Code Overview
This section provides an overview of the Cilium & Hubble source code directory structure. It is useful to get an initial overview on where to find what.
High-level
Top-level directories github.com/cilium/cilium:
- api
The Cilium & Hubble API definition.
- bpf
The eBPF datapath code
- bugtool
CLI for collecting agent & system information for bug reporting
- cilium
Cilium CLI client
- contrib, tools
Additional tooling and resources used for development
- daemon
The cilium-agent running on each node
- examples
Various example resources and manifests. Typically require to be modified before usage is possible.
- hubble-relay
Hubble Relay server
- install
Helm deployment manifests for all components
- pkg
Common Go packages shared between all components
- operator
Operator responsible for centralized tasks which do not require to be performed on each node.
- plugins
Plugins to integrate with Kubernetes and Docker
- test
End-to-end integration tests run in the End-To-End Testing Framework (Legacy).
Cilium
- api/v1/openapi.yaml
API specification of the Cilium API. Used for code generation.
- api/v1/models/
Go code generated from openapi.yaml representing all API resources
- bpf
The eBPF datapath code
- cilium
Cilium CLI client
- cilium-health
Cilium cluster connectivity CLI client
- daemon
cilium-agent specific code
- plugins/cilium-cni
The CNI plugin to integrate with Kubernetes
- plugins/cilium-docker
The Docker integration plugin
Hubble
The server-side code of Hubble is integrated into the Cilium repository. The Hubble CLI can be found in the separate repository github.com/cilium/hubble. The Hubble UI can be found in the separate repository github.com/cilium/hubble-ui.
- api/v1/external, api/v1/flow, api/v1/observer, api/v1/peer, api/v1/relay
API specifications of the Hubble APIs.
- hubble-relay
Hubble Relay agent
- pkg/hubble
All Hubble specific code
- pkg/hubble/container
Ring buffer implementation
- pkg/hubble/filters
Flow filtering capabilities
- pkg/hubble/metrics
Metrics plugins providing Prometheus based on Hubble’s visibility
- pkg/hubble/observe
Layer running on top of the Cilium datapath monitoring, feeding the metrics and ring buffer.
- pkg/hubble/parser
Network flow parsers
- pkg/hubble/peer
Peer service implementation
- pkg/hubble/relay
Hubble Relay service implementation
- pkg/hubble/server
The server providing the API for the Hubble client and UI
Important common packages
- pkg/allocator
Security identity allocation
- pkg/bpf
Abstraction layer to interact with the eBPF runtime
- pkg/client
Go client to access Cilium API
- pkg/clustermesh
Multi-cluster implementation including control plane and global services
- pkg/controller
Base controller implementation for any background operation that requires retries or interval-based invocation.
- pkg/datapath
Abstraction layer for datapath interaction
- pkg/defaults
All default values
- pkg/elf
ELF abstraction library for the eBPF loader
- pkg/endpoint
Abstraction of a Cilium endpoint, representing all workloads.
- pkg/endpointmanager
Manager of all endpoints
- pkg/envoy
Envoy proxy interactions
- pkg/fqdn
FQDN proxy and FQDN policy implementation
- pkg/health
Network connectivity health checking
- pkg/hive
A dependency injection framework for modular composition of applications
- pkg/identity
Representation of a security identity for workloads
- pkg/ipam
IP address management
- pkg/ipcache
Global cache mapping IPs to endpoints and security identities
- pkg/k8s
All interactions with Kubernetes
- pkg/kvstore
Key-value store abstraction layer with backends for etcd
- pkg/labels
Base metadata type to describe all label/metadata requirements for workload identity specification and policy matching.
- pkg/loadbalancer
Control plane for load-balancing functionality
- pkg/maps
eBPF map representations
- pkg/metrics
Prometheus metrics implementation
- pkg/monitor
eBPF datapath monitoring abstraction
- pkg/node
Representation of a network node
- pkg/option
All available configuration options
- pkg/policy
Policy enforcement specification & implementation
- pkg/proxy
Layer 7 proxy abstraction
- pkg/service
Representation of a load-balancing service
- pkg/trigger
Implementation of trigger functionality to implement event-driven functionality