loadbalancer

package
v1.18.0-pre.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2025 License: Apache-2.0 Imports: 31 Imported by: 37

README

Load-balancing control-plane

This package implements the core load-balancing control-plane. Built on top of StateDB around 3 core tables:

  • Table[*Frontend] (frontends): Service frontends keyed by address, port and protocol. The frontend references backends associated with it. Frontends are what are reconciled to BPF maps.
  • Table[*Service] (services): Service metadata shared by multiple frontends.
  • Table[*Backend] (backends): Backends associated with services.

Modifying the state is done via the Writer API. It ensures consistency and manages the references between services, frontends and backends.

The basic architecture looks as follows:

  [Data source A]       [Data source B]      [Health checker]    
        \                     |                  /   ^     
         ----------------.    v   .--------------   /
                          [Writer]                 /
                         /    |   \               /
              .---------'     v    '------.      /
         [Services]      [Frontends]    [Backends]
                             | ^              |
                             v |              v
                         [Reconciler]    [ L7 proxy (Envoy) ]
                              |
                              v
                          [BPF maps]

The different data sources insert data using Writer.UpsertService, Writer.UpsertFrontend, etc. methods.

The main data source is of course the Kubernetes one which is implemented in reflector.go. It batches up changes to Services and EndpointSlices and commits them periodically so the system can process changes in batches. Kubernetes Services are mapped to a Service object with zero or more Frontends. From EndpointSlices a Backend instance is created. Each Backend object contains a set of instances, one per service that references it.

The BPF reconciler (bpf_reconciler.go) watches the frontend table (service and backend objects are referenced by the frontend object) and reconcile updates towards the BPF maps. The reconciliation status is written back to frontends (Status field).

This architecture enables:

  • Easy addition of new data sources
  • Ability to observe changes to the data at coarse or fine granularity via StateDB watch channels
  • Separation of concerns: the error handling is performed by the reconciler and low-level errors are not bubbled up to data sources (which wouldn't know how to handle it). Readers are not in the critical path.

Source code organization

The core source files are:

  • service.go, frontend.go, backend.go: The struct and table definitions
  • config.go: Configuration structs. Config is the main configuration, ExtConfig bridges from option.DaemonConfig to avoid direct references to it (to be removed eventually) and TestConfig allows tests to tweak the behavior.
  • writer: API for modifying the tables while maintaining cross-table references
  • reconciler: Reconciliation from frontends to BPF maps
  • maps: "LBMaps" wrapper around BPF maps
  • reflectors: Reflects Kubernetes Service, Pod and EndpointSlices to the tables (via Writer)

Inspecting state

State of load-balancing can be inspected via cilium-dbg shell:

  $ kubectl exec -it -n kube-system ds/cilium -- cilium-dbg shell
  ...
  > db/show frontends
  > db/show backends
  > db/show services
  > lb/maps-dump

You can also explore this in the standalone "repl". See repl/main.go.

Testing

The new architecture makes it easier to write integration tests due to the decoupling. An integration test for a data source can depend just on the tables & writer and verify that the tables are correctly populated without having to mock other features or the BPF operations.

An "end-to-end" style test can be found in tests/script_test.go that tests going from Kubernetes objects specified in YAML to the BPF map contents using script tests in testdata. This is the main way of testing the control-plane.

Similar tests can be found from components building on top of load-balancing in redirectpolicy/script_test.go and pkg/ciliumenvoyconfig/script_test.go. For more info on script tests see https://docs.cilium.io/en/latest/contributing/development/hive/#testing-with-hive-script and https://docs.cilium.io/en/latest/contributing/development/statedb/#script-commands.

For quick feedback loop you can use the watch.sh script (in tests/) to run a script test when the txtar file changes.

IMPORTANT: When adding new test cases it's important to stress test to make sure the new test is not flaky. Run stress.sh to run 500 iterations of all tests.

Tests can be executed normally with "go test":

  $ go test ./...

To run the privileged tests that use the real BPF maps:

  $ cd tests
  $ go test -c
  $ PRIVILEGED_TESTS=1 sudo -E ./tests.test -test.run . -test.v -test.count 1

Benchmarking

The benchmark/ directory contains a benchmark testing the throughput and memory usage when going from Kubernetes objects to BPF map contents. Run with go run ./benchmark/cmd. Highly encouraged to use this when doing structural changes or adding additional indexing.

The average result that you can expect is around ~50k per second with ~50 objects allocated per service.

Documentation

Overview

Package loadbalancer contains load-balancing types and tables

Index

Constants

View Source 
const (
	// LBMapEntriesName configures max entries for BPF lbmap.
	LBMapEntriesName = "bpf-lb-map-max"

	// LBServiceMapMaxEntries configures max entries of bpf map for services.
	LBServiceMapMaxEntries = "bpf-lb-service-map-max"

	// LBBackendMapMaxEntries configures max entries of bpf map for service backends.
	LBBackendMapMaxEntries = "bpf-lb-service-backend-map-max"

	// LBRevNatMapMaxEntries configures max entries of bpf map for reverse NAT.
	LBRevNatMapMaxEntries = "bpf-lb-rev-nat-map-max"

	// LBAffinityMapMaxEntries configures max entries of bpf map for session affinity.
	LBAffinityMapMaxEntries = "bpf-lb-affinity-map-max"

	// LBSourceRangeAllTypes configures service source ranges for all service types.
	LBSourceRangeAllTypes = "bpf-lb-source-range-all-types"

	// LBSourceRangeMapMaxEntries configures max entries of bpf map for service source ranges.
	LBSourceRangeMapMaxEntries = "bpf-lb-source-range-map-max"

	// LBMaglevMapMaxEntries configures max entries of bpf map for Maglev.
	LBMaglevMapMaxEntries = "bpf-lb-maglev-map-max"

