kube-router

mirrors/kube-router

Fork 0

mirror of https://github.com/cloudnativelabs/kube-router.git synced 2025-10-08 00:11:07 +02:00

Commit Graph

Author	SHA1	Message	Date
Bryan Zubrod	342ea5ac9f	Prevent masquerading pod -> NodeIP traffic (#174 ) * Move getNodeIP logic to utils package Remove redundant ipset lookups utils.NewIPSet() does this for us. * Don't masquerade pod -> nodeAddrsIPSet traffic Previously with Pod egress enabled, this would get masqueraded. This change also adds cleanup for said ipset. * Enhanced cleanup of Pod egress, overlay networking - Delete old/bad pod egress iptables rule(s) from old versions - When pod egress or overlay are disabled, cleanup as needed * Update IPSet.Sets to map type * ipset enhancements - Avoid providing method that would delete all ipset sets on a system - New method DestroyAllWithin() destroys sets tracked by an IPSet - Create() now handles cases where Sets/System state are not in sync - Refresh() now handles leftover -temp set gracefully - Swap() now uses ipset swap - Delete() improved sync of Sets and system state - Get() now validates if map element exists before trying - etc * Update routes controller to reflect ipset changes	2017-10-07 04:14:13 -05:00
ryarnyah	3debbfa4e2	Cleanup ipset create function + restore (#177 ) * Cleanup ipset create function + restore. Fix #176 Switch from array to map to simplify set use * Add sets initialization on create	2017-10-06 15:58:48 -05:00
Ryar Nyah	3431a1831f	Delete ipset dependency + delete unused ipsets	2017-09-25 21:17:25 +02:00

Author

SHA1

Message

Date

Bryan Zubrod

342ea5ac9f

Prevent masquerading pod -> NodeIP traffic (#174 )

* Move getNodeIP logic to utils package

Remove redundant ipset lookups

utils.NewIPSet() does this for us.

* Don't masquerade pod -> nodeAddrsIPSet traffic

Previously with Pod egress enabled, this would get masqueraded.
This change also adds cleanup for said ipset.

* Enhanced cleanup of Pod egress, overlay networking

- Delete old/bad pod egress iptables rule(s) from old versions
- When pod egress or overlay are disabled, cleanup as needed

* Update IPSet.Sets to map type

* ipset enhancements

- Avoid providing method that would delete all ipset sets on a system
- New method DestroyAllWithin() destroys sets tracked by an IPSet
- Create() now handles cases where Sets/System state are not in sync
- Refresh() now handles leftover -temp set gracefully
- Swap() now uses ipset swap
- Delete() improved sync of Sets and system state
- Get() now validates if map element exists before trying
- etc

* Update routes controller to reflect ipset changes

2017-10-07 04:14:13 -05:00

ryarnyah

3debbfa4e2

Cleanup ipset create function + restore (#177 )

* Cleanup ipset create function + restore. Fix #176

Switch from array to map to simplify set use

* Add sets initialization on create

2017-10-06 15:58:48 -05:00

Ryar Nyah

3431a1831f

Delete ipset dependency + delete unused ipsets

2017-09-25 21:17:25 +02:00

3 Commits