mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-20 04:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,023 Commits 23 Branches 102 Tags
Commit Graph

1023 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aaron U'Ren
0ecb51de3e fix(NPC/pod): check drop policy on ipv4 & ipv6 
Change return to continue so that both IPv4 and IPv6 are checked for
drop policy not just the first one.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
367aedf846 fix(bgp_policies): add empty DS set checking 
Without this logic, it appears that sometimes GoBGP is inclined to match
unintentional routes in policy because of the MATCHSET_ANY declaration
and the way that it interacts with empty sets.

In my testing, without this logic I found that it often resulted in
various routes not being advertised correctly and not even showing up in
GoBGP itself. My current guess is that policy keeps GoBGP from importing
the route into the RIB even from the Protobuf socket connection that
kube-router establishes directly.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
aeb51ba697 fact(bgp_policies): rename clusterIPPrefixSet -> serviceVIPIPPrefixSet 2023-10-07 08:52:31 -05:00
Aaron U'Ren
6e03836081 fact(bgp_policies): abstract get DS for GoBGP 
We do a lot of getting defined sets for GoBGP and are planning to do
more of it in the future. This commit centralizes the logic for this and
reduces repetition.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
67254ad22d fix(ecmp_vip): handle ipv4 & ipv6 protocols 2023-10-07 08:52:31 -05:00
Aaron U'Ren
5f952e0f28 test(bgp_policies_test): add local address 2023-10-07 08:52:31 -05:00
Aaron U'Ren
ec12fda820 fix(node): do nil checking on FindBestIP util funcs 2023-10-07 08:52:31 -05:00
Aaron U'Ren
5d7f62c5b3 fix(NRC): ensure local addr IP is bindable early 2023-10-07 08:52:31 -05:00
Aaron U'Ren
67abc4b80e fix(bgp_peers): adv. AfiSafi based on capabability 
Advertise IPv4 / IPv6 AfiSafi capability based upon node's capabilities
rather than limiting to the node's configured protocol.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
c491bcb48d fix(bgp_peers): do peer only if IP protos match 
For configured BGP peers only attempt peering if IP protos match,
otherwise skip and log warning
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
0023dedc4d fix(NRC): error when nec. host IP not found 
If we can't find an appropriate IP to add for nextHop to injectRoute or
overlay tunnel, raise error rather than trying to continue.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
4f284be53e fix(NRC): add IPv6 logic to bgp-local-addresses 2023-10-07 08:52:31 -05:00
Aaron U'Ren
51f4696417 feat(ci): run CI on version prep branches and MRs 2023-10-07 08:52:31 -05:00
Aaron U'Ren
b3e0768281 fix(options): make clusterIP specification similar to other options 2023-10-07 08:52:31 -05:00
Aaron U'Ren
a31511d987 fix(NPC): actually separate chain indices for ipv4 / ipv6 2023-10-07 08:52:31 -05:00
Aaron U'Ren
096da81f92 fact(NPC): pluralize newIPTablesHandler 2023-10-07 08:52:31 -05:00
Aaron U'Ren
ddb0e63c46 feat(NRC): make NRC dual stack 2023-10-07 08:52:31 -05:00
Aaron U'Ren
01f2ff2aa1 fact(NRC): convert BGP set names to const 
Convert all BGP set names to constants and then refer to them via the
constant across the code base so that we reduce the effect of typos.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
85cecb6e61 feat(pod_cidr): handle multiple pod CIDRs 2023-10-07 08:52:31 -05:00
Aaron U'Ren
c18d811f4f fix(kube-router.go): metric message -> not error 
Running kube-router without metrics is a perfectly valid way to run
kube-router and as such it shouldn't emit an error message when a user
has not set that flag. Move the message down to Info.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
3db482be3b fix(NPC): separate chain indices for ipv4 / ipv6 
Without this, kube-router would end up sharing the index between ipv4
and ipv6 which would cause it to error out when one incremented beyond
the number of rules that actually existed in the chain.
