github.com/elfadel/cilium@v1.6.12/pkg/fqdn/doc.go

github.com/elfadel/cilium@v1.6.12/pkg/fqdn/doc.go (about)

     1  // Copyright 2018 Authors of Cilium
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package fqdn handles DNS based policy enforcment. This is expressed via
    16  // ToFQDN rules and implements a DNS polling scheme with DNS lookups
    17  // originating from the Cilium agent.
    18  //
    19  // Note: We add a ToFQDN-UUID label to rules when we process a ToFQDN section.
    20  // This has the source cilium-generated and should not be modified outside
    21  // pkg/fqdn
    22  //
    23  // The poller will update imported policy rules that contain ToFQDN sections
    24  // with matching ToCIDRSet sections (in the same egress rule, thus inheriting
    25  // the same L4/L7 policy). Each CIDR is a fully qualified IP (i.e. a /32 or
    26  // /128) and each IP returned in the DNS lookup creates a corresponding CIDR.
    27  // The package relies on the internal policy logic to return early/trigger no
    28  // regenerations if the policy is not actually different (e.g. a more
    29  // broad/permissive rule already applies to an endpoint so any IP changes are
    30  // irrelevant).
    31  package fqdn