	// SockRevNatEntriesName configures max entries for BPF sock reverse nat
	// entries.
	LBSockRevNatEntriesName = "bpf-sock-rev-map-max"

	// NodePortRange defines a custom range where to look up NodePort services
	NodePortRange = "node-port-range"

	LBAlgorithmName = "bpf-lb-algorithm"

	// Deprecated option for setting [LBAlgorithm]
	NodePortAlgName = "node-port-algorithm"

	// ExternalClusterIPName is the name of the option to enable
	// cluster external access to ClusterIP services.
	ExternalClusterIPName = "bpf-lb-external-clusterip"

	// AlgorithmAnnotationName tells whether controller should check service
	// level annotation for configuring bpf loadbalancing algorithm.
	AlgorithmAnnotationName = "bpf-lb-algorithm-annotation"

	// EnableHealthCheckNodePort is the name of the EnableHealthCheckNodePort option
	EnableHealthCheckNodePortName = "enable-health-check-nodeport"
)

Configuration option names

View Source 
const (
	// DefaultLBMapMaxEntries is the default size for the load-balancing BPF maps.
	DefaultLBMapMaxEntries = 65536

	// NodePortMinDefault is the minimal port to listen for NodePort requests
	NodePortMinDefault = 30000

	// NodePortMaxDefault is the maximum port to listen for NodePort requests
	NodePortMaxDefault = 32767
)

Configuration option defaults

View Source 
const (
	// LBAlgorithmRandom is for randomly selecting a backend
	LBAlgorithmRandom = "random"

	// LBAlgorithmMaglev is for using maglev consistent hashing for backend selection
	LBAlgorithmMaglev = "maglev"
)
View Source 
const (
	IPFamilyIPv4 = IPFamily(false)
	IPFamilyIPv6 = IPFamily(true)
)
View Source 
const (
	SVCTypeNone          = SVCType("NONE")
	SVCTypeHostPort      = SVCType("HostPort")
	SVCTypeClusterIP     = SVCType("ClusterIP")
	SVCTypeNodePort      = SVCType("NodePort")
	SVCTypeExternalIPs   = SVCType("ExternalIPs")
	SVCTypeLoadBalancer  = SVCType("LoadBalancer")
	SVCTypeLocalRedirect = SVCType("LocalRedirect")
)
View Source 
const (
	SVCTrafficPolicyNone    = SVCTrafficPolicy("NONE")
	SVCTrafficPolicyCluster = SVCTrafficPolicy("Cluster")
	SVCTrafficPolicyLocal   = SVCTrafficPolicy("Local")
)
View Source 
const (
	SVCNatPolicyNone  = SVCNatPolicy("NONE")
	SVCNatPolicyNat46 = SVCNatPolicy("Nat46")
	SVCNatPolicyNat64 = SVCNatPolicy("Nat64")
)
View Source 
const (
	SVCForwardingModeUndef = SVCForwardingMode("undef")
	SVCForwardingModeDSR   = SVCForwardingMode("dsr")
	SVCForwardingModeSNAT  = SVCForwardingMode("snat")
)
View Source 
const (
	SVCSourceRangesPolicyAllow = SVCSourceRangesPolicy("allow")
	SVCSourceRangesPolicyDeny  = SVCSourceRangesPolicy("deny")
)
View Source 
const (
	SVCProxyDelegationNone            = SVCProxyDelegation("none")
	SVCProxyDelegationDelegateIfLocal = SVCProxyDelegation("delegate-if-local")
)
View Source 
const (
	// NONE type.
	NONE = L4Type("NONE")
	// ANY type.
	ANY = L4Type("ANY")
	// TCP type.
	TCP = L4Type("TCP")
	// UDP type.
	UDP = L4Type("UDP")
	// SCTP type.
	SCTP = L4Type("SCTP")
)
View Source 
const (
	// ScopeExternal is the lookup scope for services from outside the node.
	ScopeExternal uint8 = iota
	// ScopeInternal is the lookup scope for services from inside the node.
	ScopeInternal
)
View Source 
const (
	BackendStateActiveFlag = iota
	BackendStateTerminatingFlag
	BackendStateQuarantinedFlag
	BackendStateMaintenanceFlag
)
View Source 
const (
	// TrafficDistributionDefault will ignore any topology aware hints for choosing the backends.
	TrafficDistributionDefault = TrafficDistribution("")

	// TrafficDistributionPreferClose Indicates preference for routing traffic to topologically close backends,
	// that is to backends that are in the same zone.
	TrafficDistributionPreferClose = TrafficDistribution("PreferClose")
)
View Source 
const (
	BackendTableName = "backends"
)
View Source 
const DefaultBackendWeight = 100

DefaultBackendWeight is used when backend weight is not set in ServiceSpec

View Source 
const (
	FrontendTableName = "frontends"
)
View Source 
const (
	ServiceTableName = "services"
)

Variables

View Source 
var (
	BackendByAddress = backendAddrIndex.Query

	BackendByServiceName = backendServiceIndex.Query
)
View Source 
var (
	// ErrServiceNotFound occurs when a frontend is being upserted that refers to
	// a non-existing service.
	ErrServiceNotFound = errors.New("service not found")

	// ErrFrontendConflict occurs when a frontend is being upserted but it already
	// exists and is owned by a different service.
	ErrFrontendConflict = errors.New("frontend already owned by another service")
)
View Source 
var (
	FrontendByAddress = frontendAddressIndex.Query

	FrontendByServiceName = frontendServiceIndex.Query
)
View Source 
var AllProtocols = []L4Type{TCP, UDP, SCTP}

AllProtocols is the list of all supported L4 protocols

View Source 
var ConfigCell = cell.Group(
	cell.Config(DefaultUserConfig),
	cell.Config(DeprecatedConfig{}),
	cell.Provide(

		NewExternalConfig,

		NewConfig,
	),
)

ConfigCell provides the Config and ExternalConfig configurations.

