Added Host NC communication support in Linux #374
Conversation
Codecov Report
@@ Coverage Diff @@
## master #374 +/- ##
=======================================
Coverage 40.01% 40.01%
=======================================
Files 25 25
Lines 3546 3546
=======================================
Hits 1419 1419
Misses 1927 1927
Partials 200 200Continue to review full report at Codecov.
|
tamilmani1989
changed the title
tamilmani1989
changed the title
| AllowInboundFromNCToHost bool | ||
| NetworkNameSpace string `json:",omitempty"` | ||
| ContainerID string | ||
| PODName string `json:",omitempty"` |
There was a problem hiding this comment.
i didn't change this..so not changing it
| EnableMultiTenancy bool | ||
| AllowInboundFromHostToNC bool | ||
| AllowInboundFromNCToHost bool | ||
| PODName string |
There was a problem hiding this comment.
i didn't change this..so not changing it
| AllowInboundFromHostToNC bool | ||
| AllowInboundFromNCToHost bool | ||
| PODName string | ||
| PODNameSpace string |
There was a problem hiding this comment.
i didn't change this..so not changing it
| IfName: ep.IfName, | ||
| ContainerID: ep.ContainerID, | ||
| NetNsPath: ep.NetworkNameSpace, | ||
| PODName: ep.PODName, |
There was a problem hiding this comment.
uncaps POD (see comments above)
ninzavivek
left a comment
ninzavivek
left a comment
There was a problem hiding this comment.
One generic comment, changes lack documentation. I recommend a line or two where you can do.
iptables/iptables.go
Outdated
| } | ||
|
|
||
| func RuleExists(tableName, chainName, match, target string) bool { | ||
| cmd := fmt.Sprintf("iptables -w 60 -t %s -C %s %s -j %s", tableName, chainName, match, target) |
There was a problem hiding this comment.
this is lock timeout. So if iptable couldn't grab lock for 60 seconds, it will exit. i can move that to constant
iptables/iptables.go
Outdated
| return nil | ||
| } | ||
|
|
||
| cmd := fmt.Sprintf("iptables -w 60 -t %s -I %s 1 %s -j %s", tableName, chainName, match, target) |
There was a problem hiding this comment.
I will recommend defining a constant for iptables command? It seems like you are using it at multiple places.
sure will do it. |
|
|
||
| import ( | ||
| "fmt" | ||
|
|
There was a problem hiding this comment.
goformat automatically does that
| if action == iptables.Insert { | ||
| err = iptables.InsertIptableRule(iptables.Filter, chainName, matchCondition, target) | ||
| } else if action == iptables.Append { | ||
| err = iptables.AppendIptableRule(iptables.Filter, chainName, matchCondition, target) |
…working into allowinbound_orcas # Conflicts: # network/endpoint_linux.go
3 participants
What this PR does / why we need it:
This PR added support for host to NC communication and NC to host communication. These are controlled by two dnc fields AllowHostToNCCommunication and AllowNCToHostCommunication. If both are true it allows two way communication.
Created iptable package and updated all places that used iptable commands.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
Release note: