Code Overview¶
This section provides an overview of the Cilium & Hubble source code directory structure. It is useful to get an initial overview on where to find what.
High-level¶
Top-level directories github.com/cilium/cilium:
- api
- The Cilium & Hubble API definition.
- bpf
- The BPF datapath code
- bugtool
- CLI for collecting agent & system information for bug reporting
- cilium
- Cilium CLI client
- contrib, tools
- Additional tooling and resources used for development
- daemon
- The cilium-agent running on each node
- examples
- Various example resources and manifests. Typically require to be modified before usage is possible.
- hubble-relay
- Hubble Relay server
- install
- Helm deployment manifests for all components
- pkg
- Common Go packages shared between all components
- operator
- Operator responsible for centralized tasks which do not require to be performed on each node.
- plugins
- Plugins to integrate with Kubernetes and Docker
- test
- End-to-end integration tests run in the End-To-End Testing Framework.
Cilium¶
- api/v1/openapi.yaml
- API specification of the Cilium API. Used for code generation.
- api/v1/models/
- Go code generated from openapi.yaml representing all API resources
- bpf
- The BPF datapath code
- cilium
- Cilium CLI client
- cilium-health
- Cilium cluster connectivity CLI client
- daemon
- cilium-agent specific code
- plugins/cilium-cni
- The CNI plugin to integrate with Kubernetes
- plugins/cilium-docker
- The Docker integration plugin
Hubble¶
The server-side code of Hubble is integrated into the Cilium repository. The Hubble CLI can be found in the separate repository github.com/cilium/hubble. The Hubble UI can be found in the separate repository github.com/cilium/hubble-ui.
- api/v1/external, api/v1/flow, api/v1/observer, api/v1/peer, api/v1/relay
- API specifications of the Hubble APIs.
- hubble-relay
- Hubble Relay agent
- pkg/hubble
- All Hubble specific code
- pkg/hubble/container
- Ring buffer implementation
- pkg/hubble/filters
- Flow filtering capabilities
- pkg/hubble/metrics
- Metrics plugins providing Prometheus based on Hubble’s visibility
- pkg/hubble/observe
- Layer running on top of the Cilium datapath monitoring, feeding the metrics and ring buffer.
- pkg/hubble/parser
- Network flow parsers
- pkg/hubble/peer
- Peer service implementation
- pkg/hubble/relay
- Hubble Relay service implementation
- pkg/hubble/server
- The server providing the API for the Hubble client and UI
Important common packages¶
- pkg/allocator
- Security identity allocation
- pkg/bpf
- Abstraction layer to interact with the BPF runtime
- pkg/client
- Go client to access Cilium API
- pkg/clustermesh
- Multi-cluster implementation including control plane and global services
- pkg/controller
- Base controller implementation for any background operation that requires retries or interval-based invocation.
- pkg/datapath
- Abstraction layer for datapath interaction
- pkg/default
- All default values
- pkg/elf
- ELF abstraction library for the BPF loader
- pkg/endpoint
- Abstraction of a Cilium endpoint, representing all workloads.
- pkg/endpointmanager
- Manager of all endpoints
- pkg/envoy
- Envoy proxy interactions
- pkg/fqdn
- FQDN proxy and FQDN policy implementation
- pkg/health
- Network connectivity health checking
- pkg/identity
- Representation of a security identity for workloads
- pkg/ipam
- IP address management
- pkg/ipcache
- Global cache mapping IPs to endpoints and security identities
- pkg/k8s
- All interactions with Kubernetes
- pkg/kafka
- Kafka protocol proxy and policy implementation
- pkg/kvstore
- Key-value store abstraction layer with backends for etcd and consul
- pkg/labels
- Base metadata type to describe all label/metadata requirements for workload identity specification and policy matching.
- pkg/loadbalancer
- Control plane for load-balancing functionality
- pkg/maps
- BPF map representations
- pkg/metrics
- Prometheus metrics implementation
- pkg/monitor
- BPF datapath monitoring abstraction
- pkg/node
- Representation of a network node
- pkg/option
- All available configuration options
- pkg/policy
- Policy enforcement specification & implementation
- pkg/proxy
- Layer 7 proxy abstraction
- pkg/service
- Representation of a load-balancing service
- pkg/trigger
- Implementation of trigger functionality to implement event-driven functionality