daemon: move datapath cell to pkg/datapath

Now that there are no more circular imports, we can move the datapath cell and associated initialization code to pkg/datapath. The sysctl stuff should most definitely not live toplevel here, but one step at a time. Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
cilium · Mar 16, 2023 · 88fa6d4 · 88fa6d4
1 parent d32eaaa
commit 88fa6d4
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 74 deletions.
diff --git a/daemon/cmd/cells.go b/daemon/cmd/cells.go
@@ -7,12 +7,11 @@ import (
 	"github.com/cilium/cilium/pkg/auth"
 	"github.com/cilium/cilium/pkg/bgpv1"
 	"github.com/cilium/cilium/pkg/crypto/certificatemanager"
-	datapath "github.com/cilium/cilium/pkg/datapath/types"
+	"github.com/cilium/cilium/pkg/datapath"
 	"github.com/cilium/cilium/pkg/defaults"
 	"github.com/cilium/cilium/pkg/endpointmanager"
 	"github.com/cilium/cilium/pkg/gops"
 	"github.com/cilium/cilium/pkg/hive/cell"
-	ipcacheTypes "github.com/cilium/cilium/pkg/ipcache/types"
 	"github.com/cilium/cilium/pkg/k8s"
 	k8sClient "github.com/cilium/cilium/pkg/k8s/client"
 	"github.com/cilium/cilium/pkg/node"
@@ -28,7 +27,7 @@ var (
 
 		Infrastructure,
 		ControlPlane,
-		Datapath,
+		datapath.Cell,
 	)
 
 	// Infrastructure provides access and services to the outside.
@@ -92,20 +91,4 @@ var (
 		// IPCache, policy.Repository and CachingIdentityAllocator.
 		cell.Provide(newPolicyTrifecta),
 	)
-
-	// Datapath provides the privileged operations to apply control-plane
-	// decision to the kernel.
-	Datapath = cell.Module(
-		"datapath",
-		"Datapath",
-
-		cell.Provide(
-			newWireguardAgent,
-			newDatapath,
-		),
-
-		cell.Provide(func(dp datapath.Datapath) ipcacheTypes.NodeHandler {
-			return dp.Node()
-		}),
-	)
 )
diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
@@ -34,8 +34,6 @@ import (
 	"github.com/cilium/cilium/pkg/components"
 	"github.com/cilium/cilium/pkg/controller"
 	"github.com/cilium/cilium/pkg/crypto/certificatemanager"
-	"github.com/cilium/cilium/pkg/datapath/iptables"
-	"github.com/cilium/cilium/pkg/datapath/link"
 	linuxdatapath "github.com/cilium/cilium/pkg/datapath/linux"
 	"github.com/cilium/cilium/pkg/datapath/linux/ipsec"
 	"github.com/cilium/cilium/pkg/datapath/linux/probes"
@@ -84,7 +82,6 @@ import (
 	"github.com/cilium/cilium/pkg/sysctl"
 	"github.com/cilium/cilium/pkg/version"
 	wireguard "github.com/cilium/cilium/pkg/wireguard/agent"
-	wireguardTypes "github.com/cilium/cilium/pkg/wireguard/types"
 )
 
 const (
@@ -1571,55 +1568,6 @@ func (d *Daemon) initKVStore() {
 	}
 }
 
-func newWireguardAgent(lc hive.Lifecycle) *wireguard.Agent {
-	var wgAgent *wireguard.Agent
-	if option.Config.EnableWireguard {
-		if option.Config.EnableIPSec {
-			log.Fatalf("Wireguard (--%s) cannot be used with IPSec (--%s)",
-				option.EnableWireguard, option.EnableIPSecName)
-		}
-
-		var err error
-		privateKeyPath := filepath.Join(option.Config.StateDir, wireguardTypes.PrivKeyFilename)
-		wgAgent, err = wireguard.NewAgent(privateKeyPath)
-		if err != nil {
-			log.Fatalf("failed to initialize wireguard: %s", err)
-		}
-
-		lc.Append(hive.Hook{
-			OnStop: func(hive.HookContext) error {
-				wgAgent.Close()
-				return nil
-			},
-		})
-	} else {
-		// Delete wireguard device from previous run (if such exists)
-		link.DeleteByName(wireguardTypes.IfaceName)
-	}
-	return wgAgent
-}
-
-func newDatapath(lc hive.Lifecycle, wgAgent *wireguard.Agent) datapath.Datapath {
-	datapathConfig := linuxdatapath.DatapathConfiguration{
-		HostDevice: defaults.HostDevice,
-		ProcFs:     option.Config.ProcFs,
-	}
-
-	iptablesManager := &iptables.IptablesManager{}
-
-	lc.Append(hive.Hook{
-		OnStart: func(hive.HookContext) error {
-			if err := enableIPForwarding(); err != nil {
-				log.Fatalf("enabling IP forwarding via sysctl failed: %s", err)
-			}
-
-			iptablesManager.Init()
-			return nil
-		}})
-
-	return linuxdatapath.NewDatapath(datapathConfig, iptablesManager, wgAgent)
-}
-
 // daemonCell wraps the existing implementation of the cilium-agent that has
 // not yet been converted into a cell. Provides *Daemon as a Promise that is
 // resolved once daemon has been started to facilitate conversion into modules.

