...

Source file src/github.com/chaos-mesh/chaos-mesh/controllers/podnetworkchaos/ipset/ipset.go

Documentation: github.com/chaos-mesh/chaos-mesh/controllers/podnetworkchaos/ipset 

     1  // Copyright 2021 Chaos Mesh Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  // http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  
    16  package ipset
    17  
    18  import (
    19  	"context"
    20  	"fmt"
    21  
    22  	"github.com/pkg/errors"
    23  	v1 "k8s.io/api/core/v1"
    24  	ctrl "sigs.k8s.io/controller-runtime"
    25  
    26  	"github.com/chaos-mesh/chaos-mesh/api/v1alpha1"
    27  	"github.com/chaos-mesh/chaos-mesh/controllers/chaosimpl/utils"
    28  	"github.com/chaos-mesh/chaos-mesh/controllers/podnetworkchaos/netutils"
    29  	chaosdaemonclient "github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/client"
    30  	pb "github.com/chaos-mesh/chaos-mesh/pkg/chaosdaemon/pb"
    31  )
    32  
    33  var log = ctrl.Log.WithName("ipset")
    34  
    35  // BuildIPSets builds IP sets with provided pod ip list.
    36  func BuildIPSets(pods []v1.Pod, externalCidrs []v1alpha1.CidrAndPort, networkchaos *v1alpha1.NetworkChaos, namePostFix string, source string) []v1alpha1.RawIPSet {
    37  	netName := GenerateIPSetName(networkchaos, "net_"+namePostFix)
    38  	netPortName := GenerateIPSetName(networkchaos, "netport_"+namePostFix)
    39  
    40  	cidrs := []string{}
    41  	cidrAndPorts := []v1alpha1.CidrAndPort{}
    42  
    43  	for _, cidr := range externalCidrs {
    44  		if cidr.Port == 0 {
    45  			cidrs = append(cidrs, cidr.Cidr)
    46  		} else {
    47  			cidrAndPorts = append(cidrAndPorts, cidr)
    48  		}
    49  	}
    50  
    51  	for _, pod := range pods {
    52  		if len(pod.Status.PodIP) > 0 {
    53  			cidrs = append(cidrs, netutils.IPToCidr(pod.Status.PodIP))
    54  		}
    55  	}
    56  
    57  	return []v1alpha1.RawIPSet{
    58  		{
    59  			Name:      netName,
    60  			IPSetType: v1alpha1.NetIPSet,
    61  			Cidrs:     cidrs,
    62  			RawRuleSource: v1alpha1.RawRuleSource{
    63  				Source: source,
    64  			},
    65  		},
    66  		{
    67  			Name:         netPortName,
    68  			IPSetType:    v1alpha1.NetPortIPSet,
    69  			CidrAndPorts: cidrAndPorts,
    70  			RawRuleSource: v1alpha1.RawRuleSource{
    71  				Source: source,
    72  			},
    73  		},
    74  	}
    75  }
    76  
    77  // BuildSetIPSet builds list:set IP set that stores given sets
    78  func BuildSetIPSet(sets []v1alpha1.RawIPSet, networkchaos *v1alpha1.NetworkChaos, namePostFix string, source string) v1alpha1.RawIPSet {
    79  	name := GenerateIPSetName(networkchaos, "set_"+namePostFix)
    80  	setNames := []string{}
    81  
    82  	for _, set := range sets {
    83  		setNames = append(setNames, set.Name)
    84  	}
    85  
    86  	return v1alpha1.RawIPSet{
    87  		Name:      name,
    88  		IPSetType: v1alpha1.SetIPSet,
    89  		SetNames:  setNames,
    90  		RawRuleSource: v1alpha1.RawRuleSource{
    91  			Source: source,
    92  		},
    93  	}
    94  }
    95  
    96  // GenerateIPSetName generates name for ipset
    97  func GenerateIPSetName(networkchaos *v1alpha1.NetworkChaos, namePostFix string) string {
    98  	return netutils.CompressName(networkchaos.Name, 27, namePostFix)
    99  }
   100  
   101  // FlushIPSets makes grpc calls to chaosdaemon to save ipset
   102  func FlushIPSets(ctx context.Context, pbClient chaosdaemonclient.ChaosDaemonClientInterface, pod *v1.Pod, ipsets []*pb.IPSet) error {
   103  	var err error
   104  
   105  	if len(pod.Status.ContainerStatuses) == 0 {
   106  		err = errors.Wrapf(utils.ErrContainerNotFound, "pod %s/%s has empty container status", pod.Namespace, pod.Name)
   107  		return err
   108  	}
   109  
   110  	log.Info("Flushing IP Sets....")
   111  	for _, containerStatus := range pod.Status.ContainerStatuses {
   112  		containerID := containerStatus.ContainerID
   113  		log.Info("attempting to flush ip set", "containerID", containerID)
   114  
   115  		_, err = pbClient.FlushIPSets(ctx, &pb.IPSetsRequest{
   116  			Ipsets:      ipsets,
   117  			ContainerId: containerID,
   118  			EnterNS:     true,
   119  		})
   120  
   121  		if err != nil {
   122  			log.Error(err, fmt.Sprintf("error while flushing ip sets for containerID %s", containerID))
   123  		} else {
   124  			log.Info("Successfully flushed ip set")
   125  			return nil
   126  		}
   127  	}
   128  
   129  	return errors.Errorf("unable to flush ip sets for pod %s", pod.Name)
   130  }
   131