Skip to content

k-web-s/setup-nft-redirect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
assets/usr/local/sbin
assets/usr/local/sbin
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

setup-nft-redirect

A helper image to set up tcp/udp port redirects. Useful within k8s with kube-router and dsr until it supports port mapping (https://github.com/cloudnativelabs/kube-router/blob/master/docs/dsr.md#things-to-lookout-for).

Usage

Usually containers run without root privileges, thus they cannot bind to privileged ports. To keep this restriction and allow for privileged ports to be used as service ports, a port-mapping can be setup. The following deployment example shows this:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginxinc/nginx-unprivileged
        name: nginx-unprivileged
      initContainers:
      - image: ghcr.io/k-web-s/setup-nft-redirect
        name: setup-redirect
        args:
        - tcp:80:8080
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
      securityContext:
        runAsNonRoot: true

About

Image to setup tcp/udp redirects using nft

Topics

kubernetes nftables direct-server-return kube-router rootless-container initcontainer

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages 1

 

Languages