diff --git a/pkg/datapath/cells.go b/pkg/datapath/cells.go
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package datapath
+
+import (
+	"log"
+	"path/filepath"
+
+	"github.com/cilium/cilium/pkg/datapath/iptables"
+	"github.com/cilium/cilium/pkg/datapath/link"
+	linuxdatapath "github.com/cilium/cilium/pkg/datapath/linux"
+	"github.com/cilium/cilium/pkg/datapath/types"
+	"github.com/cilium/cilium/pkg/defaults"
+	"github.com/cilium/cilium/pkg/hive"
+	"github.com/cilium/cilium/pkg/hive/cell"
+	ipcache "github.com/cilium/cilium/pkg/ipcache/types"
+	"github.com/cilium/cilium/pkg/option"
+	wg "github.com/cilium/cilium/pkg/wireguard/agent"
+	wgTypes "github.com/cilium/cilium/pkg/wireguard/types"
+)
+
+// Datapath provides the privileged operations to apply control-plane
+// decision to the kernel.
+var Cell = cell.Module(
+	"datapath",
+	"Datapath",
+
+	cell.Provide(
+		newWireguardAgent,
+		newDatapath,
+	),
+
+	cell.Provide(func(dp types.Datapath) ipcache.NodeHandler {
+		return dp.Node()
+	}),
+)
+
+func newWireguardAgent(lc hive.Lifecycle) *wg.Agent {
+	var wgAgent *wg.Agent
+	if option.Config.EnableWireguard {
+		if option.Config.EnableIPSec {
+			log.Fatalf("Wireguard (--%s) cannot be used with IPSec (--%s)",
+				option.EnableWireguard, option.EnableIPSecName)
+		}
+
+		var err error
+		privateKeyPath := filepath.Join(option.Config.StateDir, wgTypes.PrivKeyFilename)
+		wgAgent, err = wg.NewAgent(privateKeyPath)
+		if err != nil {
+			log.Fatalf("failed to initialize wireguard: %s", err)
+		}
+
+		lc.Append(hive.Hook{
+			OnStop: func(hive.HookContext) error {
+				wgAgent.Close()
+				return nil
+			},
+		})
+	} else {
+		// Delete wireguard device from previous run (if such exists)
+		link.DeleteByName(wgTypes.IfaceName)
+	}
+	return wgAgent
+}
+
+func newDatapath(lc hive.Lifecycle, wgAgent *wg.Agent) types.Datapath {
+	datapathConfig := linuxdatapath.DatapathConfiguration{
+		HostDevice: defaults.HostDevice,
+		ProcFs:     option.Config.ProcFs,
+	}
+
+	iptablesManager := &iptables.IptablesManager{}
+
+	lc.Append(hive.Hook{
+		OnStart: func(hive.HookContext) error {
+			// FIXME enableIPForwarding should not live here
+			if err := enableIPForwarding(); err != nil {
+				log.Fatalf("enabling IP forwarding via sysctl failed: %s", err)
+			}
+
+			iptablesManager.Init()
+			return nil
+		}})
+
+	return linuxdatapath.NewDatapath(datapathConfig, iptablesManager, wgAgent)
+}
diff --git a/daemon/cmd/sysctl_darwin.go → pkg/datapath/sysctl_darwin.go b/daemon/cmd/sysctl_darwin.go → pkg/datapath/sysctl_darwin.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright Authors of Cilium
 
-package cmd
+package datapath
 
 // enableIPForwarding on OS X and Darwin is not doing anything. It just exists
 // to make compilation possible.

diff --git a/daemon/cmd/sysctl_linux.go → pkg/datapath/sysctl_linux.go b/daemon/cmd/sysctl_linux.go → pkg/datapath/sysctl_linux.go
@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright Authors of Cilium
 
-package cmd
+package datapath
 
 import (
 	"github.com/cilium/cilium/pkg/option"

diff --git a/daemon/cmd/sysctl_linux_test.go → pkg/datapath/sysctl_linux_test.go b/daemon/cmd/sysctl_linux_test.go → pkg/datapath/sysctl_linux_test.go
@@ -3,7 +3,7 @@
 
 //go:build linux
 
-package cmd
+package datapath
 
 import (
 	"github.com/cilium/cilium/pkg/testutils"