github.com/cilium/cilium@v1.16.2/pkg/datapath/cells.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package datapath 5 6 import ( 7 "fmt" 8 "log" 9 "log/slog" 10 "path/filepath" 11 12 "github.com/cilium/hive/cell" 13 "github.com/cilium/statedb" 14 15 "github.com/cilium/cilium/pkg/bpf" 16 "github.com/cilium/cilium/pkg/datapath/agentliveness" 17 "github.com/cilium/cilium/pkg/datapath/garp" 18 "github.com/cilium/cilium/pkg/datapath/ipcache" 19 "github.com/cilium/cilium/pkg/datapath/iptables" 20 "github.com/cilium/cilium/pkg/datapath/l2responder" 21 "github.com/cilium/cilium/pkg/datapath/link" 22 linuxdatapath "github.com/cilium/cilium/pkg/datapath/linux" 23 "github.com/cilium/cilium/pkg/datapath/linux/bandwidth" 24 "github.com/cilium/cilium/pkg/datapath/linux/bigtcp" 25 dpcfg "github.com/cilium/cilium/pkg/datapath/linux/config" 26 "github.com/cilium/cilium/pkg/datapath/linux/ipsec" 27 "github.com/cilium/cilium/pkg/datapath/linux/modules" 28 "github.com/cilium/cilium/pkg/datapath/linux/sysctl" 29 "github.com/cilium/cilium/pkg/datapath/linux/utime" 30 "github.com/cilium/cilium/pkg/datapath/loader" 31 "github.com/cilium/cilium/pkg/datapath/orchestrator" 32 "github.com/cilium/cilium/pkg/datapath/prefilter" 33 "github.com/cilium/cilium/pkg/datapath/tables" 34 "github.com/cilium/cilium/pkg/datapath/tunnel" 35 "github.com/cilium/cilium/pkg/datapath/types" 36 "github.com/cilium/cilium/pkg/maps" 37 "github.com/cilium/cilium/pkg/maps/eventsmap" 38 "github.com/cilium/cilium/pkg/maps/nodemap" 39 monitorAgent "github.com/cilium/cilium/pkg/monitor/agent" 40 "github.com/cilium/cilium/pkg/mtu" 41 nodeManager "github.com/cilium/cilium/pkg/node/manager" 42 "github.com/cilium/cilium/pkg/option" 43 wg "github.com/cilium/cilium/pkg/wireguard/agent" 44 wgTypes "github.com/cilium/cilium/pkg/wireguard/types" 45 ) 46 47 // Datapath provides the privileged operations to apply control-plane 48 // decision to the kernel. 49 // 50 // For integration testing a fake counterpart of this module is defined 51 // in pkg/datapath/fake/cells.go. 52 var Cell = cell.Module( 53 "datapath", 54 "Datapath", 55 56 // Provides all BPF Map which are already provided by via hive cell. 57 maps.Cell, 58 59 // Utime synchronizes utime from userspace to datapath via configmap.Map. 60 utime.Cell, 61 62 // The cilium events map, used by the monitor agent. 63 eventsmap.Cell, 64 65 // The monitor agent, which multicasts cilium and agent events to its subscribers. 66 monitorAgent.Cell, 67 68 // The sysctl reconciler to read and write kernel sysctl parameters. 69 sysctl.Cell, 70 71 // The modules manager to search and load kernel modules. 72 modules.Cell, 73 74 // Manages Cilium-specific iptables rules. 75 iptables.Cell, 76 77 cell.Provide( 78 newWireguardAgent, 79 newDatapath, 80 ), 81 82 // Provides the Table[NodeAddress] and the controller that populates it from Table[*Device] 83 tables.NodeAddressCell, 84 85 // Provides the legacy accessor for the above, the NodeAddressing interface. 86 NodeAddressingCell, 87 88 // This cell periodically updates the agent liveness value in configmap.Map to inform 89 // the datapath of the liveness of the agent. 90 agentliveness.Cell, 91 92 // The responder reconciler takes desired state about L3->L2 address translation responses and reconciles 93 // it to the BPF L2 responder map. 94 l2responder.Cell, 95 96 // Gratuitous ARP event processor emits GARP packets on k8s pod creation events. 97 garp.Cell, 98 99 // This cell provides the object used to write the headers for datapath program types. 100 dpcfg.Cell, 101 102 // BIG TCP increases GSO/GRO limits when enabled. 103 bigtcp.Cell, 104 105 // Tunnel protocol configuration and alike. 