// PutLabels stores to given labels in consul and returns the SecCtxLabels created for
// the given labels.
func (d *Daemon) PutLabels(lbls labels.Labels, contID string) (*labels.SecCtxLabel, bool, error) {
log.Debugf("Resolving labels %+v of %s", lbls, contID)
isNew := false
// Retrieve unique SHA256Sum for labels
sha256Sum, err := lbls.SHA256Sum()
if err != nil {
return nil, false, err
}
lblPath := path.Join(common.LabelsKeyPath, sha256Sum)
// Lock that sha256Sum
lockKey, err := d.kvClient.LockPath(lblPath)
if err != nil {
return nil, false, err
}
defer lockKey.Unlock()
// After lock complete, get label's path
rmsg, err := d.kvClient.GetValue(lblPath)
if err != nil {
return nil, false, err
}
secCtxLbls := labels.NewSecCtxLabel()
if rmsg == nil {
secCtxLbls.Labels = lbls
isNew = true
} else {
if err := json.Unmarshal(rmsg, &secCtxLbls); err != nil {
return nil, false, err
}
// If RefCount is 0 then we have to retrieve a new ID
if secCtxLbls.RefCount() == 0 {
isNew = true
secCtxLbls.Containers = make(map[string]time.Time)
}
}
secCtxLbls.AddOrUpdateContainer(contID)
if isNew {
if err := d.gasNewSecLabelID(secCtxLbls); err != nil {
return nil, false, err
}
} else if err := d.updateSecLabelIDRef(*secCtxLbls); err != nil {
return nil, false, err
}
log.Debugf("Incrementing label %d ref-count to %d\n", secCtxLbls.ID, secCtxLbls.RefCount())
d.AddOrUpdateUINode(secCtxLbls.ID, secCtxLbls.Labels.ToSlice(), secCtxLbls.RefCount())
err = d.kvClient.SetValue(lblPath, secCtxLbls)
return secCtxLbls, isNew, err
}
func (d *Daemon) getFilteredLabels(allLabels map[string]string) labels.Labels {
var ciliumLabels, k8sLabels labels.Labels
if podName := k8sDockerLbls.GetPodName(allLabels); podName != "" {
k8sNormalLabels, err := d.fetchK8sLabels(allLabels)
if err != nil {
log.Warningf("Error while getting kubernetes labels: %s", err)
} else if k8sNormalLabels != nil {
k8sLabels = labels.Map2Labels(k8sNormalLabels, common.K8sLabelSource)
}
}
ciliumLabels = labels.Map2Labels(allLabels, common.CiliumLabelSource)
ciliumLabels.MergeLabels(k8sLabels)
d.conf.ValidLabelPrefixesMU.RLock()
defer d.conf.ValidLabelPrefixesMU.RUnlock()
return d.conf.ValidLabelPrefixes.FilterLabels(ciliumLabels)
}
func (d *Daemon) updateOperationalLabels(dockerID string, dockerCont dTypes.ContainerJSON, newLabels labels.Labels, isProbe bool) (bool, *types.Container, error) {
isNewContainer := false
var (
cont types.Container
epLabelsSHA256 string
)
if ciliumContainer, ok := d.containers[dockerID]; !ok {
isNewContainer = true
cont = types.Container{
ContainerJSON: dockerCont,
OpLabels: labels.OpLabels{
AllLabels: newLabels.DeepCopy(),
UserLabels: labels.Labels{},
ProbeLabels: newLabels.DeepCopy(),
EndpointLabels: newLabels.DeepCopy(),
},
NRetries: 0,
}
} else {
if ciliumContainer.NRetries > maxRetries {
epSHA256Sum, err := ciliumContainer.OpLabels.EndpointLabels.SHA256Sum()
if err != nil {
log.Errorf("Error calculating SHA256Sum of labels %+v: %s", ciliumContainer.OpLabels.EndpointLabels, err)
}
d.DeleteLabelsBySHA256(epSHA256Sum, ciliumContainer.ID)
return isNewContainer, nil, nil
}
ep, err := d.EndpointGetByDockerID(ciliumContainer.ID)
if err == nil && ep == nil {
ciliumContainer.NRetries++
} else {
ciliumContainer.NRetries = 0
}
newLabelsSHA256, err := newLabels.SHA256Sum()
if err != nil {
log.Errorf("Error calculating SHA256Sum of labels %+v: %s", newLabels, err)
}
if isProbe {
probeLabelsSHA256, err := ciliumContainer.OpLabels.ProbeLabels.SHA256Sum()
if err != nil {
log.Errorf("Error calculating SHA256Sum of labels %+v: %s", ciliumContainer.OpLabels.ProbeLabels, err)
}
if probeLabelsSHA256 != newLabelsSHA256 {
isNewContainer = true
epLabelsSHA256, err = ciliumContainer.OpLabels.EndpointLabels.SHA256Sum()
if err != nil {
log.Errorf("Error calculating SHA256Sum of labels %+v: %s", ciliumContainer.OpLabels.EndpointLabels, err)
}
// probe labels have changed
// we need to find out which labels were deleted and added
deletedLabels := ciliumContainer.OpLabels.ProbeLabels.DeepCopy()
for k, v := range newLabels {
if ciliumContainer.OpLabels.ProbeLabels[k] == nil {
tmpLbl1 := *v
tmpLbl2 := *v
ciliumContainer.OpLabels.AllLabels[k] = &tmpLbl1
ciliumContainer.OpLabels.EndpointLabels[k] = &tmpLbl2
} else {
delete(deletedLabels, k)
}
}
for k := range deletedLabels {
delete(ciliumContainer.OpLabels.AllLabels, k)
delete(ciliumContainer.OpLabels.EndpointLabels, k)
}
}
} else {
// If it is not probe then all newLabels will be applied
epLabelsSHA256, err = ciliumContainer.OpLabels.EndpointLabels.SHA256Sum()
if err != nil {
log.Errorf("Error calculating SHA256Sum of labels %+v: %s", ciliumContainer.OpLabels.EndpointLabels, err)
}
if epLabelsSHA256 != newLabelsSHA256 {
isNewContainer = true
ciliumContainer.OpLabels.EndpointLabels = newLabels
}
}
cont = types.Container{
ContainerJSON: dockerCont,
OpLabels: ciliumContainer.OpLabels,
NRetries: ciliumContainer.NRetries,
}
}
if isNewContainer {
if err := d.DeleteLabelsBySHA256(epLabelsSHA256, dockerID); err != nil {
log.Errorf("Error while deleting old labels (%+v) of container %s: %s", epLabelsSHA256, dockerID, err)
}
}
d.containers[dockerID] = &cont
contCpy := cont
return isNewContainer, &contCpy, nil
}