mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-18 19:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
813 Commits 23 Branches 102 Tags
Commit Graph

135 Commits

Author SHA1 Message Date
RusoX89
23ac78cf94 Routes Synchronization Routine 2022-03-18 15:02:02 -05:00
Tamihiro Lee
1db19931a2 skip binding device to ipip tunnel if node's interface is loopback 2022-03-11 16:41:14 -06:00
Tamihiro Lee
184976a536 start peering connection to neighbors from node's advertise-ip 2022-03-11 16:19:00 -06:00
Aaron U'Ren
b9a9246e8e fix(lint): don't error on deprecated protobuf funcs 2021-12-02 12:13:31 +01:00
Xiang Liu
73b7c22ae4 fix(bgp policy): sort the slice items before deep equal(#1188) 2021-11-15 14:48:17 -06:00
Xiang Liu
8e7d585217 fix(bgp): use PeerState_ESTABLISHED logic like function name(#1184) 2021-11-08 15:14:01 -06:00
Aaron U'Ren
5e1d033a44 fix(sysctl): revert is fatal check for some conditions 2021-09-13 17:39:28 -05:00
Aaron U'Ren
8f3861de40 fact(sysctl): consolidate sysctl usage into utils 2021-09-11 16:20:07 -05:00
Aaron U'Ren
da5f8e0044 fix: address minor PR feedback and misspells 2021-09-11 16:20:07 -05:00
Aaron U'Ren
419c078c60 feat(.golangci.yml): enable unparam linter and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
1d90e215e9 feat(.golangci.yml): enable stylecheck linter and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
85f28411dc feat(.golangci.yml): enable long lines linter and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
874a746e30 feat(.golangci.yml): enable gosec and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
6208bfac46 feat(.golangci.yml): enable gomnd and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
f52fddddee feat(.golangci.yml): enable gocritic and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
d6ccc22519 feat(.golangci.yml): enable goconst and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
c5f4c00d63 feat(.golangci.yml): enable dupl and remediate 2021-09-11 16:20:07 -05:00
Murali Reddy
101658a51a incorporate review comments 2021-08-18 14:59:04 -05:00
Murali Reddy
892361800b ensure withdrawn external IP's on service update, are not used by any 
other service. i.e) check if external IP really not used by any service

Fixes #1154
 2021-08-18 14:59:04 -05:00
Lucas Mundim
401e4cfc64 fix(bgp_policies_test.go): Add missing import statement to all test cases 2021-08-13 18:14:20 -05:00
Lucas Mundim
69f8eebc24 fix(bgp_policies_test.go): fails if there are any unexpected statement 2021-08-13 18:14:20 -05:00
Aaron U'Ren
35d334ca96 fix: add sleeps between iptables and ipset cleanup 
I found that without taking a brief pause between iptables cleanup and
ipset deletion, sometimes the system still thought that there were
iptables references to the ipsets and would error instead of cleaning
the ipsets.
 2021-08-05 16:39:28 -05:00
Aaron U'Ren
cafd69dfaf fix(NRC): reduce logging for egress cleanup errors 
Errors can happen here for a lot of reasons, the user may not have been
running the controller, the definitions may have already been deleted,
the ipset may not be around to be referenced because the user already
cleaned up before.

Reduced the logging to trim user confusion over error statements in the
logs.
 2021-08-05 16:39:28 -05:00
Lucas Mundim
5156f878d6 Add a default route 0.0.0.0/8 import policy deny rule 2021-08-05 12:02:42 -05:00
Aaron U'Ren
06e246ff30 fix(NRC): PR feedback fixes 2021-07-30 12:59:32 -05:00
Aaron U'Ren
445ad9a1b5 fix(injectRoute): process withdrawls first 
Avoid extra and unneeded work by processing withdrawls first. Also makes
the logic a lot more clear.
 2021-07-30 12:59:32 -05:00
Aaron U'Ren
2e590a4185 fix(NRC): consolidate route delete logic 
This also makes the call that happens upon path withdrawl safer, by
checking to see if the route exists before deleting it.

