Example #1
0
// useK8sNodeCIDR sets the ipv4-range value from the cluster-node-cidr defined in the,
// kube-apiserver.
func (d *Daemon) useK8sNodeCIDR(nodeName string) error {
	if !d.conf.IPv4Enabled {
		return nil
	}
	k8sNode, err := d.k8sClient.Nodes().Get(nodeName)
	if err != nil {
		return err
	}
	if k8sNode.Spec.PodCIDR == "" {
		return fmt.Errorf("Empty PodCIDR defined in kubernetes spec for node %s", nodeName)
	}
	ip, _, err := net.ParseCIDR(k8sNode.Spec.PodCIDR)
	if err != nil {
		return err
	}
	ciliumIPv4, err := addressing.NewCiliumIPv4(ip.String())
	if err != nil {
		return err
	}
	ipv6NodeAddress := d.conf.NodeAddress.IPv6Address.NodeIP().String()
	nodeAddr, err := addressing.NewNodeAddress(ipv6NodeAddress, ciliumIPv4.NodeIP().String(), "")
	if err != nil {
		return err
	}
	log.Infof("Retrieved %s for node %s. Using it for ipv4-range", k8sNode.Spec.PodCIDR, nodeName)
	d.conf.NodeAddress = nodeAddr
	return nil
}
Example #2
0
	"github.com/cilium/cilium/common"
	"github.com/cilium/cilium/common/addressing"
	"github.com/cilium/cilium/pkg/endpoint"
	"github.com/cilium/cilium/pkg/labels"
	"github.com/cilium/cilium/pkg/mac"
	"github.com/cilium/cilium/pkg/option"
	"github.com/cilium/cilium/pkg/policy"

	. "gopkg.in/check.v1"
)

var (
	HardAddr    = mac.MAC{0x01, 0x02, 0x03, 0x04, 0x05, 0x06}
	IPv6Addr, _ = addressing.NewCiliumIPv6("beef:beef:beef:beef:aaaa:aaaa:1111:1112")
	IPv4Addr, _ = addressing.NewCiliumIPv4("10.11.12.13")
)

func (ds *DaemonSuite) TestFindNode(c *C) {
	var nullPtr *policy.Node

	pn := policy.Node{
		Name: "io.cilium",
		Children: map[string]*policy.Node{
			"foo": {},
			"bar": {},
		},
	}

	err := ds.d.PolicyAdd("io.cilium", &pn)
	c.Assert(err, Equals, nil)
Example #3
0
func (s *EndpointSuite) TestDeepCopy(c *C) {
	ipv4, err := addressing.NewCiliumIPv4("127.0.0.1")
	c.Assert(err, IsNil)
	ipv6, err := addressing.NewCiliumIPv6("::1")
	c.Assert(err, IsNil)
	epWant := &Endpoint{
		ID:               12,
		DockerID:         "123",
		DockerNetworkID:  "1234",
		DockerEndpointID: "12345",
		IfName:           "lxcifname",
		LXCMAC:           mac.MAC{1, 2, 3, 4, 5, 6},
		IPv6:             ipv6,
		IPv4:             ipv4,
		IfIndex:          4,
		NodeMAC:          mac.MAC{1, 2, 3, 4, 5, 6},
		NodeIP:           net.ParseIP("192.168.0.1"),
		PortMap:          make([]PortMap, 2),
		Opts:             option.NewBoolOptions(&EndpointOptionLibrary),
	}
	cpy := epWant.DeepCopy()
	c.Assert(*cpy, DeepEquals, *epWant)
	epWant.SecLabel = &labels.SecCtxLabel{
		ID: 1,
		Labels: labels.Labels{
			"io.cilium.kubernetes": labels.NewLabel("io.cilium.kubernetes", "", "cilium"),
		},
		Containers: map[string]time.Time{
			"1234": time.Now(),
		},
	}
	epWant.Consumable = &policy.Consumable{
		ID:        123,
		Iteration: 3,
		Labels:    nil,
		LabelList: []labels.Label{
			*labels.NewLabel("io.cilium.kubernetes", "", "cilium"),
		},
		Maps: map[int]*policymap.PolicyMap{
			0: {},
		},
		Consumers: map[string]*policy.Consumer{
			"foo": policy.NewConsumer(12),
		},
		ReverseRules: map[uint32]*policy.Consumer{
			12: policy.NewConsumer(12),
		},
	}
	epWant.PolicyMap = &policymap.PolicyMap{}
	cpy = epWant.DeepCopy()
	c.Assert(*cpy.SecLabel, DeepEquals, *epWant.SecLabel)
	c.Assert(*cpy.Consumable, DeepEquals, *epWant.Consumable)
	c.Assert(*cpy.PolicyMap, DeepEquals, *epWant.PolicyMap)

	epWant.Consumable.Labels = &labels.SecCtxLabel{
		ID: 1,
		Labels: labels.Labels{
			"io.cilium.kubernetes": labels.NewLabel("io.cilium.kubernetes", "", "cilium"),
		},
		Containers: map[string]time.Time{
			"1234": time.Now(),
		},
	}

	epWant.PolicyMap = &policymap.PolicyMap{}
	cpy = epWant.DeepCopy()

	c.Assert(*cpy.Consumable.Labels, DeepEquals, *epWant.Consumable.Labels)

	cpy.Consumable.Labels.Containers["1234"] = time.Now()
	c.Assert(*cpy.Consumable.Labels, Not(DeepEquals), *epWant.Consumable.Labels)
}