Documentation
¶
Overview ¶
Package ipam handles address allocation management
Index ¶
- Variables
- func NewIPNotAvailableInPoolError(addr netip.Addr) error
- func ParseMultiPoolPreAllocMap(conf map[string]string) (preAllocatePerPool, error)
- type AllocationResult
- type Allocator
- type ENIMultiPoolAllocatorParams
- type ErrIPNotAvailableInPool
- type ErrPoolNotReadyYet
- type Family
- type IPAM
- func (ipam *IPAM) AllocateIP(ip net.IP, owner string, pool Pool) error
- func (ipam *IPAM) AllocateIPString(ipAddr, owner string, pool Pool) error
- func (ipam *IPAM) AllocateIPWithoutSyncUpstream(ip net.IP, owner string, pool Pool) (*AllocationResult, error)
- func (ipam *IPAM) AllocateNext(family, owner string, pool Pool) (ipv4Result, ipv6Result *AllocationResult, err error)
- func (ipam *IPAM) AllocateNextFamily(family Family, owner string, pool Pool) (result *AllocationResult, err error)
- func (ipam *IPAM) AllocateNextFamilyWithoutSyncUpstream(family Family, owner string, pool Pool) (result *AllocationResult, err error)
- func (ipam *IPAM) AllocateNextWithExpiration(family, owner string, pool Pool, timeout time.Duration) (ipv4Result, ipv6Result *AllocationResult, err error)
- func (ipam *IPAM) ConfigureAllocator()
- func (ipam *IPAM) DebugStatus() string
- func (ipam *IPAM) Dump() (allocv4 map[string]string, allocv6 map[string]string, status string)
- func (ipam *IPAM) EndpointCreated(ep *endpoint.Endpoint)
- func (ipam *IPAM) EndpointDeleted(ep *endpoint.Endpoint, conf endpoint.DeleteConfig)
- func (ipam *IPAM) EndpointRestored(ep *endpoint.Endpoint)
- func (ipam *IPAM) ExcludeIP(ip net.IP, owner string, pool Pool)
- func (ipam *IPAM) ReleaseIP(ip net.IP, pool Pool) error
- func (ipam *IPAM) RestoreFinished()
- func (ipam *IPAM) StartExpirationTimer(ip net.IP, pool Pool, timeout time.Duration) (string, error)
- func (ipam *IPAM) StopExpirationTimer(ip net.IP, pool Pool, allocationUUID string) error
- type K8sEventRegister
- type Metadata
- type MtuConfiguration
- type MultiPoolAllocatorParams
- type MultiPoolManagerParams
- type NewIPAMParams
- type Owner
- type Pool
- type SkipMasqueradeForPoolFn
Constants ¶
This section is empty.
Variables ¶
var ( // ErrIPv4Disabled is returned when IPv4 allocation is disabled ErrIPv4Disabled = errors.New("IPv4 allocation disabled") // ErrIPv6Disabled is returned when Ipv6 allocation is disabled ErrIPv6Disabled = errors.New("IPv6 allocation disabled") )
Error definitions
Functions ¶
func NewIPNotAvailableInPoolError ¶
NewIPNotAvailableInPoolError returns an error resprenting the given IP not being available in the IPAM pool.
Types ¶
type AllocationResult ¶
type AllocationResult struct {
// IP is the allocated IP
IP netip.Addr
// IPPoolName is the IPAM pool from which the above IP was allocated from
IPPoolName Pool
// CIDRs is a list of all CIDRs to which the IP has direct access to.
// This is primarily useful if the IP has been allocated out of a VPC
// subnet range and the VPC provides routing to a set of CIDRs in which
// the IP is routable.
CIDRs []netip.Prefix
// PrimaryMAC is the MAC address of the primary interface. This is useful
// when the IP is a secondary address of an interface which is
// represented on the node as a Linux device and all routing of the IP
// must occur through that master interface.
PrimaryMAC string
// GatewayIP is the IP of the gateway which must be used for this IP.
// If the allocated IP is derived from a VPC, then the gateway
// represented the gateway of the VPC or VPC subnet.
GatewayIP netip.Addr
// ExpirationUUID is the UUID of the expiration timer. This field is
// only set if AllocateNextWithExpiration is used.
ExpirationUUID string
// InterfaceNumber is a field for generically identifying an interface.
// This is only useful in ENI mode.
InterfaceNumber string
// SkipMasquerade indicates whether the datapath should avoid masquerading connections from this IP when the cluster is in tunneling mode.
SkipMasquerade bool
}
AllocationResult is the result of an allocation
type Allocator ¶
type Allocator interface {
// Allocate allocates a specific IP or fails
Allocate(addr netip.Addr, owner string, pool Pool) (*AllocationResult, error)
// AllocateWithoutSyncUpstream allocates a specific IP without syncing
// upstream or fails
AllocateWithoutSyncUpstream(addr netip.Addr, owner string, pool Pool) (*AllocationResult, error)
// Release releases a previously allocated IP or fails
Release(addr netip.Addr, pool Pool) error
// AllocateNext allocates the next available IP or fails if no more IPs
// are available
AllocateNext(owner string, pool Pool) (*AllocationResult, error)
// AllocateNextWithoutSyncUpstream allocates the next available IP without syncing
// upstream or fails if no more IPs are available
AllocateNextWithoutSyncUpstream(owner string, pool Pool) (*AllocationResult, error)
// Dump returns a map of all allocated IPs per pool with the IP represented as key in the
// map. Dump must also provide a status one-liner to represent the overall status, e.g.
