pub enum OverlaydRequest {
Show 23 variants
SetLocalNodeId {
node_id: u64,
},
SetLocalWgPubkey {
pubkey: String,
},
SetupGlobalOverlay {
deployment: String,
instance_id: String,
cluster_cidr: String,
slice_cidr: Option<String>,
wg_port: u16,
host_adapter_mandatory: bool,
nat: Option<NatConfigSpec>,
},
TeardownGlobalOverlay,
SetupServiceOverlay {
service: String,
mode: OverlayMode,
},
TeardownServiceOverlay {
service: String,
},
AllocateIp {
service: String,
join_global: bool,
},
ReleaseIp {
ip: IpAddr,
},
AttachContainer {
handle: AttachHandle,
service: String,
join_global: bool,
ephemeral: bool,
isolation_network: Option<String>,
dns_server: Option<IpAddr>,
dns_domain: Option<String>,
},
DetachContainer {
handle: AttachHandle,
},
AddPeer {
peer: PeerSpec,
scope: PeerScope,
},
RemovePeer {
pubkey: String,
scope: PeerScope,
},
AddAllowedIp {
pubkey: String,
cidr: String,
scope: PeerScope,
},
RemoveAllowedIp {
pubkey: String,
cidr: String,
scope: PeerScope,
},
RegisterDns {
name: String,
ip: IpAddr,
},
UnregisterDns {
name: String,
},
WriteScopedResolver {
zone: String,
node_ip: IpAddr,
port: Option<u16>,
},
RemoveScopedResolver {
zone: String,
},
PruneOrphanBridges {
live_bridge_names: Vec<String>,
},
Status,
NatTick,
NatStatus,
Shutdown,
}Expand description
A request from the main daemon to overlayd.
Variants§
SetLocalNodeId
Push this node’s Raft id (cluster-brain context overlayd scopes by).
SetLocalWgPubkey
Push this node’s WireGuard public key (base64).
SetupGlobalOverlay
Bring up (or reuse) this node’s base/global overlay. Idempotent: if the overlay network already exists (recorded in overlayd’s marker), it is reused rather than recreated. This is the only place the base overlay is created; it is torn down only on a full uninstall.
Fields
slice_cidr: Option<String>This node’s per-node slice, e.g. "10.200.0.0/28". None until the
leader assigns one.
host_adapter_mandatory: boolWhen true, a host-adapter (utun/Wintun) bringup failure is FATAL
instead of degrading to a VM-only overlay. Set by the daemon when the
node runs a host-shared runtime (macOS Seatbelt/native-VZ/libkrun)
where the host adapter IS the container data path. #[serde(default)]
keeps a pre-field daemon’s payload decoding (false = old behavior).
nat: Option<NatConfigSpec>Full NAT-traversal configuration for this node’s overlay.
None (or any omitted sub-field) means “no explicit NAT config” and
overlayd falls back to its built-in NatConfig::default(). This
replaced the previous nat_enabled: bool, which silently dropped the
operator’s --stun-server/--turn-server/--relay-server-bind
flags (overlayd only ever saw the enabled toggle). #[serde(default)]
keeps a pre-nat daemon’s payload (no nat field) decoding cleanly.
TeardownGlobalOverlay
Tear down the node’s base overlay (e.g. on full uninstall).
SetupServiceOverlay
Create the per-service overlay segment (Linux bridge / Windows HCN
Internal network) for service. Returns OverlaydResponse::BridgeName.
TeardownServiceOverlay
Remove the per-service overlay segment.
AllocateIp
Allocate (or, with ip set on a later attach, validate) an overlay IP
from the node slice for a container on service.
ReleaseIp
Return an overlay IP to the allocator.
AttachContainer
Wire a container into the overlay. Returns OverlaydResponse::Attached.
Fields
handle: AttachHandleephemeral: boolWhen true, overlayd reclaims the per-service bridge once the LAST container detaches (ephemeral/per-job networks). When false, the bridge persists across scale-to-0 (managed services). Defaults false for back-compat with older clients.
isolation_network: Option<String>When Some(network), this attach joins the named isolated network:
overlayd records the member in that network’s membership set and
enforces Docker-style L3 isolation (the member reaches its own
network’s members + the daemon node IP + egress, but NOT other
networks’ members or arbitrary cluster overlay IPs). None = the flat
cluster mesh (today’s behavior). Defaults None for older clients.
DetachContainer
Tear down a container’s overlay attachment and release its IP.
Fields
handle: AttachHandleAddPeer
Add a WireGuard peer to the base overlay.
RemovePeer
Remove a peer by its base64 public key.
AddAllowedIp
Plumb a service subnet into a peer’s AllowedIPs.
RemoveAllowedIp
Remove a service subnet from a peer’s AllowedIPs.
RegisterDns
Register an overlay DNS A/AAAA record.
UnregisterDns
Remove an overlay DNS record.
WriteScopedResolver
Write a macOS /etc/resolver/<zone> scoped-resolver file pointing at the
node’s overlay DNS. Privileged (root-only path); the rootless daemon asks
the ROOT overlayd to perform it. macOS-only handler; no-op elsewhere.
RemoveScopedResolver
Remove a macOS /etc/resolver/<zone> scoped-resolver file.
PruneOrphanBridges
Reclaim orphaned per-service host bridges (and their stale device/
container veths) that no live deployment still owns. The daemon computes
live_bridge_names from storage — the full set of zl-…-b bridge names
every currently-restored service SHOULD own — and overlayd deletes every
zl-…-b bridge link NOT in that set (plus releases its subnet/AllowedIPs
when recoverable), so a bridge left behind by a crashed/forgotten
deployment is swept on the next daemon startup. Names are passed (rather
than overlayd reaching into storage) to keep overlayd storage-free.
Returns OverlaydResponse::PrunedBridges.
Status
Snapshot overlay state for diagnostics. Returns OverlaydResponse::Status.
NatTick
Run one NAT-traversal maintenance tick (probe/refresh endpoints).
NatStatus
Snapshot the live NAT-traversal state (local candidates, per-peer
connection types, last refresh). Returns OverlaydResponse::NatStatus.
Shutdown
Ask overlayd to shut down gracefully (drops the adapter).
Trait Implementations§
Source§impl Clone for OverlaydRequest
impl Clone for OverlaydRequest
Source§fn clone(&self) -> OverlaydRequest
fn clone(&self) -> OverlaydRequest
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for OverlaydRequest
impl Debug for OverlaydRequest
Source§impl<'de> Deserialize<'de> for OverlaydRequest
impl<'de> Deserialize<'de> for OverlaydRequest
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Eq for OverlaydRequest
Source§impl PartialEq for OverlaydRequest
impl PartialEq for OverlaydRequest
Source§fn eq(&self, other: &OverlaydRequest) -> bool
fn eq(&self, other: &OverlaydRequest) -> bool
self and other values to be equal, and is used by ==.Source§impl Serialize for OverlaydRequest
impl Serialize for OverlaydRequest
impl StructuralPartialEq for OverlaydRequest
Auto Trait Implementations§
impl Freeze for OverlaydRequest
impl RefUnwindSafe for OverlaydRequest
impl Send for OverlaydRequest
impl Sync for OverlaydRequest
impl Unpin for OverlaydRequest
impl UnsafeUnpin for OverlaydRequest
impl UnwindSafe for OverlaydRequest
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> DeserializeOwned for Twhere
T: for<'de> Deserialize<'de>,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.