pub enum OverlayMode {
Auto,
Shared,
Dedicated,
Isolated,
}Expand description
Per-service overlay data-plane attachment knob.
See the module docs for the full truth table; each variant bundles a
container-attachment topology with a WireGuard transport choice.
Variants§
Auto
Today’s default behavior: veth-per-container on a per-service Linux
bridge, carried on the single cluster-wide WireGuard interface. No
shared node-wide bridge / free-port proxy and no per-service WireGuard
transport.
Max sharing: one shared node-wide bridge for all services plus a
userspace free-port L4 proxy (host:FREEPORT -> container_ip:port).
No per-service bridge and no per-service WireGuard; traffic rides the
cluster-wide WireGuard interface.
Dedicated
Max isolation: veth-per-container on a per-service bridge, with its OWN
per-service WireGuard transport (isolated crypto context). No shared
node-wide bridge / free-port proxy.
Isolated
Per-service bridge on the cluster-wide WireGuard interface (same
topology + transport as OverlayMode::Auto), but L3-fenced to its own
isolation network: members reach their own network’s members plus the
node IP and egress, never other networks’ members or arbitrary cluster
overlay IPs. Sugar for “Auto topology auto-fenced to an isolation network
named after the service” — it reuses the same isolation_network
membership machinery the named-isolated-networks feature already uses on
every platform. Distinct from OverlayMode::Dedicated, which isolates
the crypto transport (its own WireGuard device), not the L3 scope.
Implementations§
Source§impl OverlayMode
impl OverlayMode
Sourcepub fn resolve(self) -> OverlayMode
pub fn resolve(self) -> OverlayMode
Identity resolution: each variant resolves to itself. Retained so
existing .resolve() callers keep compiling. Auto no longer maps to
Shared — Auto now denotes today’s default behavior (per-service
bridge on the cluster-wide WireGuard interface) in its own right.
Whether this mode uses the shared node-wide bridge plus the userspace
free-port L4 proxy. True only for OverlayMode::Shared.
Sourcepub fn uses_per_service_wg(self) -> bool
pub fn uses_per_service_wg(self) -> bool
Whether this mode provisions its own per-service WireGuard transport
with an isolated crypto context. True only for
OverlayMode::Dedicated.
Sourcepub fn uses_isolation_scope(self) -> bool
pub fn uses_isolation_scope(self) -> bool
Whether this mode is L3-fenced to its own isolation network. True only
for OverlayMode::Isolated. The fence reuses the platform-neutral
isolation_network membership channel; the network is named after the
service.
Trait Implementations§
Source§impl Clone for OverlayMode
impl Clone for OverlayMode
Source§fn clone(&self) -> OverlayMode
fn clone(&self) -> OverlayMode
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreimpl Copy for OverlayMode
Source§impl Debug for OverlayMode
impl Debug for OverlayMode
Source§impl Default for OverlayMode
impl Default for OverlayMode
Source§fn default() -> OverlayMode
fn default() -> OverlayMode
Source§impl<'de> Deserialize<'de> for OverlayMode
impl<'de> Deserialize<'de> for OverlayMode
Source§fn deserialize<__D>(
__deserializer: __D,
) -> Result<OverlayMode, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(
__deserializer: __D,
) -> Result<OverlayMode, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
impl Eq for OverlayMode
Source§impl PartialEq for OverlayMode
impl PartialEq for OverlayMode
Source§fn eq(&self, other: &OverlayMode) -> bool
fn eq(&self, other: &OverlayMode) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for OverlayMode
impl Serialize for OverlayMode
Source§fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
impl StructuralPartialEq for OverlayMode
Auto Trait Implementations§
impl Freeze for OverlayMode
impl RefUnwindSafe for OverlayMode
impl Send for OverlayMode
impl Sync for OverlayMode
impl Unpin for OverlayMode
impl UnsafeUnpin for OverlayMode
impl UnwindSafe for OverlayMode
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.Source§impl<T> FromBase64 for Twhere
T: for<'de> Deserialize<'de>,
impl<T> FromBase64 for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more