One departure here is that we used to only log errors, now we return
errors as soon as they are encountered, this may cause some routes to
persist even if they had been cleaned before by stopping at the first
error. However, I think that it makes for more consistent and expected
behavior if this needs to be called in another place.
 2021-07-30 12:59:32 -05:00
Aaron U'Ren
d0501c0763 fix(injectRoute): cleanup tunnels & routes when peer drops 2021-07-30 12:59:32 -05:00
Aaron U'Ren
94640acf81 doc(injectRoute): improve comments on logic flow 2021-07-30 12:59:32 -05:00
Aaron U'Ren
4959da43a4 feat(NRC): reduce verbosity of log messages for common overlay cases 2021-07-30 12:59:32 -05:00
Aaron U'Ren
38222a350b fact(injectRoute): extract setupOverlayTunnel() and cleanupTunnels() 2021-07-30 12:59:32 -05:00
Aaron U'Ren
63c3b90e05 fact(injectRoute): extract parseBGPPath method to simplify 2021-07-30 12:59:32 -05:00
Aaron U'Ren
e9be04ef2f
fix: add nil checking to ipsetMutex cleanup actions (#1129) 2021-07-20 01:22:48 +05:30
Aaron U'Ren
fa8d69edd8 fix: add locking around ipset invocations 2021-06-01 10:42:08 -05:00
Aaron U'Ren
a610596277 fact(GetMTUFromNodeIP): move up a layer of abstraction 
This function is useful for more than just the NRC, move it up a layer
into the global utils so it can be used from multiple controllers.
 2021-05-17 16:33:15 -05:00
Aaron U'Ren
9cbc3763b3 feat(bgp): add BGP communities support via node annotation 2021-05-17 12:08:36 -05:00
Aaron U'Ren
ae9d0e31e8 fix(bgp_policies_test.go): actually test policy 
Previously, this section was commented out and full testing to ensure
that the policies matched was not performed. Now the unit tests are more
complete and actually test that the expected policies are present.
 2021-05-17 12:08:36 -05:00
Aaron U'Ren
fa7bcdeb06 fix(bgp_policies_test.go): use startBgpServer() 
Use startBgpServer() rather than doing things individually, so that we
can follow the logic path of how kube-router actually works better. This
allows us to use annotations rather than set stuff manually and allows
us to test more of the code-path of the NRC.

Additionally, this change allows us to actually test some errors better
such as, make sure that startBgpServer() actually throws the error we
expect when only one part of the prepend ASN annotation is present.
Previously, we were not actually testing this code path.
 2021-05-17 12:08:36 -05:00
Aaron U'Ren
a5d6560751 fact(bgp_policies_test): move BGP policy tests into their own file 2021-05-17 12:08:36 -05:00
Aaron U'Ren
ef827d3dbf fix: protect uint32 conversion 
See the following for more details:
https://github.com/cloudnativelabs/kube-router/security/code-scanning?query=ref%3Arefs%2Fpull%2F1065%2Fmerge+tool%3ACodeQL
 2021-04-14 16:23:59 -05:00
Aaron U'Ren
1816886cb4 fix: remove possible BGP password leak via logs 
See:
https://github.com/cloudnativelabs/kube-router/security/code-scanning/1?query=ref%3Arefs%2Fpull%2F1065%2Fmerge
 2021-04-14 16:23:59 -05:00
Aaron U'Ren
be01f317c7 fact: other misc cleanups 2021-04-14 16:23:59 -05:00
Aaron U'Ren
0faf772fbd fix: don't overload function names with vars 2021-04-14 16:23:59 -05:00
Aaron U'Ren
53cfbe30eb fix: return early when we might be holding nil references 2021-04-14 16:23:59 -05:00
Aaron U'Ren
4efa5ccc48 fact: remove function parameters that are never referenced 2021-04-14 16:23:59 -05:00
Aaron U'Ren
a86b3fad35 fact: handle errors from Close() explicitely 2021-04-14 16:23:59 -05:00
Aaron U'Ren
96675e620b fix: don't capitalize error messages 
It is standard practice in Go to not capitalize error messages:
https://github.com/golang/go/wiki/CodeReviewComments#error-strings
 2021-04-14 16:23:59 -05:00
Aaron U'Ren
e9c77d0a35 fix(comments): misspellings and bad doc strings 2021-04-14 16:23:59 -05:00
Manuel Rüger
7d47aefe7d Replace github.com/golang/glog with k8s.io/klog/v2 
glog is effectively unmaintained and the kubernetes ecosystem is mainly
using its fork klog

Fixes: #1051
 2021-04-11 13:16:03 -05:00
Murali Reddy
c309b276ae skip logging Error when there is no Service object for an Endpoint 2021-03-24 14:30:27 -05:00