mirrors/kube-router
1
0
Fork 0
mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-11-18 19:41:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
823 Commits 23 Branches 102 Tags
Commit Graph

92 Commits

Author SHA1 Message Date
Aaron U'Ren
3771745872 fix(customimportreject): reject all in subnet 
Changes the custom import reject annotation support to not only block
the given subnet exactly, but also all subnets of the subnet given.

For example, this change blocks 10.100.100.0/24 when customimportreject
annotation has 10.100.0.0/16 in it.
 2022-03-23 09:27:38 -05:00
Lucas Mundim
badf8645be feat(bgp): add custom BGP import rejection policy support via node annotation 2022-03-23 09:27:38 -05:00
Aaron U'Ren
4fd7bc4d19 fix(sync_routes): add deletion / immediate syncing 
Added the following items to the original logic:
* Added map route entry deletion on withdrawl so that the system doesn't
  incorrectly sync it back to the kernel's routing table
* Added an immediate route sync upon BGP path receive
* Added a mutex to ensure that deleted routes aren't accidentally synced
  back to the system
* Added stopCh and wg (wait group) handling
* Increase default sync time from 15 seconds to 1 minute since this
  scenario is unlikely and netlink calls could potentially be burdensome
  in large clusters.
 2022-03-18 15:02:02 -05:00
RusoX89
23ac78cf94 Routes Synchronization Routine 2022-03-18 15:02:02 -05:00
Tamihiro Lee
1db19931a2 skip binding device to ipip tunnel if node's interface is loopback 2022-03-11 16:41:14 -06:00
Tamihiro Lee
184976a536 start peering connection to neighbors from node's advertise-ip 2022-03-11 16:19:00 -06:00
Aaron U'Ren
b9a9246e8e fix(lint): don't error on deprecated protobuf funcs 2021-12-02 12:13:31 +01:00
Xiang Liu
8e7d585217 fix(bgp): use PeerState_ESTABLISHED logic like function name(#1184) 2021-11-08 15:14:01 -06:00
Aaron U'Ren
5e1d033a44 fix(sysctl): revert is fatal check for some conditions 2021-09-13 17:39:28 -05:00
Aaron U'Ren
8f3861de40 fact(sysctl): consolidate sysctl usage into utils 2021-09-11 16:20:07 -05:00
Aaron U'Ren
1d90e215e9 feat(.golangci.yml): enable stylecheck linter and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
85f28411dc feat(.golangci.yml): enable long lines linter and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
874a746e30 feat(.golangci.yml): enable gosec and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
6208bfac46 feat(.golangci.yml): enable gomnd and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
f52fddddee feat(.golangci.yml): enable gocritic and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
d6ccc22519 feat(.golangci.yml): enable goconst and remediate 2021-09-11 16:20:07 -05:00
Aaron U'Ren
35d334ca96 fix: add sleeps between iptables and ipset cleanup 
I found that without taking a brief pause between iptables cleanup and
ipset deletion, sometimes the system still thought that there were
iptables references to the ipsets and would error instead of cleaning
the ipsets.
 2021-08-05 16:39:28 -05:00
Aaron U'Ren
cafd69dfaf fix(NRC): reduce logging for egress cleanup errors 
Errors can happen here for a lot of reasons, the user may not have been
running the controller, the definitions may have already been deleted,
the ipset may not be around to be referenced because the user already
cleaned up before.

Reduced the logging to trim user confusion over error statements in the
logs.
 2021-08-05 16:39:28 -05:00
Aaron U'Ren
06e246ff30 fix(NRC): PR feedback fixes 2021-07-30 12:59:32 -05:00
Aaron U'Ren
445ad9a1b5 fix(injectRoute): process withdrawls first 
Avoid extra and unneeded work by processing withdrawls first. Also makes
the logic a lot more clear.
 2021-07-30 12:59:32 -05:00
Aaron U'Ren
2e590a4185 fix(NRC): consolidate route delete logic 
This also makes the call that happens upon path withdrawl safer, by
checking to see if the route exists before deleting it.

