Skip to main content

OverlaydRequest

Enum OverlaydRequest 

Source
pub enum OverlaydRequest {
Show 23 variants SetLocalNodeId { node_id: u64, }, SetLocalWgPubkey { pubkey: String, }, SetupGlobalOverlay { deployment: String, instance_id: String, cluster_cidr: String, slice_cidr: Option<String>, wg_port: u16, host_adapter_mandatory: bool, nat: Option<NatConfigSpec>, }, TeardownGlobalOverlay, SetupServiceOverlay { service: String, mode: OverlayMode, }, TeardownServiceOverlay { service: String, }, AllocateIp { service: String, join_global: bool, }, ReleaseIp { ip: IpAddr, }, AttachContainer { handle: AttachHandle, service: String, join_global: bool, ephemeral: bool, isolation_network: Option<String>, dns_server: Option<IpAddr>, dns_domain: Option<String>, }, DetachContainer { handle: AttachHandle, }, AddPeer { peer: PeerSpec, scope: PeerScope, }, RemovePeer { pubkey: String, scope: PeerScope, }, AddAllowedIp { pubkey: String, cidr: String, scope: PeerScope, }, RemoveAllowedIp { pubkey: String, cidr: String, scope: PeerScope, }, RegisterDns { name: String, ip: IpAddr, }, UnregisterDns { name: String, }, WriteScopedResolver { zone: String, node_ip: IpAddr, port: Option<u16>, }, RemoveScopedResolver { zone: String, }, PruneOrphanBridges { live_bridge_names: Vec<String>, }, Status, NatTick, NatStatus, Shutdown,
}
Expand description

A request from the main daemon to overlayd.

Variants§

§

SetLocalNodeId

Push this node’s Raft id (cluster-brain context overlayd scopes by).

Fields

§node_id: u64
§

SetLocalWgPubkey

Push this node’s WireGuard public key (base64).

Fields

§pubkey: String
§

SetupGlobalOverlay

Bring up (or reuse) this node’s base/global overlay. Idempotent: if the overlay network already exists (recorded in overlayd’s marker), it is reused rather than recreated. This is the only place the base overlay is created; it is torn down only on a full uninstall.

Fields

§deployment: String
§instance_id: String
§cluster_cidr: String

Full cluster CIDR, e.g. "10.200.0.0/16".

§slice_cidr: Option<String>

This node’s per-node slice, e.g. "10.200.0.0/28". None until the leader assigns one.

§wg_port: u16
§host_adapter_mandatory: bool

When true, a host-adapter (utun/Wintun) bringup failure is FATAL instead of degrading to a VM-only overlay. Set by the daemon when the node runs a host-shared runtime (macOS Seatbelt/native-VZ/libkrun) where the host adapter IS the container data path. #[serde(default)] keeps a pre-field daemon’s payload decoding (false = old behavior).

§nat: Option<NatConfigSpec>

Full NAT-traversal configuration for this node’s overlay.

None (or any omitted sub-field) means “no explicit NAT config” and overlayd falls back to its built-in NatConfig::default(). This replaced the previous nat_enabled: bool, which silently dropped the operator’s --stun-server/--turn-server/--relay-server-bind flags (overlayd only ever saw the enabled toggle). #[serde(default)] keeps a pre-nat daemon’s payload (no nat field) decoding cleanly.

§

TeardownGlobalOverlay

Tear down the node’s base overlay (e.g. on full uninstall).

§

SetupServiceOverlay

Create the per-service overlay segment (Linux bridge / Windows HCN Internal network) for service. Returns OverlaydResponse::BridgeName.

Fields

§service: String
§

TeardownServiceOverlay

Remove the per-service overlay segment.

Fields

§service: String
§

AllocateIp

Allocate (or, with ip set on a later attach, validate) an overlay IP from the node slice for a container on service.

Fields

§service: String
§join_global: bool
§

ReleaseIp

Return an overlay IP to the allocator.

