本文整理匯總了Golang中github.com/cilium/cilium/pkg/endpoint.Endpoint.PolicyMapPath方法的典型用法代碼示例。如果您正苦於以下問題:Golang Endpoint.PolicyMapPath方法的具體用法?Golang Endpoint.PolicyMapPath怎麽用?Golang Endpoint.PolicyMapPath使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類github.com/cilium/cilium/pkg/endpoint.Endpoint的用法示例。
在下文中一共展示了Endpoint.PolicyMapPath方法的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: regenerateBPF
// regenerateBPF rewrites all headers and updates all BPF maps to reflect the
// specified endpoint.
//
// If endpointSuffix is set, it will be appended to the container directory to
// allow writing to a temporary directory and then atomically rename it.
func (d *Daemon) regenerateBPF(ep *endpoint.Endpoint, lxcDir string) error {
var err error
createdPolicyMap := false
policyMapPath := ep.PolicyMapPath()
// Cleanup on failure
defer func() {
if err != nil {
if createdPolicyMap {
// Remove policy map file only if it was created
// in this update cycle
if ep.Consumable != nil {
ep.Consumable.RemoveMap(ep.PolicyMap)
}
os.RemoveAll(policyMapPath)
ep.PolicyMap = nil
}
// Always remove endpoint directory, if this was a subsequent
// update call, it was the responsibility of the updater to
// to provide an endpoint suffix to not bluntly overwrite the
// existing directory.
os.RemoveAll(lxcDir)
}
}()
if !d.conf.DryMode {
if ep.PolicyMap == nil {
ep.PolicyMap, createdPolicyMap, err = policymap.OpenMap(policyMapPath)
if err != nil {
return err
}
}
}
// Only generate & populate policy map if a seclabel and consumer model is set up
if ep.Consumable != nil {
if !d.conf.DryMode {
ep.Consumable.AddMap(ep.PolicyMap)
}
// The policy is only regenerated but the endpoint is not
// regenerated as we regenerate below anyway.
if err := d.regenerateEndpointPolicy(ep, false); err != nil {
return fmt.Errorf("Unable to regenerate policy for '%s': %s",
ep.PolicyMap.String(), err)
}
}
if err := os.MkdirAll(lxcDir, 0777); err != nil {
return fmt.Errorf("Failed to create endpoint directory: %s", err)
}
geneveOpts, err := writeGeneve(lxcDir, ep)
if err != nil {
return err
}
err = d.writeBPFHeader(lxcDir, ep, geneveOpts)
if err != nil {
return fmt.Errorf("failed to create temporary directory: %s", err)
}
if !d.conf.DryMode {
if err := d.conf.LXCMap.WriteEndpoint(ep); err != nil {
return fmt.Errorf("Unable to update eBPF map: %s", err)
}
args := []string{d.conf.LibDir, d.conf.RunDir, lxcDir, ep.IfName}
out, err := exec.Command(filepath.Join(d.conf.LibDir, "join_ep.sh"), args...).CombinedOutput()
if err != nil {
log.Warningf("Command execution failed: %s", err)
log.Warningf("Command output:\n%s", out)
return fmt.Errorf("error: %q command output: %q", err, out)
}
log.Infof("Command successful:\n%s", out)
}
return nil
}示例2: writeBPFHeader
func (d *Daemon) writeBPFHeader(lxcDir string, ep *endpoint.Endpoint, geneveOpts []byte) error {
headerPath := filepath.Join(lxcDir, common.CHeaderFileName)
f, err := os.Create(headerPath)
if err != nil {
return fmt.Errorf("failed to open file %s for writing: %s", headerPath, err)
}
defer f.Close()
fw := bufio.NewWriter(f)
fmt.Fprint(fw, "/*\n")
if epStr64, err := ep.Base64(); err == nil {
fmt.Fprintf(fw, " * %s%s:%s\n * \n", common.CiliumCHeaderPrefix,
common.Version, epStr64)
} else {
ep.LogStatus(endpoint.Warning, fmt.Sprintf("Unable to create a base64: %s", err))
}
if ep.DockerID == "" {
fmt.Fprintf(fw, " * Docker Network ID: %s\n", ep.DockerNetworkID)
fmt.Fprintf(fw, " * Docker Endpoint ID: %s\n", ep.DockerEndpointID)
} else {
fmt.Fprintf(fw, " * Docker Container ID: %s\n", ep.DockerID)
}
fmt.Fprintf(fw, ""+
" * MAC: %s\n"+
" * IPv6 address: %s\n"+
" * IPv4 address: %s\n"+
" * SecLabelID: %#x\n"+
" * PolicyMap: %s\n"+
" * NodeMAC: %s\n"+
" */\n\n",
ep.LXCMAC, ep.IPv6.String(), ep.IPv4.String(),
ep.SecLabel.ID, path.Base(ep.PolicyMapPath()), ep.NodeMAC)
fw.WriteString("/*\n")
fw.WriteString(" * Labels:\n")
if len(ep.SecLabel.Labels) == 0 {
fmt.Fprintf(fw, " * - %s\n", "(no labels)")
} else {
for _, v := range ep.SecLabel.Labels {
fmt.Fprintf(fw, " * - %s\n", v)
}
}
fw.WriteString(" */\n\n")
fw.WriteString(common.FmtDefineAddress("LXC_MAC", ep.LXCMAC))
fw.WriteString(common.FmtDefineAddress("LXC_IP", ep.IPv6))
if ep.IPv4 != nil {
fmt.Fprintf(fw, "#define LXC_IPV4 %#x\n", binary.BigEndian.Uint32(ep.IPv4))
}
fw.WriteString(common.FmtDefineAddress("NODE_MAC", ep.NodeMAC))
fw.WriteString(common.FmtDefineArray("GENEVE_OPTS", geneveOpts))
fmt.Fprintf(fw, "#define LXC_ID %#x\n", ep.ID)
fmt.Fprintf(fw, "#define LXC_ID_NB %#x\n", common.Swab16(ep.ID))
fmt.Fprintf(fw, "#define SECLABEL_NB %#x\n", common.Swab32(ep.SecLabel.ID))
fmt.Fprintf(fw, "#define SECLABEL %#x\n", ep.SecLabel.ID)
fmt.Fprintf(fw, "#define POLICY_MAP %s\n", path.Base(ep.PolicyMapPath()))
fmt.Fprintf(fw, "#define CT_MAP_SIZE 512000\n")
fmt.Fprintf(fw, "#define CT_MAP6 %s\n", path.Base(common.BPFMapCT6+strconv.Itoa(int(ep.ID))))
fmt.Fprintf(fw, "#define CT_MAP4 %s\n", path.Base(common.BPFMapCT4+strconv.Itoa(int(ep.ID))))
// Always enable L4 and L3 load balancer for now
fw.WriteString("#define LB_L3\n")
fw.WriteString("#define LB_L4\n")
// Endpoint options
fw.WriteString(ep.Opts.GetFmtList())
fw.WriteString("#define LXC_PORT_MAPPINGS ")
for _, m := range ep.PortMap {
// Write mappings directly in network byte order so we don't have
// to convert it in the fast path
fmt.Fprintf(fw, "{%#x,%#x},", common.Swab16(m.From), common.Swab16(m.To))
}
fw.WriteString("\n")
return fw.Flush()
}