Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / b682ba55d4a51babad2beebb470b0fef0e6067ca^! / . / third_party / go / patches
commitb682ba55d4a51babad2beebb470b0fef0e6067ca[log] [tgz]
authorLorenz Brun <lorenz@nexantic.com>Wed Jul 08 14:51:36 2020 +0200
committerLorenz Brun <lorenz@nexantic.com>Wed Jul 08 14:51:36 2020 +0200
treed94c2bb98f3a47896558d9cd4d2cc0271a4558c7
parentf85748717f32f0a74816de01b1e5f2e0104342c5 [diff]
Add service proxy

This adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.
Also adds support for masquerading outbound traffic for outbound network connectivity.

Test Plan:
Currently manually tested by creating an alpine pod and running 'apk add curl && curl -k https://192.168.188.1:443/'.
Will be covered later by CTS.

Bug: T810

X-Origin-Diff: phab/D580
GitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4

diff --git a/third_party/go/patches/nfproxy.patch b/third_party/go/patches/nfproxy.patch
new file mode 100644
index 0000000..307d3d4
--- /dev/null
+++ b/third_party/go/patches/nfproxy.patch

@@ -0,0 +1,36 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+Fix nfproxy compatibility with our version of Kubernetes/utilproxy
+--- com_github_sbezverk_nfproxy.orig/pkg/proxy/proxy_service.go	2020-07-16 14:24:06.901176302 +0200
++++ com_github_sbezverk_nfproxy/pkg/proxy/proxy_service.go	2020-07-16 14:08:34.118927035 +0200
+@@ -22,7 +22,6 @@
+ 	utilnftables "github.com/google/nftables"
+ 	"github.com/sbezverk/nfproxy/pkg/nftables"
+ 	v1 "k8s.io/api/core/v1"
+-	"k8s.io/apimachinery/pkg/types"
+ 	"k8s.io/klog"
+ 	utilproxy "k8s.io/kubernetes/pkg/proxy/util"
+ 	utilnet "k8s.io/utils/net"
+@@ -44,8 +43,7 @@
+ 		stickySeconds := int(*svc.Spec.SessionAffinityConfig.ClientIP.TimeoutSeconds)
+ 		klog.V(5).Infof("Service %s/%s has SessionAffinity set for %d seconds", svc.Namespace, svc.Name, stickySeconds)
+ 	}
+-	svcName := types.NamespacedName{Namespace: svc.Namespace, Name: svc.Name}
+-	if utilproxy.ShouldSkipService(svcName, svc) {
++	if utilproxy.ShouldSkipService(svc) {
+ 		return
+ 	}
+ 	for i := range svc.Spec.Ports {