metropolis: use interface groups This adds interface groups to all K8s pod interfaces via a CNI plugin patch and corresponding configuration. It also adds an interface group to the clusternet interface. Using these new interface groups the nftables rules for NAT can be simplified. These will also be used by the network policy plugin later. Change-Id: I4638a4349ccb12b8724ad28ae34bb61cac4b4ece Reviewed-on: https://review.monogon.dev/c/monogon/+/3814 Tested-by: Jenkins CI Reviewed-by: Jan Schär <jan@monogon.tech>

commit: 0dca6c91ea9b8a14278aeb3a1a8ba6b512479862 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Tue Jan 28 15:04:13 2025 +0100
committer: Lorenz Brun <lorenz@monogon.tech> Wed Feb 05 14:55:23 2025 +0000
tree: d3a4605fa9cefa9dccc79fe3df71d1e4335381a8
parent: b6ed72eabf092066a837fea4b68846376bd70e8a [diff] [blame]
diff --git a/go.mod b/go.mod
index fff9184..e99fe47 100644
--- a/go.mod
+++ b/go.mod

@@ -65,7 +65,7 @@
 	github.com/cockroachdb/cockroach-go/v2 v2.2.10
 	github.com/container-storage-interface/spec v1.9.0
 	github.com/containerd/containerd/v2 v2.0.1
-	github.com/containernetworking/plugins v1.5.1
+	github.com/containernetworking/plugins v1.6.1
 	github.com/coreos/go-semver v0.3.1
 	github.com/corverroos/commentwrap v0.0.0-20191204065359-2926638be44c
 	github.com/diskfs/go-diskfs v1.2.0
@@ -83,9 +83,10 @@
 	github.com/google/uuid v1.6.0
 	github.com/iancoleman/strcase v0.3.0
 	github.com/improbable-eng/grpc-web v0.15.0
-	github.com/insomniacslk/dhcp v0.0.0-20231016090811-6a2c8fbdcc1c
+	github.com/insomniacslk/dhcp v0.0.0-20240829085014-a3a4c1f04475
 	github.com/joho/godotenv v1.4.0
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
+	github.com/klauspost/compress v1.17.11
 	github.com/lib/pq v1.10.9
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/mdlayher/arp v0.0.0-20220512170110-6706a2966875
@@ -125,7 +126,7 @@
 	golang.org/x/crypto v0.28.0
 	golang.org/x/net v0.30.0
 	golang.org/x/sync v0.8.0
-	golang.org/x/sys v0.26.0
+	golang.org/x/sys v0.27.0
 	golang.org/x/term v0.25.0
 	golang.org/x/text v0.19.0
 	golang.org/x/time v0.7.0
@@ -207,7 +208,7 @@
 	github.com/containerd/zfs/v2 v2.0.0-rc.0 // indirect
 	github.com/containernetworking/cni v1.2.3 // indirect
 	github.com/containers/ocicrypt v1.2.0 // indirect
-	github.com/coreos/go-iptables v0.7.0 // indirect
+	github.com/coreos/go-iptables v0.8.0 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cosiner/argv v0.1.0 // indirect
@@ -293,7 +294,6 @@
 	github.com/jsimonetti/rtnetlink v1.4.1 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/karrick/godirwalk v1.17.0 // indirect
-	github.com/klauspost/compress v1.17.11
 	github.com/kr/fs v0.1.0 // indirect
 	github.com/kr/pty v1.1.8 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
@@ -308,7 +308,7 @@
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mattn/go-sqlite3 v1.14.17 // indirect
 	github.com/mattn/go-xmlrpc v0.0.3 // indirect
-	github.com/mdlayher/socket v0.5.0 // indirect
+	github.com/mdlayher/socket v0.5.1 // indirect
 	github.com/mdlayher/vsock v1.2.1 // indirect
 	github.com/mdlayher/wifi v0.1.0 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
@@ -341,7 +341,7 @@
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pganalyze/pg_query_go/v4 v4.2.3 // indirect
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
-	github.com/pierrec/lz4/v4 v4.1.18 // indirect
+	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pingcap/errors v0.11.5-0.20210425183316-da1aaba5fb63 // indirect
 	github.com/pingcap/failpoint v0.0.0-20220801062533-2eaa32854a6c // indirect
 	github.com/pingcap/log v1.1.0 // indirect
@@ -359,7 +359,7 @@
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/rs/cors v1.8.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/safchain/ethtool v0.4.0 // indirect
+	github.com/safchain/ethtool v0.5.9 // indirect
 	github.com/sassoftware/go-rpmutils v0.1.1 // indirect
 	github.com/sbezverk/nftableslib v0.0.0-20221012061059-e05e022cec75 // indirect
 	github.com/seccomp/libseccomp-golang v0.10.0 // indirect
@@ -371,7 +371,7 @@
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 // indirect
-	github.com/u-root/uio v0.0.0-20230220225925-ffce2a382923 // indirect
+	github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
 	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/urfave/cli v1.22.15 // indirect
 	github.com/urfave/cli/v2 v2.27.5 // indirect
@@ -439,6 +439,7 @@
 	nhooyr.io/websocket v1.8.6 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/knftables v0.0.18 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect
 	sigs.k8s.io/kustomize/kustomize/v5 v5.5.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
commit	0dca6c91ea9b8a14278aeb3a1a8ba6b512479862	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Tue Jan 28 15:04:13 2025 +0100
committer	Lorenz Brun <lorenz@monogon.tech>	Wed Feb 05 14:55:23 2025 +0000
tree	d3a4605fa9cefa9dccc79fe3df71d1e4335381a8
parent	b6ed72eabf092066a837fea4b68846376bd70e8a [diff] [blame]