View Source 
var DefaultConfig = Config{
	UserConfig:  DefaultUserConfig,
	NodePortMin: NodePortMinDefault,
	NodePortMax: NodePortMaxDefault,
}
View Source 
var DefaultUserConfig = UserConfig{
	EnableExperimentalLB: true,
	RetryBackoffMin:      50 * time.Millisecond,
	RetryBackoffMax:      time.Minute,
	LBMapEntries:         DefaultLBMapMaxEntries,

	LBServiceMapEntries:     0,
	LBBackendMapEntries:     0,
	LBRevNatEntries:         0,
	LBAffinityMapEntries:    0,
	LBSourceRangeMapEntries: 0,
	LBMaglevMapEntries:      0,

	LBSockRevNatEntries: 0,

	LBSourceRangeAllTypes: false,

	NodePortRange: []string{},
	LBAlgorithm:   LBAlgorithmRandom,

	ExternalClusterIP: false,

	AlgorithmAnnotation: false,

	EnableHealthCheckNodePort: true,
}
View Source 
var (
	ServiceByName = serviceNameIndex.Query
)

Functions

func IsValidBackendState 

func IsValidBackendState(state string) bool

func IsValidStateTransition 

func IsValidStateTransition(old, new BackendState) bool

func L3n4AddrFromString added in v1.17.0 

func L3n4AddrFromString(key string) (index.Key, error)

L3n4AddrFromString constructs a StateDB key by parsing the input in the form of L3n4Addr.String(), e.g. <addr>:<port>/protocol. The input can be partial to construct keys for prefix searches, e.g. "1.2.3.4". This must be kept in sync with Bytes().

func L4TypeAsByte added in v1.17.0 

func L4TypeAsByte(l4 L4Type) byte

func NewBackendsTable added in v1.18.0 

func NewBackendsTable(db *statedb.DB) (statedb.RWTable[*Backend], error)

func NewFrontendsTable added in v1.18.0 

func NewFrontendsTable(cfg Config, db *statedb.DB) (statedb.RWTable[*Frontend], error)

func NewServicesTable added in v1.18.0 

func NewServicesTable(cfg Config, db *statedb.DB) (statedb.RWTable[*Service], error)

Types

type Backend 

type Backend struct {
	Address L3n4Addr

	// Instances of this backend. A backend is always linked to a specific
	// service and the instances may call the backend by different name
	// (PortName) or they may come from  differents sources.
	// Instances may contain multiple [BackendInstance]s per service
	// coming from different sources. The version from the source with the
	// highest priority (smallest uint8) is used. This is needed for smooth
	// transitions when ownership of endpoints is passed between upstream
	// data sources.
	Instances part.Map[BackendInstanceKey, BackendParams]
}

Backend is a composite of the per-service backend instances that share the same IP address and port.

func (*Backend) Clone added in v1.18.0 

func (be *Backend) Clone() *Backend

Clone returns a shallow clone of the backend.

func (*Backend) GetInstance added in v1.18.0 

func (be *Backend) GetInstance(name ServiceName) *BackendParams

func (*Backend) GetInstanceForFrontend added in v1.18.0 

func (be *Backend) GetInstanceForFrontend(fe *Frontend) *BackendParams

func (*Backend) GetInstanceFromSource added in v1.18.0 

func (be *Backend) GetInstanceFromSource(name ServiceName, src source.Source) *BackendParams

func (*Backend) GetInstancesOfService added in v1.18.0 

func (be *Backend) GetInstancesOfService(name ServiceName) iter.Seq2[BackendInstanceKey, BackendParams]

func (*Backend) PreferredInstances added in v1.18.0 

func (be *Backend) PreferredInstances() iter.Seq2[BackendInstanceKey, BackendParams]

func (*Backend) String 

func (be *Backend) String() string

func (*Backend) TableHeader added in v1.18.0 

func (be *Backend) TableHeader() []string

func (*Backend) TableRow added in v1.18.0 

func (be *Backend) TableRow() []string

type BackendID 

type BackendID uint32

BackendID is the backend's ID.

type BackendInstanceKey added in v1.18.0 

type BackendInstanceKey struct {
	ServiceName    ServiceName
	SourcePriority uint8
}

func (BackendInstanceKey) Key added in v1.18.0 

func (k BackendInstanceKey) Key() []byte

type BackendParams added in v1.18.0 

type BackendParams struct {
	Address L3n4Addr

	// PortNames are the optional names for the ports. A frontend can specify which
	// backends to select by port name.
	PortNames []string

	// Weight of backend for load-balancing.
	Weight uint16

	// Node hosting this backend. This is used to determine backends local to
	// a node.
	NodeName string

	// Zone where backend is located.
	Zone string

	// ForZones where this backend should be consumed in
	ForZones []string

	// ClusterID of the cluster in which the backend is located. 0 for local cluster.
	ClusterID uint32

	// Source of the backend.
	Source source.Source

	// State of the backend, e.g. active, quarantined or terminating.
	State BackendState

	// Unhealthy marks a backend as unhealthy and overrides [State] to mark the backend
	// as quarantined. We require a separate field for active health checking to merge
	// with the original source of this backend. Negative is used here to allow the
	// zero value to mean that the backend is healthy.
	Unhealthy bool

	// UnhealthyUpdatedAt is the timestamp for when [Unhealthy] was last updated. Zero
	// value if never updated.
	UnhealthyUpdatedAt time.Time
}

BackendParams defines the parameters of a backend for insertion into the backends table.

type BackendState 

type BackendState uint8

BackendState is the state of a backend for load-balancing service traffic. 

const (
	// BackendStateActive refers to the backend state when it's available for
	// load-balancing traffic. It's the default state for a backend.
	// Backends in this state can be health-checked.
	BackendStateActive BackendState = iota
	// BackendStateTerminating refers to the terminating backend state so that
	// it can be gracefully removed.
	// Backends in this state won't be health-checked.
	BackendStateTerminating
	// BackendStateQuarantined refers to the backend state when it's unreachable,
	// and will not be selected for load-balancing traffic.
	// Backends in this state can be health-checked.
	BackendStateQuarantined
	// BackendStateMaintenance refers to the backend state where the backend
	// is put under maintenance, and will neither be selected for load-balancing
	// traffic nor be health-checked.
	BackendStateMaintenance
	// BackendStateInvalid is an invalid state, and is used to report error conditions.
	// Keep this as the last entry.
	BackendStateInvalid
)

BackendState tracks backend's ability to load-balance service traffic.