One departure here is that we used to only log errors, now we return
errors as soon as they are encountered, this may cause some routes to
persist even if they had been cleaned before by stopping at the first
error. However, I think that it makes for more consistent and expected
behavior if this needs to be called in another place.
 2021-07-30 12:59:32 -05:00
Aaron U'Ren
d0501c0763 fix(injectRoute): cleanup tunnels & routes when peer drops 2021-07-30 12:59:32 -05:00
Aaron U'Ren
94640acf81 doc(injectRoute): improve comments on logic flow 2021-07-30 12:59:32 -05:00
Aaron U'Ren
4959da43a4 feat(NRC): reduce verbosity of log messages for common overlay cases 2021-07-30 12:59:32 -05:00
Aaron U'Ren
38222a350b fact(injectRoute): extract setupOverlayTunnel() and cleanupTunnels() 2021-07-30 12:59:32 -05:00
Aaron U'Ren
63c3b90e05 fact(injectRoute): extract parseBGPPath method to simplify 2021-07-30 12:59:32 -05:00
Aaron U'Ren
e9be04ef2f
fix: add nil checking to ipsetMutex cleanup actions (#1129) 2021-07-20 01:22:48 +05:30
Aaron U'Ren
fa8d69edd8 fix: add locking around ipset invocations 2021-06-01 10:42:08 -05:00
Aaron U'Ren
a610596277 fact(GetMTUFromNodeIP): move up a layer of abstraction 
This function is useful for more than just the NRC, move it up a layer
into the global utils so it can be used from multiple controllers.
 2021-05-17 16:33:15 -05:00
Aaron U'Ren
9cbc3763b3 feat(bgp): add BGP communities support via node annotation 2021-05-17 12:08:36 -05:00
Aaron U'Ren
ef827d3dbf fix: protect uint32 conversion 
See the following for more details:
https://github.com/cloudnativelabs/kube-router/security/code-scanning?query=ref%3Arefs%2Fpull%2F1065%2Fmerge+tool%3ACodeQL
 2021-04-14 16:23:59 -05:00
Aaron U'Ren
1816886cb4 fix: remove possible BGP password leak via logs 
See:
https://github.com/cloudnativelabs/kube-router/security/code-scanning/1?query=ref%3Arefs%2Fpull%2F1065%2Fmerge
 2021-04-14 16:23:59 -05:00
Aaron U'Ren
be01f317c7 fact: other misc cleanups 2021-04-14 16:23:59 -05:00
Aaron U'Ren
53cfbe30eb fix: return early when we might be holding nil references 2021-04-14 16:23:59 -05:00
Aaron U'Ren
96675e620b fix: don't capitalize error messages 
It is standard practice in Go to not capitalize error messages:
https://github.com/golang/go/wiki/CodeReviewComments#error-strings
 2021-04-14 16:23:59 -05:00
Manuel Rüger
7d47aefe7d Replace github.com/golang/glog with k8s.io/klog/v2 
glog is effectively unmaintained and the kubernetes ecosystem is mainly
using its fork klog

Fixes: #1051
 2021-04-11 13:16:03 -05:00
Murali Reddy
40512f104a serialize the iptables changes by NRC and NPC while starting 2021-03-18 09:21:22 -05:00
yydzhou
49b9add056
Making IPIP/tunnel and override-nexthop independent (#1025) 
* enable tunnel plus override-nexthop config

* add docs

* feedback integration

Co-authored-by: deng.zhou <deng.zhou@bytedance.com>
 2021-02-09 18:44:56 +05:30
Murali Reddy
54b921f1f8 Merge remote-tracking branch 'iamakulov/master' 2021-01-04 16:56:41 +05:30
Murali Reddy
92b914e7fd review comments 2020-10-01 23:00:36 -05:00
Murali Reddy
7904b7c950 addressing review comments 2020-10-01 23:00:36 -05:00
Murali Reddy
947bb246e4 fix lint error 2020-10-01 23:00:36 -05:00
Murali Reddy
db1bd5611e set mtu in cni spec to auto configure MTU's of the pod's veth's and kube-bridge interfaces 
Fixes #165
 2020-10-01 23:00:36 -05:00
Aaron U'Ren
824614d162
Add Support for Reading Peer Passwords via a File (#986) 
* Add support for reading peer passwords via a file

Syntax of the file is the same as for --peer-router-passwords, that is,
a comma separated list of base64 encoded passwords.

Passwords specified with --peer-router-passwords have precedence over
passwords read from peer-router-passwords-file.

* fix(options): peer password file linting and doc

Co-authored-by: Jean Raby <jean@raby.sh>
 2020-09-08 16:16:21 -05:00
Murali Reddy
3c734fb96a
merge gobgp-update into master (#982) 
* merge gobgp-update into master

* update travis.yaml go version:

* go get github.com/osrg/gobgp to build gobgp

* install git as go get needs it
 2020-09-07 10:27:58 +05:30
Ivan Akulov
1a487d2140
Remove options passed to .Refresh() 
To match the existing code behavior that existed for at least two years
 2020-08-19 21:50:37 +03:00
Murali Reddy
a33089d292
[testing] run go linters (#943) 
* run go linters for static code checking

* fix(lint): fix all goimports linting errors

* fix(lint): fix all golint errors

* fix(lint): fix all spelling errors

Co-authored-by: Aaron U'Ren <aauren@gmail.com>
 2020-07-28 23:52:41 +05:30
Aaron U'Ren
031a9926d6
Merge pull request #786 from jdrahos/rr_ipv4_785 
Allow to configure RR cluster id using IPv4 strings
 2020-07-16 09:41:13 -05:00
CloudNativer
1c184624d1
The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices. (#921) 
The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices.
 2020-07-13 09:10:31 -05:00
Jean Raby
1c594b2827 Allow setting BGP Graceful restart time from CLI 
Default value remains the same as GoBGP (90s)
 2020-07-10 13:57:04 -05:00