json:"ipv6Prefix,omitempty"`
}
Google IP range structs
type GoogleIPRanges ¶
type GoogleIPRanges struct {
SyncToken string `json:"syncToken"`
CreationTime string `json:"creationTime"`
Prefixes []GoogleIPRange `json:"prefixes"`
}
type Labeler ¶
type Labeler struct {
// contains filtered or unexported fields
}
Labeler implements LabelerInterface.
func NewLabeler ¶
func NewLabeler(watchers []watcher.WatcherInterface, remoteLabeler *RemoteLabeler, ignoreUDP bool) *Labeler
NewLabeler create a Labeler.
func (*Labeler) GetNodeByInternalIP ¶
func (*Labeler) GetNodeByName ¶
type LabelerInterface ¶
type LabelerInterface interface {
LabelFlow(node string, flow *pb.Observation_Flow) (*FlowData, error)
}
LabelerInterface does flow labeling.
type RemoteLabeler ¶
type RemoteLabeler struct {
// contains filtered or unexported fields
}
RemoteLabeler implements the labeling on remote endpoint based on remote IPs. RemoteLabeler has knowledge about cloud provider IP ranges (GCP, Azure, AWS)
The label that RemoteLabeler could populate are:
- RemoteRegion, in case kubenetmon cannot figure it out based on k8s info
- RemoteCloudService, the cloud services that the remote associates with, e.g. s3
- Classification of the flow
func NewRemoteLabeler ¶
func NewRemoteLabeler(localRegion string, localCloud Cloud, environment Environment) (*RemoteLabeler, error)
Source Files