Revision c2b8f48b5326d48a977bb770e3f6d83623610204 authored by Jonny on 27 May 2024, 12:59:44 UTC, committed by André Martins on 17 June 2024, 07:30:25 UTC
Previously, when a cluster ran with native-networking and had multiple zones, it wasn't possible to enable auto direct routes. This caused a bottleneck for same-zone traffic as it always had to be routed through the gw. With this new flag, any direct routes for nodes on different L2 networks will be skipped. Cilium will add routes for nodes on the same L2 and not exit. Fixes: #31124 Signed-off-by: Jonny <jonny@linkpool.io>
1 parent 72ffe0f
identity.go
// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Cilium
package cmd
import (
"github.com/go-openapi/runtime/middleware"
"github.com/cilium/cilium/api/v1/models"
. "github.com/cilium/cilium/api/v1/server/restapi/policy"
"github.com/cilium/cilium/pkg/clustermesh"
"github.com/cilium/cilium/pkg/identity"
"github.com/cilium/cilium/pkg/identity/cache"
"github.com/cilium/cilium/pkg/identity/identitymanager"
identitymodel "github.com/cilium/cilium/pkg/identity/model"
"github.com/cilium/cilium/pkg/k8s/client/clientset/versioned"
"github.com/cilium/cilium/pkg/labels"
"github.com/cilium/cilium/pkg/logging/logfields"
)
func getIdentityHandler(d *Daemon, params GetIdentityParams) middleware.Responder {
log.WithField(logfields.Params, logfields.Repr(params)).Debug("GET /identity request")
identities := []*models.Identity{}
if params.Labels == nil {
// if labels is nil, return all identities from the kvstore
// This is in response to "identity list" command
identities = d.identityAllocator.GetIdentities()
} else {
identity := d.identityAllocator.LookupIdentity(params.HTTPRequest.Context(), labels.NewLabelsFromModel(params.Labels))
if identity == nil {
return NewGetIdentityIDNotFound()
}
identities = append(identities, identitymodel.CreateModel(identity))
}
return NewGetIdentityOK().WithPayload(identities)
}
func getIdentityIDHandler(d *Daemon, params GetIdentityIDParams) middleware.Responder {
c := d.identityAllocator
log.WithField(logfields.Params, logfields.Repr(params)).Debug("GET /identity/<ID> request")
nid, err := identity.ParseNumericIdentity(params.ID)
if err != nil {
return NewGetIdentityIDBadRequest()
}
identity := c.LookupIdentityByID(params.HTTPRequest.Context(), nid)
if identity == nil {
return NewGetIdentityIDNotFound()
}
return NewGetIdentityIDOK().WithPayload(identitymodel.CreateModel(identity))
}
func getIdentityEndpointsHandler(d *Daemon, params GetIdentityEndpointsParams) middleware.Responder {
log.WithField(logfields.Params, logfields.Repr(params)).Debug("GET /identity/endpoints request")
identities := identitymanager.GetIdentityModels()
return NewGetIdentityEndpointsOK().WithPayload(identities)
}
// CachingIdentityAllocator provides an abstraction over the concrete type in
// pkg/identity/cache so that the underlying implementation can be mocked out
// in unit tests.
type CachingIdentityAllocator interface {
cache.IdentityAllocator
clustermesh.RemoteIdentityWatcher
InitIdentityAllocator(versioned.Interface) <-chan struct{}
// RestoreLocalIdentities reads in the checkpointed local allocator state
// from disk and allocates a reference to every previously existing identity.
//
// Once all identity-allocating objects are synchronized (e.g. network policies,
// remote nodes), call ReleaseRestoredIdentities to release the held references.
RestoreLocalIdentities() (map[identity.NumericIdentity]*identity.Identity, error)
// ReleaseRestoredIdentities releases any identities that were restored, reducing their reference
// count and cleaning up as necessary.
ReleaseRestoredIdentities()
Close()
}
Computing file changes ...