Valid transition states for a backend - BackendStateActive -> BackendStateTerminating, BackendStateQuarantined, BackendStateMaintenance BackendStateTerminating -> No valid state transition BackendStateQuarantined -> BackendStateActive, BackendStateTerminating BackendStateMaintenance -> BackendStateActive

Sources setting the states - BackendStateActive - Kubernetes events, service API BackendStateTerminating - Kubernetes events BackendStateQuarantined - service API BackendStateMaintenance - service API

func GetBackendState 

func GetBackendState(state string) (BackendState, error)

func GetBackendStateFromFlags 

func GetBackendStateFromFlags(flags uint8) BackendState

func (BackendState) String 

func (state BackendState) String() (string, error)

type BackendStateFlags 

type BackendStateFlags = uint8

BackendStateFlags is the datapath representation of the backend flags that are used in (lb{4,6}_backend.flags) to store backend state.

func NewBackendFlags 

func NewBackendFlags(state BackendState) BackendStateFlags

type BackendsSeq2 added in v1.18.0 

type BackendsSeq2 iter.Seq2[BackendParams, statedb.Revision]

BackendsSeq2 is an iterator for sequence of backends that is also JSON and YAML marshalable.

func (BackendsSeq2) MarshalJSON added in v1.18.0 

func (s BackendsSeq2) MarshalJSON() ([]byte, error)

func (BackendsSeq2) MarshalYAML added in v1.18.0 

func (s BackendsSeq2) MarshalYAML() (any, error)

type Config added in v1.18.0 

type Config struct {
	UserConfig

	// NodePortMin is the minimum port address for the NodePort range
	NodePortMin uint16

	// NodePortMax is the maximum port address for the NodePort range
	NodePortMax uint16
}

Config for load-balancing +deepequal-gen=true

func NewConfig added in v1.18.0 

func NewConfig(log *slog.Logger, userConfig UserConfig, deprecatedConfig DeprecatedConfig, dcfg *option.DaemonConfig) (cfg Config, err error)

NewConfig takes the user-provided configuration, validates and processes it to produce the final configuration for load-balancing.

func (*Config) DeepEqual added in v1.18.0 

func (in *Config) DeepEqual(other *Config) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

type DeprecatedConfig added in v1.18.0 

type DeprecatedConfig struct {
	// NodePortAlg indicates which backend selection algorithm is used
	// ("random" or "maglev")
	NodePortAlg string `mapstructure:"node-port-algorithm"`
}

func (DeprecatedConfig) Flags added in v1.18.0 

func (DeprecatedConfig) Flags(flags *pflag.FlagSet)

type ExternalConfig added in v1.18.0 

type ExternalConfig struct {
	ZoneMapper

	EnableIPv4, EnableIPv6 bool
	KubeProxyReplacement   bool
}

ExternalConfig are configuration options derived from external sources such as DaemonConfig. This avoids direct access of larger configuration structs.

func NewExternalConfig added in v1.18.0 

func NewExternalConfig(cfg *option.DaemonConfig) ExternalConfig

NewExternalConfig maps the daemon config to ExternalConfig.

type FEPortName 

type FEPortName string

FEPortName is the name of the frontend's port.

type Frontend added in v1.18.0 

type Frontend struct {
	FrontendParams

	// Status is the reconciliation status for this frontend and
	// reflects whether or not the frontend and the associated backends
	// have been reconciled with the BPF maps.
	// Managed by [Writer].
	Status reconciler.Status

	// Backends associated with the frontend.
	Backends BackendsSeq2

	// ID is the identifier allocated to this frontend. Used as the key
	// in the services BPF map. This field is populated by the reconciler
	// and is initially set to zero. It can be considered valid only when
	// [Status] is set to done.
	ID ServiceID

	// RedirectTo if set selects the backends from this service name instead
	// of that of [FrontendParams.ServiceName]. This is used to implement the
	// local redirect policies where traffic going to a specific service/frontend
	// is redirected to a local pod instead.
	RedirectTo *ServiceName

	// Service associated with the frontend. If service is updated
	// this pointer to the service will update as well and the
	// frontend is marked for reconciliation.
	Service *Service `json:"-" yaml:"-"`
}

func (*Frontend) Clone added in v1.18.0 

func (fe *Frontend) Clone() *Frontend

func (*Frontend) TableHeader added in v1.18.0 

func (fe *Frontend) TableHeader() []string

func (*Frontend) TableRow added in v1.18.0 

func (fe *Frontend) TableRow() []string

type FrontendParams added in v1.18.0 

type FrontendParams struct {
	// Frontend address and port
	Address L3n4Addr

	// Service type (e.g. ClusterIP, NodePort, ...)
	Type SVCType

	// Name of the associated service
	ServiceName ServiceName

	// PortName if set will select only backends with matching
	// port name.
	PortName FEPortName

	// ServicePort is the associated "ClusterIP" port of this frontend.
	// Same as [Address.L4Addr.Port] except when [Type] NodePort or
	//  This is used to match frontends with the [Ports] of
	// [Service.ProxyRedirect].
	ServicePort uint16
}

FrontendParams defines the static parameters of a frontend. This is separate from Frontend to clearly separate which fields can be manipulated and which are internally managed by [Writer].

type ID 

type ID uint32

ID is the ID of L3n4Addr endpoint (either service or backend).

type IPFamily added in v1.18.0 

type IPFamily = bool

type L3n4Addr 

type L3n4Addr struct {
	AddrCluster cmtypes.AddrCluster
	L4Addr
	Scope uint8
}

L3n4Addr is used to store, as an unique L3+L4 address in the KVStore. It also includes the lookup scope for frontend addresses which is used in service handling for externalTrafficPolicy=Local and internalTrafficPolicy=Local, that is, Scope{External,Internal}.