// number of IPs allocated and overall health information if available.
Dump() (map[Pool]map[string]string, string)
// Capacity returns the total IPAM allocator capacity (not the current
// available).
Capacity() uint64
// RestoreFinished marks the status of restoration as done
RestoreFinished()
}
Allocator is the interface for an IP allocator implementation
type ENIMultiPoolAllocatorParams ¶
type ENIMultiPoolAllocatorParams struct {
Logger *slog.Logger
IPv4Enabled bool
IPv6Enabled bool
CiliumNodeUpdateRate time.Duration
Node agentK8s.LocalCiliumNodeResource
LocalNodeStore *node.LocalNodeStore
CNClient cilium_v2.CiliumNodeInterface
JobGroup job.Group
Conf *option.DaemonConfig
IPMasqAgent *ipmasq.IPMasqAgent
}
ENIMultiPoolAllocatorParams contains the parameters for creating ENI multi-pool allocators.
type ErrIPNotAvailableInPool ¶
type ErrIPNotAvailableInPool struct {
// contains filtered or unexported fields
}
ErrIPNotAvailableInPool represents an error when an IP is not available in the pool.
func (*ErrIPNotAvailableInPool) Error ¶
func (e *ErrIPNotAvailableInPool) Error() string
func (*ErrIPNotAvailableInPool) Is ¶
func (e *ErrIPNotAvailableInPool) Is(target error) bool
Is provides this error type with the logic for use with errors.Is.
type ErrPoolNotReadyYet ¶ added in v1.17.2
type ErrPoolNotReadyYet struct {
// contains filtered or unexported fields
}
func (*ErrPoolNotReadyYet) Error ¶ added in v1.17.2
func (e *ErrPoolNotReadyYet) Error() string
func (*ErrPoolNotReadyYet) Is ¶ added in v1.17.2
func (e *ErrPoolNotReadyYet) Is(err error) bool
type Family ¶
type Family string
Family is the type describing all address families support by the IP allocation manager
func DeriveFamily ¶
DeriveFamily derives the address family of an IP
type IPAM ¶
type IPAM struct {
// contains filtered or unexported fields
}
IPAM is the configuration used for a particular IPAM type.
func (*IPAM) AllocateIP ¶
AllocateIP allocates a IP address.
func (*IPAM) AllocateIPString ¶
AllocateIPString is identical to AllocateIP but takes a string
func (*IPAM) AllocateIPWithoutSyncUpstream ¶
func (ipam *IPAM) AllocateIPWithoutSyncUpstream(ip net.IP, owner string, pool Pool) (*AllocationResult, error)
AllocateIPWithoutSyncUpstream allocates a IP address without syncing upstream.
func (*IPAM) AllocateNext ¶
func (ipam *IPAM) AllocateNext(family, owner string, pool Pool) (ipv4Result, ipv6Result *AllocationResult, err error)
AllocateNext allocates the next available IPv4 and IPv6 address out of the configured address pool. If family is set to "ipv4" or "ipv6", then allocation is limited to the specified address family. If the pool has been drained of addresses, an error will be returned.
func (*IPAM) AllocateNextFamily ¶
func (ipam *IPAM) AllocateNextFamily(family Family, owner string, pool Pool) (result *AllocationResult, err error)
AllocateNextFamily allocates the next IP of the requested address family
func (*IPAM) AllocateNextFamilyWithoutSyncUpstream ¶
func (ipam *IPAM) AllocateNextFamilyWithoutSyncUpstream(family Family, owner string, pool Pool) (result *AllocationResult, err error)
AllocateNextFamilyWithoutSyncUpstream allocates the next IP of the requested address family without syncing upstream
func (*IPAM) AllocateNextWithExpiration ¶
func (ipam *IPAM) AllocateNextWithExpiration(family, owner string, pool Pool, timeout time.Duration) (ipv4Result, ipv6Result *AllocationResult, err error)
AllocateNextWithExpiration is identical to AllocateNext but registers an expiration timer as well. This is identical to using AllocateNext() in combination with StartExpirationTimer()
func (*IPAM) ConfigureAllocator ¶ added in v1.16.0
func (ipam *IPAM) ConfigureAllocator()
ConfigureAllocator initializes the IPAM allocator according to the configuration. As a precondition, the NodeAddressing must be fully initialized - therefore the method must be called after Daemon.WaitForNodeInformation.
func (*IPAM) DebugStatus ¶
DebugStatus implements debug.StatusObject to provide debug status collection ability
func (*IPAM) EndpointCreated ¶ added in v1.18.0
func (*IPAM) EndpointDeleted ¶ added in v1.18.0
func (ipam *IPAM) EndpointDeleted(ep *endpoint.Endpoint, conf endpoint.DeleteConfig)
func (*IPAM) EndpointRestored ¶ added in v1.18.0
func (*IPAM) ExcludeIP ¶
ExcludeIP ensures that a certain IP is never allocated. It is preferred to use this method instead of allocating the IP as the allocation block can change and suddenly cover the IP to be excluded.
