commit b682ba55d4a51babad2beebb470b0fef0e6067ca
author Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
committer Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
tree d94c2bb98f3a47896558d9cd4d2cc0271a4558c7
parent f85748717f32f0a74816de01b1e5f2e0104342c5

Add service proxy

This adds a service proxy based on nfproxy and changes to the service IP allocation to make it work.
Also adds support for masquerading outbound traffic for outbound network connectivity.

Test Plan:
Currently manually tested by creating an alpine pod and running 'apk add curl && curl -k https://192.168.188.1:443/'.
Will be covered later by CTS.

Bug: T810

X-Origin-Diff: phab/D580
GitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4

third_party/go/shelf.pb.text

diff --git a/third_party/go/shelf.pb.text b/third_party/go/shelf.pb.text
index 85372be..9d77503 100644
--- a/third_party/go/shelf.pb.text
+++ b/third_party/go/shelf.pb.text
@@ -1959,6 +1959,20 @@
   semver: "v0.2.1-0.20190427202633-1595213edefa"
 >
 entry: <
+  import_path: "github.com/sbezverk/nfproxy"
+  version: "7fac5f39824e7f34228b08ba8b7640770ca6a9f4"
+  bazel_name: "com_github_sbezverk_nfproxy"
+  sum: "h1:fJ2lHQ7ZUjmgJbvVQ509ioBmrGHcbvlwfjUieExw/dU="
+  semver: "v0.0.0-20200514180651-7fac5f39824e"
+>
+entry: <
+  import_path: "github.com/sbezverk/nftableslib"
+  version: "v0.0.0-20200402150358-c20bed91f482"
+  bazel_name: "com_github_sbezverk_nftableslib"
+  sum: "h1:k7gEZ/EwJhHDTRXFUZQlE4/p1cmoha7zL7PWCDG3ZHQ="
+  semver: "v0.0.0-20200402150358-c20bed91f482"
+>
+entry: <
   import_path: "github.com/seccomp/libseccomp-golang"
   version: "689e3c1541a84461afc49c1c87352a6cedf72e9c"
   bazel_name: "com_github_seccomp_libseccomp_golang"