Documentation
¶
Index ¶
- Variables
- type CRDRedirect
- type EnvoyProxyIntegrationConfig
- type Proxy
- func (p *Proxy) ChangeLogLevel(level slog.Level)
- func (p *Proxy) CreateOrUpdateRedirect(ctx context.Context, l4 policy.ProxyPolicy, id string, epID uint16, ...) (uint16, error, revert.RevertFunc)
- func (p *Proxy) GetListenerProxyPort(listener string) uint16
- func (p *Proxy) GetStatusModel() *models.ProxyStatus
- func (p *Proxy) IsSDPEnabled() bool
- func (p *Proxy) ReinstallRoutingRules(ctx context.Context, mtu int, ipsecEnabled, wireguardEnabled bool) error
- func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
- func (p *Proxy) RemoveRedirect(id string)
- func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.EndpointPolicy, ...) (error, func() error)
- func (p *Proxy) UpdateSDP(rules map[identity.NumericIdentity]policy.SelectorPolicy)
- func (p *Proxy) UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.EndpointPolicy, ...)
- type Redirect
- type RedirectImplementation
Constants ¶
This section is empty.
Variables ¶
var Cell = cell.Module( "l7-proxy", "L7 Proxy provides support for L7 network policies", cell.Provide(newProxy), cell.Provide(newEnvoyProxyIntegration), cell.Config(defaultEnvoyProxyIntegrationConfig), cell.Provide(newDNSProxyIntegration), cell.ProvidePrivate(endpoint.NewEndpointInfoRegistry), cell.Provide(proxyports.NewProxyPorts), cell.Config(proxyports.ProxyPortsConfig{}), accesslog.Cell, )
Cell provides the L7 Proxy which provides support for L7 network policies. It is manages the different L7 proxies (Envoy, CoreDNS, ...) and the traffic redirection to them.
Functions ¶
This section is empty.
Types ¶
type CRDRedirect ¶ added in v0.15.7
type CRDRedirect struct {
Redirect
}
Redirect type for custom Listeners, which are managed externally.
func (*CRDRedirect) Close ¶ added in v0.15.7
func (r *CRDRedirect) Close()
func (*CRDRedirect) GetRedirect ¶ added in v1.18.0
func (dr *CRDRedirect) GetRedirect() *Redirect
func (*CRDRedirect) UpdateRules ¶ added in v0.15.7
func (r *CRDRedirect) UpdateRules(rules policy.L7DataMap) (revert.RevertFunc, error)
type EnvoyProxyIntegrationConfig ¶ added in v1.19.0
type EnvoyProxyIntegrationConfig struct {
ProxyUseOriginalSourceAddress bool
}
func (EnvoyProxyIntegrationConfig) Flags ¶ added in v1.19.0
func (def EnvoyProxyIntegrationConfig) Flags(flags *pflag.FlagSet)
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy maintains state about redirects
func (*Proxy) ChangeLogLevel ¶ added in v0.15.7
ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.
func (*Proxy) CreateOrUpdateRedirect ¶
func (p *Proxy) CreateOrUpdateRedirect( ctx context.Context, l4 policy.ProxyPolicy, id string, epID uint16, wg *completion.WaitGroup, ) ( uint16, error, revert.RevertFunc, )
CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated. The proxy listening port is returned, but proxy configuration on that port may still be ongoing asynchronously. Caller should wait for successful completion on 'wg' before assuming the returned proxy port is listening. Caller must call exactly one of the returned functions: - finalizeFunc to make the changes stick, or - revertFunc to cancel the changes. Called with 'localEndpoint' locked for reading!
func (*Proxy) GetListenerProxyPort ¶ added in v1.18.0
func (*Proxy) GetStatusModel ¶ added in v0.15.7
func (p *Proxy) GetStatusModel() *models.ProxyStatus
GetStatusModel returns the proxy status as API model
func (*Proxy) IsSDPEnabled ¶ added in v1.18.1
func (*Proxy) ReinstallRoutingRules ¶ added in v0.15.7
func (p *Proxy) ReinstallRoutingRules(ctx context.Context, mtu int, ipsecEnabled, wireguardEnabled bool) error
ReinstallRoutingRules ensures the presence of routing rules and tables needed to route packets to and from the L7 proxy. Or removes rules if the proxy is disabled.
func (*Proxy) RemoveNetworkPolicy ¶ added in v1.16.0
func (p *Proxy) RemoveNetworkPolicy(ep endpoint.EndpointInfoSource)
func (*Proxy) RemoveRedirect ¶
RemoveRedirect removes an existing redirect that has been successfully created earlier. Called with 'localEndpoint' passed to 'CreateOrUpdateRedirect' locked for writing!
func (*Proxy) UpdateNetworkPolicy ¶ added in v1.6.4
func (p *Proxy) UpdateNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.EndpointPolicy, wg *completion.WaitGroup) (error, func() error)
func (*Proxy) UpdateSDP ¶ added in v1.18.0
func (p *Proxy) UpdateSDP(rules map[identity.NumericIdentity]policy.SelectorPolicy)
func (*Proxy) UseCurrentNetworkPolicy ¶ added in v1.6.4
func (p *Proxy) UseCurrentNetworkPolicy(ep endpoint.EndpointUpdater, policy *policy.EndpointPolicy, wg *completion.WaitGroup)
type Redirect ¶
type Redirect struct {
// contains filtered or unexported fields
}
Redirect is the common static config for each RedirectImplementation
type RedirectImplementation ¶ added in v0.15.7
type RedirectImplementation interface {
// GetRedirect returns the static config of the redirect
GetRedirect() *Redirect
// UpdateRules synchronously updates the rules for the given proxy redirect.
// Note: UpdateRules is not called when a redirect is created.
UpdateRules(rules policy.L7DataMap) (revert.RevertFunc, error)
// Close closes and cleans up resources associated with the redirect
// implementation. The implementation should .Add to the WaitGroup if the
// update is asynchronous and the update should not return until it is
// complete.
Close()
}
RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement
Source Files
Directories