func (*IPAM) ReleaseIP ¶
ReleaseIP release a IP address. The pool argument must not be empty, it must be set to the pool name returned by the `Allocate*` functions when the IP was allocated.
func (*IPAM) RestoreFinished ¶ added in v1.19.0
func (ipam *IPAM) RestoreFinished()
RestoreFinished marks the status of restoration as done
func (*IPAM) StartExpirationTimer ¶
StartExpirationTimer installs an expiration timer for a previously allocated IP. Unless StopExpirationTimer is called in time, the IP will be released again after expiration of the specified timeout. The function will return a UUID representing the unique allocation attempt. The same UUID must be passed into StopExpirationTimer again.
This function is to be used as allocation and use of an IP can be controlled by an external entity and that external entity can disappear. Therefore such users should register an expiration timer before returning the IP and then stop the expiration timer when the IP has been used.
func (*IPAM) StopExpirationTimer ¶
StopExpirationTimer will remove the expiration timer for a particular IP. The UUID returned by the symmetric StartExpirationTimer must be provided. The expiration timer will only be removed if the UUIDs match. Releasing an IP will also stop the expiration timer.
type K8sEventRegister ¶
type K8sEventRegister interface {
// K8sEventReceived is called to do metrics accounting for received
// Kubernetes events, as well as calculating timeouts for k8s watcher
// cache sync.
K8sEventReceived(apiGroupResourceName string, scope string, action string, valid, equal bool)
// K8sEventProcessed is called to do metrics accounting for each processed
// Kubernetes event.
K8sEventProcessed(scope string, action string, status bool)
}
K8sEventRegister is used to register and handle events as they are processed by K8s controllers.
type MtuConfiguration ¶
type MtuConfiguration interface {
GetDeviceMTU() int
}
type MultiPoolAllocatorParams ¶
type MultiPoolAllocatorParams struct {
Logger *slog.Logger
IPv4Enabled bool
IPv6Enabled bool
CiliumNodeUpdateRate time.Duration
PreAllocPools map[string]string
Node agentK8s.LocalCiliumNodeResource
LocalNodeStore *node.LocalNodeStore
CNClient cilium_v2.CiliumNodeInterface
JobGroup job.Group
DB *statedb.DB
PodIPPools statedb.Table[podippool.LocalPodIPPool]
OnlyMasqueradeDefaultPool bool
}
type MultiPoolManagerParams ¶ added in v1.19.0
type MultiPoolManagerParams struct {
Logger *slog.Logger
IPv4Enabled bool
IPv6Enabled bool
CiliumNodeUpdateRate time.Duration
PreallocMap preAllocatePerPool
Node agentK8s.LocalCiliumNodeResource
CNClient cilium_v2.CiliumNodeInterface
JobGroup job.Group
PoolsFromResource ciliumv2.PoolsFromResourceFunc
SkipMasqueradeForPool SkipMasqueradeForPoolFn
// AllowFirstLastIPs makes CIDR pools include the first and last IPs.
// Used for ENI prefix delegation where the entire /28 is allocatable.
AllowFirstLastIPs bool
// LinearPreAlloc uses a simple inUse + preAlloc formula for demand
// computation instead of the multi-pool's neededIPCeil rounding. This
// matches the CRD allocator's calculateNeededIPs behavior and allows
// the operator to recover exact usage from the demand signal.
LinearPreAlloc bool
}
type NewIPAMParams ¶ added in v1.19.0
type NewIPAMParams struct {
Logger *slog.Logger
NodeAddressing node.Addressing
AgentConfig *option.DaemonConfig
NodeDiscovery Owner
LocalNodeStore *node.LocalNodeStore
K8sEventReg K8sEventRegister
NodeResource agentK8s.LocalCiliumNodeResource
MTUConfig MtuConfiguration
Clientset client.Clientset
Metadata Metadata
Sysctl sysctl.Sysctl
IPMasqAgent *ipmasq.IPMasqAgent
JobGroup job.Group
DB *statedb.DB
PodIPPools statedb.Table[podippool.LocalPodIPPool]
OnlyMasqueradeDefaultPool bool
}
NewIPAMParams contains the parameters for creating a new IPAM instance.
type Owner ¶
type Owner interface {
// UpdateCiliumNodeResource is called to create/update the CiliumNode
// resource. The function must block until the custom resource has been
// created.
UpdateCiliumNodeResource()
}
Owner is the interface the owner of an IPAM allocator has to implement
type Pool ¶
type Pool string
Pool is the IP pool from which to allocate.
func PoolOrDefault ¶
PoolOrDefault returns the default pool if no pool is specified.
type SkipMasqueradeForPoolFn ¶
SkipMasqueradeForPoolFn is the type of a function that, given a pool returns true if the addresses of that pool should be excluded from masquerading, false otherwise. In case the pool is not found a non-nil error is returned.
Source Files
Directories