Documentation
¶
Overview ¶
This package contains the agent code used to configure the WireGuard tunnel between nodes. The code supports adding and removing peers at run-time and the peer information is retrieved via the CiliumNode object.
Index ¶
- Variables
- type Agent
- func (a *Agent) AllNodeValidateImplementation()
- func (a *Agent) Enabled() bool
- func (a *Agent) IfaceBufferMargins() (uint16, uint16, error)
- func (a *Agent) IfaceIndex() (uint32, error)
- func (a *Agent) Name() string
- func (a *Agent) NodeAdd(newNode nodeTypes.Node) error
- func (a *Agent) NodeDelete(node nodeTypes.Node) error
- func (a *Agent) NodeUpdate(_, newNode nodeTypes.Node) error
- func (a *Agent) NodeValidateImplementation(node nodeTypes.Node) error
- func (a *Agent) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidrCluster cmtypes.PrefixCluster, ...)
- func (a *Agent) Start(cell.HookContext) error
- func (a *Agent) Status(withPeers bool) (*models.WireguardStatus, error)
- func (a *Agent) Stop(cell.HookContext) error
- type Config
- type UserConfig
Constants ¶
This section is empty.
Variables ¶
var Cell = cell.Module( "wireguard-agent", "Manages WireGuard device and peers", cell.Config(defaultUserConfig), cell.Provide(newWireguardAgent, newWireguardConfig), cell.ProvidePrivate(buildConfigFrom), )
Functions ¶
This section is empty.
Types ¶
type Agent ¶
Upon starting, the agent will create the WireGuard tunnel device and the proper routes set. Once restoreFinished() is called, obsolete keys and peers, as well as stale AllowedIPs are removed. updatePeer() inserts or updates the public key of peers discovered via the node manager.
func (*Agent) AllNodeValidateImplementation ¶
func (a *Agent) AllNodeValidateImplementation()
AllNodeValidateImplementation is called to validate the implementation of all nodes in the datapath.
func (*Agent) Enabled ¶ added in v1.19.0
Returns true when enabled. Implements types.WireguardAgent.
func (*Agent) IfaceBufferMargins ¶ added in v1.19.0
IfaceBufferMargins() returns the buffer margins of the Wireguard interface.
func (*Agent) IfaceIndex ¶ added in v1.19.0
IfaceIndex returns the index of the Wireguard interface.
func (*Agent) NodeDelete ¶
NodeDelete is called after a node has been deleted
func (*Agent) NodeUpdate ¶
NmdeUpdate is called when a node definition changes. Both the old and new node definition is provided. NodeUpdate() is never called before NodeAdd() is called for a particular node.
func (*Agent) NodeValidateImplementation ¶
NodeValidateImplementation is called to validate the implementation of the node in the datapath. This function is intended to be run on an interval to ensure that the datapath is consistently converged.
func (*Agent) OnIPIdentityCacheChange ¶
func (a *Agent) OnIPIdentityCacheChange(modType ipcache.CacheModification, cidrCluster cmtypes.PrefixCluster, oldHostIP, newHostIP net.IP, _ *ipcache.Identity, _ ipcache.Identity, _ uint8, _ *ipcache.K8sMetadata, _ uint8)
OnIPIdentityCacheChange implements ipcache.IPIdentityMappingListener
func (*Agent) Start ¶ added in v1.17.0
func (a *Agent) Start(cell.HookContext) error
Start implements cell.HookInterface.
type Config ¶ added in v1.19.0
type Config struct {
UserConfig
StateDir string
EnableIPv4 bool
EnableIPv6 bool
TunnelingEnabled bool
EncryptNode bool
}
Final config of the WireGuard agent.
func (Config) Enabled ¶ added in v1.19.0
Returns true when enabled. Implements types.WireguardConfig.
type UserConfig ¶ added in v1.19.0
type UserConfig struct {
EnableWireguard bool
WireguardTrackAllIPsFallback bool
WireguardPersistentKeepalive time.Duration
NodeEncryptionOptOutLabels string
}
User provided flags.
func (UserConfig) Flags ¶ added in v1.19.0
func (def UserConfig) Flags(flags *pflag.FlagSet)
Source Files