commit b682ba55d4a51babad2beebb470b0fef0e6067ca
author Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
committer Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
tree d94c2bb98f3a47896558d9cd4d2cc0271a4558c7
parent f85748717f32f0a74816de01b1e5f2e0104342c5

Add service proxy

This adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.
Also adds support for masquerading outbound traffic for outbound network connectivity.

Test Plan:
Currently manually tested by creating an alpine pod and running 'apk add curl && curl -k https://192.168.188.1:443/'.
Will be covered later by CTS.

Bug: T810

X-Origin-Diff: phab/D580
GitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4

third_party/go/repositories.bzl

diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index c4e21c6..042aadb 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -1258,6 +1258,22 @@
         sum = "h1:0U2s5loxrTy6/VgfVoLuVLFJcURKLH49ie0zSch7gh4=",
     )
     go_repository(
+        name = "com_github_sbezverk_nfproxy",
+        importpath = "github.com/sbezverk/nfproxy",
+        version = "v0.0.0-20200514180651-7fac5f39824e",
+        sum = "h1:fJ2lHQ7ZUjmgJbvVQ509ioBmrGHcbvlwfjUieExw/dU=",
+        patches = [
+            "//third_party/go/patches:nfproxy.patch",
+        ],
+        patch_args = ["-p1"],
+    )
+    go_repository(
+        name = "com_github_sbezverk_nftableslib",
+        importpath = "github.com/sbezverk/nftableslib",
+        version = "v0.0.0-20200402150358-c20bed91f482",
+        sum = "h1:k7gEZ/EwJhHDTRXFUZQlE4/p1cmoha7zL7PWCDG3ZHQ=",
+    )
+    go_repository(
         name = "com_github_seccomp_libseccomp_golang",
         importpath = "github.com/seccomp/libseccomp-golang",
         version = "v0.9.1",