Documentation
¶
Index ¶
Constants ¶
View Source
const ( // RedirectAllMode indicates redirecting all ports. RedirectAllMode = "redirect-all" // RedirectListedMode indicates redirecting a given list of ports. RedirectListedMode = "redirect-listed" // IptablesPreroutingChainName specifies an iptables `PREROUTING` chain, // responsible for packets that just arrived at the network interface. IptablesPreroutingChainName = "PREROUTING" // IptablesOutputChainName specifies an iptables `OUTPUT` chain. IptablesOutputChainName = "OUTPUT" // IptablesMultiportLimit specifies the maximum number of port references per single iptables command. IptablesMultiportLimit = 15 )
Variables ¶
Functions ¶
func ConfigureFirewall ¶
func ConfigureFirewall(firewallConfiguration FirewallConfiguration) error
ConfigureFirewall configures a pod's internal iptables to redirect all desired traffic through the proxy, allowing for the pod to join the service mesh. A lot of this logic was based on https://github.com/istio/istio/blob/e83411e/pilot/docker/prepare_proxy.sh
Types ¶
type FirewallConfiguration ¶
type FirewallConfiguration struct {
Mode string
PortsToRedirectInbound []int
InboundPortsToIgnore []string
OutboundPortsToIgnore []string
ProxyInboundPort int
ProxyOutgoingPort int
ProxyUID int
SimulateOnly bool
NetNs string
UseWaitFlag bool
}
FirewallConfiguration specifies how to configure a pod's iptables.
Source Files
Click to show internal directories.
Click to hide internal directories.