+deepequal-gen=true +deepequal-gen:private-method=true +k8s:deepcopy-gen=true

func NewL3n4Addr 

func NewL3n4Addr(protocol L4Type, addrCluster cmtypes.AddrCluster, portNumber uint16, scope uint8) *L3n4Addr

NewL3n4Addr creates a new L3n4Addr.

func NewL3n4AddrFromBackendModel 

func NewL3n4AddrFromBackendModel(base *models.BackendAddress) (*L3n4Addr, error)

func NewL3n4AddrFromModel 

func NewL3n4AddrFromModel(base *models.FrontendAddress) (*L3n4Addr, error)

func (*L3n4Addr) AddrString added in v1.18.0 

func (l *L3n4Addr) AddrString() string

func (L3n4Addr) Bytes added in v1.17.0 

func (l L3n4Addr) Bytes() []byte

Bytes returns the address as a byte slice for indexing purposes. Similar to Hash() but includes the L4 protocol.

func (*L3n4Addr) DeepCopy 

func (in *L3n4Addr) DeepCopy() *L3n4Addr

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L3n4Addr.

func (*L3n4Addr) DeepCopyInto 

func (in *L3n4Addr) DeepCopyInto(out *L3n4Addr)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*L3n4Addr) DeepEqual 

func (l *L3n4Addr) DeepEqual(o *L3n4Addr) bool

DeepEqual returns true if both the receiver and 'o' are deeply equal.

func (*L3n4Addr) GetModel 

func (a *L3n4Addr) GetModel() *models.FrontendAddress

func (L3n4Addr) Hash 

func (a L3n4Addr) Hash() string

Hash calculates a unique string of the L3n4Addr e.g for use as a key in maps. Note: the resulting string is meant to be used as a key for maps and is not readable by a human eye when printed out.

func (*L3n4Addr) IsIPv6 

func (a *L3n4Addr) IsIPv6() bool

IsIPv6 returns true if the IP address in the given L3n4Addr is IPv6 or not.

func (L3n4Addr) MarshalYAML added in v1.18.0 

func (l L3n4Addr) MarshalYAML() (any, error)

func (*L3n4Addr) ParseFromString added in v1.18.0 

func (l *L3n4Addr) ParseFromString(s string) error

func (*L3n4Addr) ProtocolsEqual added in v1.17.0 

func (l *L3n4Addr) ProtocolsEqual(o *L3n4Addr) bool

ProtocolsEqual returns true if protocols match for both L3 and L4.

func (*L3n4Addr) String 

func (a *L3n4Addr) String() string

String returns the L3n4Addr in the "IPv4:Port/Protocol[/Scope]" format for IPv4 and "[IPv6]:Port/Protocol[/Scope]" format for IPv6.

func (*L3n4Addr) StringID 

func (a *L3n4Addr) StringID() string

StringID returns the L3n4Addr as string to be used for unique identification

func (*L3n4Addr) StringWithProtocol 

func (a *L3n4Addr) StringWithProtocol() string

StringWithProtocol returns the L3n4Addr in the "IPv4:Port/Protocol[/Scope]" format for IPv4 and "[IPv6]:Port/Protocol[/Scope]" format for IPv6.

func (*L3n4Addr) UnmarshalYAML added in v1.18.0 

func (l *L3n4Addr) UnmarshalYAML(value *yaml.Node) error

type L3n4AddrID 

type L3n4AddrID struct {
	L3n4Addr
	ID ID
}

L3n4AddrID is used to store, as an unique L3+L4 plus the assigned ID, in the KVStore.

+k8s:deepcopy-gen=true +deepequal-gen=true +deepequal-gen:private-method=true

func NewL3n4AddrID 

func NewL3n4AddrID(protocol L4Type, addrCluster cmtypes.AddrCluster, portNumber uint16, scope uint8, id ID) *L3n4AddrID

NewL3n4AddrID creates a new L3n4AddrID.

func (*L3n4AddrID) DeepCopy 

func (in *L3n4AddrID) DeepCopy() *L3n4AddrID

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L3n4AddrID.

func (*L3n4AddrID) DeepCopyInto 

func (in *L3n4AddrID) DeepCopyInto(out *L3n4AddrID)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*L3n4AddrID) DeepEqual 

func (l *L3n4AddrID) DeepEqual(o *L3n4AddrID) bool

DeepEqual returns true if both the receiver and 'o' are deeply equal.

func (*L3n4AddrID) IsIPv6 

func (l *L3n4AddrID) IsIPv6() bool

IsIPv6 returns true if the IP address in L3n4Addr's L3n4AddrID is IPv6 or not.

type L4Addr 

type L4Addr struct {
	Protocol L4Type
	Port     uint16
}

L4Addr is an abstraction for the backend port with a L4Type, usually tcp or udp, and the Port number.