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
9d2b3c72ea fix(node.go): make node address errors more helpful 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
d7e2a146f3 fix golangci issues 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
12561f9faa fix test compilation error 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
e5f272e972 go mod 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
76e5d20c5a use createGenericHashIPSet 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
b3dcaa0878 rename utilsnet import to netutils 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
4256a60705 syncPodFirewallChains: loop on all NodeIp 
to find the pods running on a given Node
- Load PodIp in podInfo struct and use it instead of pod.ips[0].IP
 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
92e91df9d2 refactor whitelisting of cluster IP Range 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
6fea9c2d19 Validate that ClusterIP service range type matches the configuration 
and update documentation
 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
16d3cd1867 godoc update 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
d1f3839bc6 remove redundant default value 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
d6dcf76759 rename Adresses 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
26d06c40aa Turn IPTablesSaveRestore into an interface 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
3839ec1d8e init iptablesCmdHandlers and ipSetHandlers inside NewNetworkPolicyController 2023-10-07 08:52:31 -05:00
Thomas Ferrandiz
5b7da83c25 disable ipv6 by default 2023-10-07 08:52:31 -05:00
Michal Rostecki
5d04a9fd97 netpol: Add dual-stack support 
This change allows to define two cluster CIDRs for compatibility with
Kubernetes dual-stack, with an assumption that two CIDRs are usually
IPv4 and IPv6.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2023-10-07 08:52:31 -05:00
Aaron U'Ren
08f05a8034 fix(moq): chown generated moqs 
By default moqs generated by docker will be owned by root causing
problems for the user in the shell after docker runs and generates them.
This chowns then back so that their git working dir is still
consistently owned by their user.
 2023-09-10 13:08:10 -05:00
Aaron U'Ren
ee85441c6e fix(moq): remove previous moqs before generation 
The previous moq seems to get in the way of generating new ones, this
removes the previous moq before it attempts to create a new one.
 2023-09-10 13:08:10 -05:00
Aaron U'Ren
4556aa3b2f fix(lint): convert sh -> bash 
Converts from sh to bash for the linting shell so that ctrl-c can be
used to interrupt long linting process from the shell
 2023-09-10 13:08:10 -05:00
Aaron U'Ren
3c16d3cd3e
feat(close_stale.yml): increase operations 30 -> 100 2023-09-05 17:38:47 -05:00
Aaron U'Ren
0d12e617e3 feat(close_stale.yml): add workflow for closing stale issues & PRs 2023-09-04 19:49:48 +02:00
guoguangwu
b084c2aebc fix: available typo 
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
 2023-09-03 18:37:49 -05:00
dependabot[bot]
82cd7c97f7 build(deps): bump github.com/aws/aws-sdk-go from 1.44.334 to 1.45.1 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.334 to 1.45.1.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.334...v1.45.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-09-01 10:22:09 +02:00
dependabot[bot]
16474cf94e build(deps): bump github.com/aws/aws-sdk-go from 1.44.332 to 1.44.334 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.332 to 1.44.334.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.332...v1.44.334)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-30 17:46:25 +02:00
Manuel Rüger
0110d1d338 Partially revert riscv64 support 
Since the alpine image we use does not have a riscv64 architecture, we
can't build riscv64 images.
 2023-08-30 10:32:23 -05:00
Manuel Rüger
9805c79b8a Makefile: Bump go + alpine as well 2023-08-29 19:35:29 +02:00
Manuel Rüger
ade98d6b07 Bump go 1.20 + k8s 1.27 2023-08-29 17:36:54 +02:00
Aaron U'Ren
e7a521a0b6 feat(ci.yml): add ppc64le and riscv64 to ci 
These are both architectures that are added to the Makefile, but that we
don't currently build for. riscv64 was added in:
https://github.com/cloudnativelabs/kube-router/pull/1525 and ppc64le was
added in: https://github.com/cloudnativelabs/kube-router/pull/847
 2023-08-29 09:46:52 -05:00
Iggy Jackson
8b76e9c5ee Add RISC-V 64 support 
Add goreleaser and Makefile entries to build/deploy riscv64 assets
 2023-08-28 15:34:06 -05:00