Skip to content

Periodicaly sync iptables MASQUERADE rules #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 26, 2018
Merged

Periodicaly sync iptables MASQUERADE rules #619

merged 1 commit into from
Dec 26, 2018

Conversation

@bazuchan
Copy link
Contributor

Periodicaly sync iptables MASQUERADE rules, so they will be added back if deleted manually.

@murali-reddy
Copy link
Member

@bazuchan thanks for the PR.

calling ensureMasqueradeIptablesRule is sync loop make sense.

Though eventually I think, kube-router needs periodic full-sync and delta-sync (that is done per service/endpoint update). Anything that we add in sync() will add more delay now to processing updates to the api objects.

AppendUnique already does the exist check, so feel its redundant, did you see any issue?

@bazuchan
Copy link
Contributor Author

AppendUnique already does the exist check, so feel its redundant, did you see any issue?

Yes, I haven't checked that, it is indeed redundant. I will remove this part of pr. Also will changing log level to 2 for glog.V(1).Info("Successfully added iptables masquerad rule") be ok?

Anything that we add in sync() will add more delay now to processing updates to the api objects.

It's true, but either there is a way to manage all host firewall with kube-router or we need a full sync.

@bazuchan bazuchan force-pushed the iptables-periodic-sync branch from 9cea203 to 39fdd12 Compare December 26, 2018 08:41
@bazuchan bazuchan closed this Dec 26, 2018
@bazuchan bazuchan reopened this Dec 26, 2018
@murali-reddy
Copy link
Member

LGTM

@murali-reddy murali-reddy merged commit 34270e4 into cloudnativelabs:master Dec 26, 2018
@bazuchan bazuchan deleted the iptables-periodic-sync branch February 27, 2019 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bazuchan @murali-reddy