+k8s:deepcopy-gen=true +deepequal-gen=true +deepequal-gen:private-method=true

func NewL4Addr 

func NewL4Addr(protocol L4Type, number uint16) *L4Addr

NewL4Addr creates a new L4Addr.

func (*L4Addr) DeepCopy 

func (in *L4Addr) DeepCopy() *L4Addr

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4Addr.

func (*L4Addr) DeepCopyInto 

func (in *L4Addr) DeepCopyInto(out *L4Addr)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*L4Addr) DeepEqual 

func (l *L4Addr) DeepEqual(o *L4Addr) bool

DeepEqual returns true if both the receiver and 'o' are deeply equal.

func (*L4Addr) Equals added in v1.5.0 

func (l *L4Addr) Equals(o *L4Addr) bool

Equals returns true if both L4Addr are considered equal.

func (*L4Addr) String added in v1.17.0 

func (l *L4Addr) String() string

String returns a string representation of an L4Addr

type L4Type 

type L4Type = string

L4Type name.

func NewL4Type 

func NewL4Type(name string) (L4Type, error)

func NewL4TypeFromNumber added in v1.17.0 

func NewL4TypeFromNumber(proto uint8) L4Type

type LegacyBackend deprecated 

type LegacyBackend struct {
	// FEPortName is the frontend port name. This is used to filter backends sending to EDS.
	FEPortName string
	// ID of the backend
	ID BackendID
	// Weight of backend
	Weight uint16
	// Node hosting this backend. This is used to determine backends local to
	// a node.
	NodeName string
	// Zone where backend is located.
	ZoneID uint8
	L3n4Addr
	// State of the backend for load-balancing service traffic
	State BackendState
	// Preferred indicates if the healthy backend is preferred
	Preferred Preferred
}

LegacyBackend represents load balancer backend.

Deprecated: Superceded by Backend from the new load-balancer implementation. +k8s:deepcopy-gen=true

func NewBackendWithState deprecated 

func NewBackendWithState(id BackendID, protocol L4Type, addrCluster cmtypes.AddrCluster, portNumber uint16, zone uint8,
	state BackendState) *LegacyBackend

NewBackendWithState creates the Backend struct instance from given params.

Deprecated: Superceded by new load-balancer implementation.

func NewLegacyBackend deprecated 

func NewLegacyBackend(id BackendID, protocol L4Type, addrCluster cmtypes.AddrCluster, portNumber uint16) *LegacyBackend

NewLegacyBackend creates the Backend struct instance from given params. The default state for the returned Backend is BackendStateActive.

Deprecated: Superceded by new load-balancer implementation.

func NewLegacyBackendFromBackendModel deprecated 

func NewLegacyBackendFromBackendModel(base *models.BackendAddress) (*LegacyBackend, error)

Deprecated: Superceded by new load-balancer implementation.

func (*LegacyBackend) DeepCopy 

func (in *LegacyBackend) DeepCopy() *LegacyBackend

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LegacyBackend.

func (*LegacyBackend) DeepCopyInto 

func (in *LegacyBackend) DeepCopyInto(out *LegacyBackend)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LegacyBackend) GetBackendModel 

func (b *LegacyBackend) GetBackendModel() *models.BackendAddress

func (*LegacyBackend) String 

func (b *LegacyBackend) String() string

type LegacySVC deprecated 

type LegacySVC struct {
	Frontend                  L3n4AddrID        // SVC frontend addr and an allocated ID
	Backends                  []*LegacyBackend  // List of service backends
	Type                      SVCType           // Service type
	ForwardingMode            SVCForwardingMode // Service mode (DSR vs SNAT)
	ExtTrafficPolicy          SVCTrafficPolicy  // Service external traffic policy
	IntTrafficPolicy          SVCTrafficPolicy  // Service internal traffic policy
	NatPolicy                 SVCNatPolicy      // Service NAT 46/64 policy
	SourceRangesPolicy        SVCSourceRangesPolicy
	ProxyDelegation           SVCProxyDelegation
	SessionAffinity           bool
	SessionAffinityTimeoutSec uint32
	HealthCheckNodePort       uint16                    // Service health check node port
	Name                      ServiceName               // Fully qualified service name
	LoadBalancerAlgorithm     SVCLoadBalancingAlgorithm // Service LB algorithm (random or maglev)
	LoadBalancerSourceRanges  []*cidr.CIDR
	L7LBProxyPort             uint16 // Non-zero for L7 LB services
	LoopbackHostport          bool
	Annotations               map[string]string
}

LegacySVC is a structure for storing service details.

Deprecated: Superceded by the new load-balancer implementation. New type with similar purpose is Frontend. +k8s:deepcopy-gen=true

func (*LegacySVC) DeepCopy 

func (in *LegacySVC) DeepCopy() *LegacySVC

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LegacySVC.

func (*LegacySVC) DeepCopyInto 

func (in *LegacySVC) DeepCopyInto(out *LegacySVC)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*LegacySVC) GetModel 

func (s *LegacySVC) GetModel() *models.Service

type Preferred 

type Preferred bool

Preferred indicates if this backend is preferred to be load balanced.

type ProxyRedirect added in v1.18.0 

type ProxyRedirect struct {
	ProxyPort uint16

	// Ports if non-empty will only redirect a frontend with a matching port.
	Ports []uint16
}

func (*ProxyRedirect) Equal added in v1.18.0 

func (pr *ProxyRedirect) Equal(other *ProxyRedirect) bool

func (*ProxyRedirect) Redirects added in v1.18.0 

func (pr *ProxyRedirect) Redirects(port uint16) bool

func (*ProxyRedirect) String added in v1.18.0 

func (pr *ProxyRedirect) String() string

type SVCForwardingMode added in v1.17.0 

type SVCForwardingMode string

func ToSVCForwardingMode added in v1.17.0 

func ToSVCForwardingMode(s string) SVCForwardingMode

type SVCLoadBalancingAlgorithm added in v1.17.0 

type SVCLoadBalancingAlgorithm uint8
const (
	SVCLoadBalancingAlgorithmUndef  SVCLoadBalancingAlgorithm = 0
	SVCLoadBalancingAlgorithmRandom SVCLoadBalancingAlgorithm = 1
	SVCLoadBalancingAlgorithmMaglev SVCLoadBalancingAlgorithm = 2
)

func ToSVCLoadBalancingAlgorithm added in v1.17.0 

func ToSVCLoadBalancingAlgorithm(s string) SVCLoadBalancingAlgorithm

func (SVCLoadBalancingAlgorithm) String added in v1.18.0 

func (d SVCLoadBalancingAlgorithm) String() string

type SVCNatPolicy 

type SVCNatPolicy string

SVCNatPolicy defines whether we need NAT46/64 translation for backends

type SVCProxyDelegation added in v1.18.0 

type SVCProxyDelegation string

type SVCSourceRangesPolicy added in v1.17.0 

type SVCSourceRangesPolicy string

type SVCTrafficPolicy 

type SVCTrafficPolicy string

SVCTrafficPolicy defines which backends are chosen

type SVCType 

type SVCType string

SVCType is a type of a service.

