Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 52700ae56c5d541e711fbd5f27373b3dc200f8dc
commit52700ae56c5d541e711fbd5f27373b3dc200f8dc[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Tue Jan 28 15:07:08 2025 +0100
committerLorenz Brun <lorenz@monogon.tech>Tue Feb 11 15:05:46 2025 +0000
treeed5e75883fc44d14f7824b0a5ed40a6ab650923e
parente8beaed8dcde2c198e91addb0baa884079363581 [diff]
m/n/k8s: add nftables network policy controller

This integrates my K8s network policy controller. In its current form it
does not have many guarantees as the custom CNI plugin is not yet in
there but it mostly works. Also there is still a DNS hole as host-local
services are not properly policed yet.

It has a basic smoke test using the connectivity testing helper as well
as some metrics to make sure it is integrated properly and to be able to
monitor its performance.

Change-Id: Ia2f54b9975361270678ce742ae5e32df25e515c5
Reviewed-on: https://review.monogon.dev/c/monogon/+/3740
Tested-by: Jenkins CI
Reviewed-by: Jan Schär <jan@monogon.tech>
10 files changed
tree: ed5e75883fc44d14f7824b0a5ed40a6ab650923e
  1. .github/
  2. .vscode/
  3. build/
  4. cloud/
  5. go/
  6. intellij/
  7. metropolis/
  8. osbase/
  9. third_party/
  10. tools/
  11. version/
  12. .bazelignore
  13. .bazelproject
  14. .bazelrc
  15. .bazelrc.ci
  16. .bazelrc.sandboxroot
  17. .bazelversion
  18. .git-ignore-revs
  19. .gitignore
  20. BUILD.bazel
  21. CODING_STANDARDS.md
  22. go.mod
  23. go.sum
  24. LICENSE
  25. MODULE.bazel
  26. MODULE.bazel.lock
  27. README.md
  28. SETUP.md
  29. shell.nix
  30. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later! In the meantime, join us on Matrix (#monogon-os-community:matrix.org) or Discord.

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

The source code lives in //metropolis (Metropolis is the codename of Monogon OS).

See the //metropolis/README.md for a developer quick start guide, or see the Monogon OS Handbook for user documentation.