106 tunnel.Cell, 107 108 // The bandwidth manager provides efficient EDT-based rate-limiting (on Linux). 109 bandwidth.Cell, 110 111 // IPsec cell provides the IPsecKeyCustodian. 112 ipsec.Cell, 113 114 // MTU provides the MTU configuration of the node. 115 mtu.Cell, 116 117 orchestrator.Cell, 118 119 // DevicesController manages the devices and routes tables 120 linuxdatapath.DevicesControllerCell, 121 122 // Synchronizes the userspace ipcache with the corresponding BPF map. 123 ipcache.Cell, 124 125 // Provides the loader, which compiles and loads the datapath programs. 126 loader.Cell, 127 128 // Provides prefilter, a means of configuring XDP pre-filters for DDoS-mitigation. 129 prefilter.Cell, 130 131 // Provides node handler, which handles node events. 132 cell.Provide(linuxdatapath.NewNodeHandler), 133 ) 134 135 func newWireguardAgent(lc cell.Lifecycle, sysctl sysctl.Sysctl) *wg.Agent { 136 var wgAgent *wg.Agent 137 if option.Config.EnableWireguard { 138 if option.Config.EnableIPSec { 139 log.Fatalf("WireGuard (--%s) cannot be used with IPsec (--%s)", 140 option.EnableWireguard, option.EnableIPSecName) 141 } 142 143 var err error 144 privateKeyPath := filepath.Join(option.Config.StateDir, wgTypes.PrivKeyFilename) 145 wgAgent, err = wg.NewAgent(privateKeyPath, sysctl) 146 if err != nil { 147 log.Fatalf("failed to initialize WireGuard: %s", err) 148 } 149 150 lc.Append(cell.Hook{ 151 OnStop: func(cell.HookContext) error { 152 wgAgent.Close() 153 return nil 154 }, 155 }) 156 } else { 157 // Delete WireGuard device from previous run (if such exists) 158 link.DeleteByName(wgTypes.IfaceName) 159 } 160 return wgAgent 161 } 162 163 func newDatapath(params datapathParams) types.Datapath { 164 datapath := linuxdatapath.NewDatapath(linuxdatapath.DatapathParams{ 165 ConfigWriter: params.ConfigWriter, 166 RuleManager: params.IptablesManager, 167 WGAgent: params.WgAgent, 168 NodeMap: params.NodeMap, 169 NodeAddressing: params.NodeAddressing, 170 BWManager: params.BandwidthManager, 171 Loader: params.Loader, 172 NodeManager: params.NodeManager, 173 DB: params.DB, 174 Devices: params.Devices, 175 Orchestrator: params.Orchestrator, 176 NodeHandler: params.NodeHandler, 177 NodeIDHandler: params.NodeIDHandler, 178 NodeNeighbors: params.NodeNeighbors, 179 }) 180 181 params.LC.Append(cell.Hook{ 182 OnStart: func(cell.HookContext) error { 183 if err := linuxdatapath.CheckRequirements(params.Log); err != nil { 184 return fmt.Errorf("requirements failed: %w", err) 185 } 186 187 datapath.NodeIDs().RestoreNodeIDs() 188 return nil 189 }, 190 }) 191 192 return datapath 193 } 194 195 type datapathParams struct { 196 cell.In 197 198 Log *slog.Logger 199 200 LC cell.Lifecycle 201 WgAgent *wg.Agent 202 203 // Force map initialisation before loader. You should not use these otherwise. 204 // Some of the entries in this slice may be nil. 205 BpfMaps []bpf.BpfMap `group:"bpf-maps"` 206 207 NodeMap nodemap.MapV2 208 209 NodeAddressing types.NodeAddressing 210 211 // Depend on DeviceManager to ensure devices have been resolved. 212 // This is required until option.Config.GetDevices() has been removed and 213 // uses of it converted to Table[Device]. 214 DeviceManager *linuxdatapath.DeviceManager 215 DB *statedb.DB 216 Devices statedb.Table[*tables.Device] 217 218 BandwidthManager types.BandwidthManager 219 220 ModulesManager *modules.Manager 221 222 IptablesManager *iptables.Manager 223 224 ConfigWriter types.ConfigWriter 225 226 TunnelConfig tunnel.Config 227 228 Loader types.Loader 229 230 NodeManager nodeManager.NodeManager 231 232 Orchestrator types.Orchestrator 233 234 NodeHandler types.NodeHandler 235 236 NodeIDHandler types.NodeIDHandler 237 238 NodeNeighbors types.NodeNeighbors 239 }