type Service added in v1.18.0 

type Service struct {
	// Name is the fully qualified service name, e.g. (<cluster>/)<namespace>/<name>.
	Name ServiceName

	// Source is the data source from which this service was ingested from.
	Source source.Source

	// Labels associated with the service.
	Labels labels.Labels

	// Annotations associated with this service.
	Annotations map[string]string

	// Selector specifies which pods should be associated with this service. If
	// this is empty the backends associated to this service are managed externally
	// and not by Kubernetes.
	Selector map[string]string

	// NatPolicy defines whether we need NAT46/64 translation for backends.
	NatPolicy SVCNatPolicy

	// ExtTrafficPolicy controls how backends are selected for North-South traffic.
	// If set to "Local", only node-local backends are chosen.
	ExtTrafficPolicy SVCTrafficPolicy

	// IntTrafficPolicy controls how backends are selected for East-West traffic.
	// If set to "Local", only node-local backends are chosen.
	IntTrafficPolicy SVCTrafficPolicy

	SessionAffinity        bool
	SessionAffinityTimeout time.Duration

	// ProxyRedirect if non-nil redirects the traffic going to the frontends
	// towards a locally running proxy.
	ProxyRedirect *ProxyRedirect

	// HealthCheckNodePort defines on which port the node runs a HTTP health
	// check server which may be used by external loadbalancers to determine
	// if a node has local backends. This will only have effect if both
	// LoadBalancerIPs is not empty and ExtTrafficPolicy is SVCTrafficPolicyLocal.
	HealthCheckNodePort uint16

	// LoopbackHostPort defines that HostPort frontends for this service should
	// only be exposed internally to the node.
	LoopbackHostPort bool

	// SourceRanges if non-empty will restrict access to the service to the specified
	// client addresses.
	SourceRanges []cidr.CIDR

	// PortNames maps a port name to a port number.
	PortNames map[string]uint16

	// TrafficDistribution if not default will influence how backends are chosen for
	// frontends associated with this service.
	TrafficDistribution TrafficDistribution

	// Properties are additional untyped properties that can carry feature
	// specific metadata about the service.
	Properties part.Map[string, any]
}

Service defines the common properties for a load-balancing service. Associated with a service are a set of frontends that receive the traffic, and a set of backends to which the traffic is directed. A single frontend can map to a partial subset of backends depending on its properties.

func (*Service) Clone added in v1.18.0 

func (svc *Service) Clone() *Service

Clone returns a shallow clone of the service, e.g. for updating a service with UpsertService. Fields that are references (e.g. Labels or Annotations) must be further cloned if mutated.

func (*Service) GetAnnotations added in v1.18.0 

func (svc *Service) GetAnnotations() map[string]string

func (*Service) GetLBAlgorithmAnnotation added in v1.18.0 

func (svc *Service) GetLBAlgorithmAnnotation() SVCLoadBalancingAlgorithm

func (*Service) TableHeader added in v1.18.0 

func (svc *Service) TableHeader() []string

func (*Service) TableRow added in v1.18.0 

func (svc *Service) TableRow() []string

type ServiceFlags 

type ServiceFlags uint16

ServiceFlags is the datapath representation of the service flags that can be used (lb{4,6}_service.flags)

func NewSvcFlag 

func NewSvcFlag(p *SvcFlagParam) ServiceFlags

NewSvcFlag creates service flag

func (ServiceFlags) IsL7LB added in v1.13.14 

func (s ServiceFlags) IsL7LB() bool

func (ServiceFlags) SVCExtTrafficPolicy 

func (s ServiceFlags) SVCExtTrafficPolicy() SVCTrafficPolicy

SVCExtTrafficPolicy returns a service traffic policy from the flags

func (ServiceFlags) SVCIntTrafficPolicy 

func (s ServiceFlags) SVCIntTrafficPolicy() SVCTrafficPolicy

SVCIntTrafficPolicy returns a service traffic policy from the flags

func (ServiceFlags) SVCNatPolicy 

func (s ServiceFlags) SVCNatPolicy(fe L3n4Addr) SVCNatPolicy

SVCNatPolicy returns a service NAT policy from the flags

func (ServiceFlags) SVCSlotQuarantined added in v1.17.0 

func (s ServiceFlags) SVCSlotQuarantined() bool

SVCSlotQuarantined

func (ServiceFlags) SVCType 

func (s ServiceFlags) SVCType() SVCType

SVCType returns a service type from the flags

func (ServiceFlags) String 

func (s ServiceFlags) String() string

String returns the string implementation of ServiceFlags.

func (ServiceFlags) UInt16 

func (s ServiceFlags) UInt16() uint16

UInt8 returns the UInt16 representation of the ServiceFlags.

type ServiceID 

type ServiceID uint16

ServiceID is the service's ID.

type ServiceName 

type ServiceName struct {
	Namespace string
	Name      string
	Cluster   string
}

ServiceName represents the fully-qualified reference to the service by name, including both the namespace and name of the service (and optionally the cluster). +k8s:deepcopy-gen=true

func (ServiceName) AppendSuffix added in v1.18.0 

func (n ServiceName) AppendSuffix(suffix string) ServiceName

func (ServiceName) Compare added in v1.17.0 

func (n ServiceName) Compare(other ServiceName) int

func (*ServiceName) DeepCopy 

func (in *ServiceName) DeepCopy() *ServiceName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceName.

