mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-10-07 07:51:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update network_policy_controller.go (#315)

Browse Source 
* Update network_policy_controller.go

typo

* Update network_policy_controller.go

typos
This commit is contained in:
kevin.xu 2018-02-20 19:49:13 +08:00 committed by Murali Reddy
parent 8c2111160e
commit f68372e175
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/network_policy_controller.go
View File

@ -26,12 +26,12 @@ import (
// Network policy controller provides both ingress and egress filtering for the pods as per the defined network // Network policy controller provides both ingress and egress filtering for the pods as per the defined network
// policies. Two different types of iptables chains are used. Each pod running on the node which either // policies. Two different types of iptables chains are used. Each pod running on the node which either
// requires ingress or egress filtering gets a pod specific chian. Each network policy has a iptable chain, which // requires ingress or egress filtering gets a pod specific chains. Each network policy has a iptable chain, which
// has rules expreessed through ipsets matching source and destination pod ip's. In the FORWARD chain of the // has rules expressed through ipsets matching source and destination pod ip's. In the FORWARD chain of the
// filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod // filter table a rule is added to jump the traffic originating (in case of egress network policy) from the pod
// or destined (in case of ingress network policy) to the pod to the pod specific iptable chain. Each // or destined (in case of ingress network policy) to the pod specific iptable chain. Each
// pod specifc iptable chain has rules to jump to the network polices chains, that pod matches. So packet // pod specific iptable chain has rules to jump to the network polices chains, that pod matches. So packet
// originating/destined from/to pod goes throuh fitler table's, FORWARD chain, followed by pod specific chain, // originating/destined from/to pod goes through fitler table's, FORWARD chain, followed by pod specific chain,
// followed by one or more network policy chains, till there is a match which will accept the packet, or gets // followed by one or more network policy chains, till there is a match which will accept the packet, or gets
// dropped by the rule in the pod chain, if there is no match. // dropped by the rule in the pod chain, if there is no match.