github.com/cilium/cilium@v1.16.2/operator/identitygc/cell.go

github.com/cilium/cilium@v1.16.2/operator/identitygc/cell.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package identitygc
     5  
     6  import (
     7  	"fmt"
     8  	"time"
     9  
    10  	"github.com/cilium/hive/cell"
    11  	"github.com/spf13/pflag"
    12  
    13  	"github.com/cilium/cilium/pkg/defaults"
    14  	"github.com/cilium/cilium/pkg/metrics"
    15  )
    16  
    17  const (
    18  	// Interval is the interval in which allocator identities are
    19  	// attempted to be collected
    20  	Interval = "identity-gc-interval"
    21  
    22  	// RateInterval is the interval used for rate limiting the GC of
    23  	// identities.
    24  	RateInterval = "identity-gc-rate-interval"
    25  
    26  	// RateLimit is the maximum identities used for rate limiting the
    27  	// GC of identities.
    28  	RateLimit = "identity-gc-rate-limit"
    29  
    30  	// HeartbeatTimeout is the timeout used to GC identities from k8s
    31  	HeartbeatTimeout = "identity-heartbeat-timeout"
    32  )
    33  
    34  // Cell is a cell that implements a periodic Cilium identities
    35  // garbage collector.
    36  // The GC subscribes to identities events to mark all the related identities
    37  // as alive. If an identity has no activity for a prolonged interval,
    38  // it is first marked for deletion and eventually deleted.
    39  var Cell = cell.Module(
    40  	"k8s-identities-gc",
    41  	"Cilium identities garbage collector",
    42  
    43  	cell.Config(defaultConfig),
    44  
    45  	// Invoke forces the instantiation of the identity gc
    46  	cell.Invoke(registerGC),
    47  
    48  	metrics.Metric(NewMetrics),
    49  )
    50  
    51  // Config contains the configuration for the identity-gc.
    52  type Config struct {
    53  	Interval         time.Duration `mapstructure:"identity-gc-interval"`
    54  	HeartbeatTimeout time.Duration `mapstructure:"identity-heartbeat-timeout"`
    55  
    56  	RateInterval time.Duration `mapstructure:"identity-gc-rate-interval"`
    57  	RateLimit    int64         `mapstructure:"identity-gc-rate-limit"`
    58  }
    59  
    60  var defaultConfig = Config{
    61  	Interval:         defaults.KVstoreLeaseTTL,
    62  	HeartbeatTimeout: 2 * defaults.KVstoreLeaseTTL,
    63  
    64  	RateInterval: time.Minute,
    65  	RateLimit:    2500,
    66  }
    67  
    68  func (def Config) Flags(flags *pflag.FlagSet) {
    69  	flags.Duration(Interval, def.Interval, "GC interval for security identities")
    70  	flags.Duration(HeartbeatTimeout, def.HeartbeatTimeout, "Timeout after which identity expires on lack of heartbeat")
    71  	flags.Duration(RateInterval, def.RateInterval,
    72  		"Interval used for rate limiting the GC of security identities")
    73  	flags.Int64(RateLimit, def.RateLimit,
    74  		fmt.Sprintf("Maximum number of security identities that will be deleted within the %s", RateInterval))
    75  }
    76  
    77  // SharedConfig contains the configuration that is shared between
    78  // this module and others.
    79  // It is a temporary solution meant to avoid polluting this module with a direct
    80  // dependency on global operator and daemon configurations.
    81  type SharedConfig struct {
    82  	// IdentityAllocationMode specifies what mode to use for identity allocation
    83  	IdentityAllocationMode string
    84  	// EnableOperatorManageCIDs enables operator to manage CID by
    85  	// running a CID controller. If enabled, Identity GC cell is
    86  	// then disabled because CID controller takes care of garbage collection.
    87  	EnableOperatorManageCIDs bool
    88  }