Categorygithub.com/emnify/vpp-agentpluginslinuxnsplugin
package
1.9.0-alpha
Repository: https://github.com/emnify/vpp-agent.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
18
Dependents
0
Files
889 SLOC

# README

Linux namespace plugin

Auxiliary plugin used mainly by other plugins to handle namespaces and microservices.

Namespaces

Agent has full support for Linux network namespaces. It is possible to attach Linux interface into a new, existing or even yet-to-be-created network namespace via the namespace configuration section inside the LinuxInterfaces configuration data model.

Namespace can be referenced in multiple ways. The most low-level link to a namespace is a file descriptor associated with the symbolic link automatically created in the proc filesystem, pointing to the definition of the namespace used by a given process (/proc/<PID>/ns/net) or by a task of a given process (/proc/<PID>/task/<TID>/ns/net). A more common approach to reference namespace is to use just the PID of the process whose namespace we want to attach to, or to create a bind-mount of the symbolic link into /var/run/netns directory and use the filename of that mount. The latter is called named namespace and it is created and managed for example by the ip netns command line tool from the iproute2 package. The advantage of named namespace is that it can outlive the process it was originally created by.

namespace configuration section should be seen as a union of values. First, set the type and then store the reference into the appropriate field (pid vs. name vs microservice). Agent supports both PID-based references as well as named namespaces.

Microservices

Additionally, we provide a non-standard namespace reference, denoted as MICROSERVICE_REF_NS, which is specific to ecosystems with microservices. It is possible to attach interface into the namespace of a container that runs microservice with a given label. To make it even simpler, it is not required to start the microservice before the interface is configured. The agent will postpone interface (re)configuration until the referenced microservice gets launched. Behind the scenes, the agent communicates with the docker daemon to construct and maintain an up-to-date map of microservice labels to PIDs and IDs of their corresponding containers. Whenever a new microservice is detected, all pending interfaces are moved to its namespace.

# Functions

NewNamespaceMgmtCtx creates and returns a new context for management of Linux namespaces.
NewSystemHandler returns new handler.

# Constants

Namespace-related constants.
Namespace-related constants.
Namespace-related constants.
NewMicroservice event type.
Namespace types.
TerminatedMicroservice event type.

# Structs

Microservice is used to store PID and ID of the container running a given microservice.
MicroserviceCtx contains all data required to handle microservice changes.
MicroserviceEvent contains microservice object and event type.
Namespace is a generic representation of typed namespace (interface, arp, etc...).
NamespaceMgmtCtx represents context of an ongoing management of Linux namespaces.
NsHandler is a plugin to handle namespaces and microservices for other linux plugins (ifplugin, l3plugin ...).
SystemHandler implements interfaces.

# Interfaces

Microservices defines all methods needed to manage microservices.
NamespaceAPI defines all methods required for managing namespaces and microservices.
NetlinkNamespace defines method for namespace handling from netlink package.
NetNsNamespace defines method for namespace handling from netns package.
NsConvertor defines common methods to convert namespace types.
NsManagement defines methods to manage namespaces.
OperatingSystem defines all methods calling os package.
Syscall defines methods using low-level operating system primitives.
SystemAPI defines all methods required for managing operating system, system calls and namespaces on system level.