Fields

§

AttachContainer

Wire a container into the overlay. Returns OverlaydResponse::Attached.

Fields

§service: String
§join_global: bool
§ephemeral: bool

When true, overlayd reclaims the per-service bridge once the LAST container detaches (ephemeral/per-job networks). When false, the bridge persists across scale-to-0 (managed services). Defaults false for back-compat with older clients.

§isolation_network: Option<String>

When Some(network), this attach joins the named isolated network: overlayd records the member in that network’s membership set and enforces Docker-style L3 isolation (the member reaches its own network’s members + the daemon node IP + egress, but NOT other networks’ members or arbitrary cluster overlay IPs). None = the flat cluster mesh (today’s behavior). Defaults None for older clients.

§dns_server: Option<IpAddr>
§dns_domain: Option<String>
§

DetachContainer

Tear down a container’s overlay attachment and release its IP.

Fields

§

AddPeer

Add a WireGuard peer to the base overlay.

Fields

§

RemovePeer

Remove a peer by its base64 public key.

Fields

§pubkey: String
§

AddAllowedIp

Plumb a service subnet into a peer’s AllowedIPs.

Fields

§pubkey: String
§cidr: String
§

RemoveAllowedIp

Remove a service subnet from a peer’s AllowedIPs.

Fields

§pubkey: String
§cidr: String
§

RegisterDns

Register an overlay DNS A/AAAA record.

Fields

§name: String
§

UnregisterDns

Remove an overlay DNS record.

Fields

§name: String
§

WriteScopedResolver

Write a macOS /etc/resolver/<zone> scoped-resolver file pointing at the node’s overlay DNS. Privileged (root-only path); the rootless daemon asks the ROOT overlayd to perform it. macOS-only handler; no-op elsewhere.

Fields

§zone: String
§node_ip: IpAddr
§port: Option<u16>
§

RemoveScopedResolver

Remove a macOS /etc/resolver/<zone> scoped-resolver file.

Fields

§zone: String
§

PruneOrphanBridges

Reclaim orphaned per-service host bridges (and their stale device/ container veths) that no live deployment still owns. The daemon computes live_bridge_names from storage — the full set of zl-…-b bridge names every currently-restored service SHOULD own — and overlayd deletes every zl-…-b bridge link NOT in that set (plus releases its subnet/AllowedIPs when recoverable), so a bridge left behind by a crashed/forgotten deployment is swept on the next daemon startup. Names are passed (rather than overlayd reaching into storage) to keep overlayd storage-free. Returns OverlaydResponse::PrunedBridges.

Fields

§live_bridge_names: Vec<String>
§

Status

Snapshot overlay state for diagnostics. Returns OverlaydResponse::Status.

§

NatTick

Run one NAT-traversal maintenance tick (probe/refresh endpoints).

§

NatStatus

Snapshot the live NAT-traversal state (local candidates, per-peer connection types, last refresh). Returns OverlaydResponse::NatStatus.

§

Shutdown

Ask overlayd to shut down gracefully (drops the adapter).

Trait Implementations§

Source§

impl Clone for OverlaydRequest

Source§

fn clone(&self) -> OverlaydRequest

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for OverlaydRequest

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for OverlaydRequest

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Eq for OverlaydRequest

Source§

impl PartialEq for OverlaydRequest

Source§

fn eq(&self, other: &OverlaydRequest) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for OverlaydRequest

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for OverlaydRequest

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromBase64 for T
where T: for<'de> Deserialize<'de>,

Source§

fn from_base64<Input>(raw: &Input) -> Result<T, Error>
where Input: AsRef<[u8]> + ?Sized,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<C> SignWithKey<String> for C
where C: ToBase64,

Source§

impl<T> ToBase64 for T
where T: Serialize,

Source§

fn to_base64(&self) -> Result<Cow<'_, str>, Error>

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more