func (*ServiceName) DeepCopyInto 

func (in *ServiceName) DeepCopyInto(out *ServiceName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ServiceName) Equal added in v1.15.15 

func (n *ServiceName) Equal(other ServiceName) bool

func (ServiceName) MarshalYAML added in v1.18.0 

func (m ServiceName) MarshalYAML() (any, error)

func (ServiceName) String 

func (n ServiceName) String() string

func (*ServiceName) UnmarshalYAML added in v1.18.0 

func (m *ServiceName) UnmarshalYAML(value *yaml.Node) error

type SvcFlagParam 

type SvcFlagParam struct {
	SvcType          SVCType
	SvcNatPolicy     SVCNatPolicy
	SvcFwdModeDSR    bool
	SvcExtLocal      bool
	SvcIntLocal      bool
	SessionAffinity  bool
	IsRoutable       bool
	CheckSourceRange bool
	SourceRangeDeny  bool
	L7LoadBalancer   bool
	LoopbackHostport bool
	Quarantined      bool
}

+k8s:deepcopy-gen=true

func (*SvcFlagParam) DeepCopy 

func (in *SvcFlagParam) DeepCopy() *SvcFlagParam

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SvcFlagParam.

func (*SvcFlagParam) DeepCopyInto 

func (in *SvcFlagParam) DeepCopyInto(out *SvcFlagParam)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TestConfig added in v1.18.0 

type TestConfig struct {
	TestFaultProbability float32 `mapstructure:"lb-test-fault-probability"`
}

TestConfig are the configuration options for testing. Only provided by tests and not present in the agent.

func (TestConfig) Flags added in v1.18.0 

func (def TestConfig) Flags(flags *pflag.FlagSet)

type TrafficDistribution added in v1.18.0 

type TrafficDistribution string

type UserConfig added in v1.18.0 

type UserConfig struct {
	EnableExperimentalLB bool          `mapstructure:"enable-experimental-lb"`
	RetryBackoffMin      time.Duration `mapstructure:"lb-retry-backoff-min"`
	RetryBackoffMax      time.Duration `mapstructure:"lb-retry-backoff-max"`

	// LBMapEntries is the maximum number of entries allowed in BPF lbmap.
	LBMapEntries int `mapstructure:"bpf-lb-map-max"`

	// LBServiceMapEntries is the maximum number of entries allowed in BPF lbmap for services.
	LBServiceMapEntries int `mapstructure:"bpf-lb-service-map-max"`

	// LBBackendMapEntries is the maximum number of entries allowed in BPF lbmap for service backends.
	LBBackendMapEntries int `mapstructure:"bpf-lb-service-backend-map-max"`

	// LBRevNatEntries is the maximum number of entries allowed in BPF lbmap for reverse NAT.
	LBRevNatEntries int `mapstructure:"bpf-lb-rev-nat-map-max"`

	// LBAffinityMapEntries is the maximum number of entries allowed in BPF lbmap for session affinities.
	LBAffinityMapEntries int `mapstructure:"bpf-lb-affinity-map-max"`

	// LBSourceRangeAllTypes enables propagation of loadbalancerSourceRanges to all Kubernetes
	// service types which were created from the LoadBalancer service.
	LBSourceRangeAllTypes bool `mapstructure:"bpf-lb-source-range-all-types"`

	// LBSourceRangeMapEntries is the maximum number of entries allowed in BPF lbmap for source ranges.
	LBSourceRangeMapEntries int `mapstructure:"bpf-lb-source-range-map-max"`

	// LBMaglevMapEntries is the maximum number of entries allowed in BPF lbmap for maglev.
	LBMaglevMapEntries int `mapstructure:"bpf-lb-maglev-map-max"`

	// LBSockRevNatEntries is the maximum number of sock rev nat mappings
	// allowed in the BPF rev nat table
	LBSockRevNatEntries int `mapstructure:"bpf-sock-rev-map-max"`

	// NodePortRange is the minimum and maximum ports to use for NodePort
	NodePortRange []string

	// LoadBalancerAlgorithm indicates which backend selection algorithm is used
	// ("random" or "maglev")
	LBAlgorithm string `mapstructure:"bpf-lb-algorithm"`

	// ExternalClusterIP enables routing to ClusterIP services from outside
	// the cluster. This mirrors the behaviour of kube-proxy.
	ExternalClusterIP bool `mapstructure:"bpf-lb-external-clusterip"`

	// AlgorithmAnnotation tells whether controller should check service
	// level annotation for configuring bpf load balancing algorithm.
	AlgorithmAnnotation bool `mapstructure:"bpf-lb-algorithm-annotation"`

	// EnableHealthCheckNodePort enables health checking of NodePort by
	// cilium
	EnableHealthCheckNodePort bool `mapstructure:"enable-health-check-nodeport"`
}

UserConfig is the configuration provided by the user that has not been processed. +deepequal-gen=true

func (*UserConfig) DeepEqual added in v1.18.0 

func (in *UserConfig) DeepEqual(other *UserConfig) bool

DeepEqual is an autogenerated deepequal function, deeply comparing the receiver with other. in must be non-nil.

func (UserConfig) Flags added in v1.18.0 

func (def UserConfig) Flags(flags *pflag.FlagSet)

type ZoneMapper added in v1.18.0 

type ZoneMapper interface {
	GetZoneID(string) uint8
}

Source Files

View all Source files

Directories

Path Synopsis
cmd command
legacy
redirectpolicy
Package redirectpolicy defines an internal representation of the Cilium Local Redirect Policy.
 Package redirectpolicy defines an internal representation of the Cilium Local Redirect Policy.
service
service/healthserver

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.