mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-19 12:01:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

doc(NSC): add some comments around DSR

Browse Source
This commit is contained in:
Aaron U'Ren 2021-09-11 14:03:46 -05:00
parent 8f3861de40
commit feb16d0d0b
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/controllers/proxy/utils.go
View File

@ -41,6 +41,8 @@ func (ln *linuxNetworking) configureContainerForDSR(
}
defer utils.CloseCloserDisregardError(&endpointNamespaceHandle)
// LINUX NAMESPACE SHIFT - It is important to note that from here until the end of the function (or until an error)
// all subsequent commands are executed from within the container's network namespace and NOT the host's namespace.
err = netns.Set(endpointNamespaceHandle)
if err != nil {
return fmt.Errorf("failed to enter endpoint namespace (containerID=%s, pid=%d, error=%v)",
@ -127,6 +129,10 @@ func (ln *linuxNetworking) configureContainerForDSR(
sysctlErr.Error())
}
// TODO: it's bad to rely on eth0 here. While this is inside the container's namespace and is determined by the
// container runtime and so far we've been able to count on this being reliably set to eth0, it is possible that
// this may shift sometime in the future with a different runtime. It would be better to find a reliable way to
// determine the interface name from inside the container.
sysctlErr = utils.SetSysctlSingleTemplate(utils.IPv4ConfRPFilterTemplate, "eth0", 0)
if sysctlErr != nil && sysctlErr.IsFatal() {
attemptNamespaceResetAfterError(hostNetworkNamespaceHandle)