Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 52700ae56c5d541e711fbd5f27373b3dc200f8dc^! / . / go.sum
commit52700ae56c5d541e711fbd5f27373b3dc200f8dc[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Tue Jan 28 15:07:08 2025 +0100
committerLorenz Brun <lorenz@monogon.tech>Tue Feb 11 15:05:46 2025 +0000
treeed5e75883fc44d14f7824b0a5ed40a6ab650923e
parente8beaed8dcde2c198e91addb0baa884079363581 [diff] [blame]
m/n/k8s: add nftables network policy controller

This integrates my K8s network policy controller. In its current form it
does not have many guarantees as the custom CNI plugin is not yet in
there but it mostly works. Also there is still a DNS hole as host-local
services are not properly policed yet.

It has a basic smoke test using the connectivity testing helper as well
as some metrics to make sure it is integrated properly and to be able to
monitor its performance.

Change-Id: Ia2f54b9975361270678ce742ae5e32df25e515c5
Reviewed-on: https://review.monogon.dev/c/monogon/+/3740
Tested-by: Jenkins CI
Reviewed-by: Jan Schär <jan@monogon.tech>

diff --git a/go.sum b/go.sum
index c838a8d..8e15075 100644
--- a/go.sum
+++ b/go.sum

@@ -1356,6 +1356,8 @@
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
+git.dolansoft.org/dolansoft/k8s-nft-npc v0.0.0-20250205205926-b7f770fa8391 h1:VcDYYx80mOeRWBwBr2Hs1grbz1E1Tmf0yrJEZuF2L6U=
+git.dolansoft.org/dolansoft/k8s-nft-npc v0.0.0-20250205205926-b7f770fa8391/go.mod h1:JVUzK3P8vcS9HGrEDu4Ye+Ll4g3hxJr/DDYkpiuNZik=
 git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
@@ -2535,6 +2537,8 @@
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
+github.com/igrmk/treemap/v2 v2.0.1 h1:Jhy4z3yhATvYZMWCmxsnHO5NnNZBdueSzvxh6353l+0=
+github.com/igrmk/treemap/v2 v2.0.1/go.mod h1:PkTPvx+8OHS8/41jnnyVY+oVsfkaOUZGcr+sfonosd4=
 github.com/illumos/go-kstat v0.0.0-20210513183136-173c9b0a9973 h1:hk4LPqXIY/c9XzRbe7dA6qQxaT6Axcbny0L/G5a4owQ=
 github.com/illumos/go-kstat v0.0.0-20210513183136-173c9b0a9973/go.mod h1:PoK3ejP3LJkGTzKqRlpvCIFas3ncU02v8zzWDW+g0FY=
 github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=