metropolis: use interface groups This adds interface groups to all K8s pod interfaces via a CNI plugin patch and corresponding configuration. It also adds an interface group to the clusternet interface. Using these new interface groups the nftables rules for NAT can be simplified. These will also be used by the network policy plugin later. Change-Id: I4638a4349ccb12b8724ad28ae34bb61cac4b4ece Reviewed-on: https://review.monogon.dev/c/monogon/+/3814 Tested-by: Jenkins CI Reviewed-by: Jan Schär <jan@monogon.tech>

commit: 0dca6c91ea9b8a14278aeb3a1a8ba6b512479862 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Tue Jan 28 15:04:13 2025 +0100
committer: Lorenz Brun <lorenz@monogon.tech> Wed Feb 05 14:55:23 2025 +0000
tree: d3a4605fa9cefa9dccc79fe3df71d1e4335381a8
parent: b6ed72eabf092066a837fea4b68846376bd70e8a [diff] [blame]
diff --git a/metropolis/node/net_protocols.go b/metropolis/node/net_protocols.go
index 2e005fb..26dd0c0 100644
--- a/metropolis/node/net_protocols.go
+++ b/metropolis/node/net_protocols.go

@@ -7,3 +7,13 @@
 	// creating/removing routes pointing to the clusternet interface.
 	ProtocolClusternet int = 129
 )
+
+// Netlink link groups used for interface classification and traffic matching.
+const (
+	// LinkGroupK8sPod is set on all host side PtP interfaces going to K8s
+	// pods.
+	LinkGroupK8sPod uint32 = 8
+	// LinkGroupClusternet is set on all interfaces not needing SNAT from the
+	// K8s internal IPs.
+	LinkGroupClusternet uint32 = 9
+)
commit	0dca6c91ea9b8a14278aeb3a1a8ba6b512479862	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Tue Jan 28 15:04:13 2025 +0100
committer	Lorenz Brun <lorenz@monogon.tech>	Wed Feb 05 14:55:23 2025 +0000
tree	d3a4605fa9cefa9dccc79fe3df71d1e4335381a8
parent	b6ed72eabf092066a837fea4b68846376bd70e8a [diff] [blame]