Documentation ¶
Overview ¶
Package iptables manages iptables-related configuration for Cilium.
Index ¶
- func KernelHasNetfilter() bool
- type IptablesManager
- func (m *IptablesManager) Init()
- func (m *IptablesManager) InstallProxyRules(proxyPort uint16, ingress bool, name string) error
- func (m *IptablesManager) InstallRules(ifName string) error
- func (m *IptablesManager) RemoveProxyRules(proxyPort uint16, ingress bool, name string) error
- func (m *IptablesManager) RemoveRules()
- func (m *IptablesManager) SupportsOriginalSourceAddr() bool
- func (m *IptablesManager) TransientRulesEnd(quiet bool)
- func (m *IptablesManager) TransientRulesStart(ifName string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KernelHasNetfilter ¶
func KernelHasNetfilter() bool
KernelHasNetfilter probes whether iptables related modules are present in the kernel and returns true if indeed the case, else false.
Types ¶
type IptablesManager ¶
type IptablesManager struct {
// contains filtered or unexported fields
}
IptablesManager manages the iptables-related configuration for Cilium.
func (*IptablesManager) Init ¶
func (m *IptablesManager) Init()
Init initializes the iptables manager and checks for iptables kernel modules availability.
func (*IptablesManager) InstallProxyRules ¶
func (m *IptablesManager) InstallProxyRules(proxyPort uint16, ingress bool, name string) error
func (*IptablesManager) InstallRules ¶
func (m *IptablesManager) InstallRules(ifName string) error
InstallRules installs iptables rules for Cilium in specific use-cases (most specifically, interaction with kube-proxy).
func (*IptablesManager) RemoveProxyRules ¶ added in v1.6.0
func (m *IptablesManager) RemoveProxyRules(proxyPort uint16, ingress bool, name string) error
func (*IptablesManager) RemoveRules ¶ added in v1.5.0
func (m *IptablesManager) RemoveRules()
RemoveRules removes iptables rules installed by Cilium.
func (*IptablesManager) SupportsOriginalSourceAddr ¶
func (m *IptablesManager) SupportsOriginalSourceAddr() bool
func (*IptablesManager) TransientRulesEnd ¶ added in v1.5.6
func (m *IptablesManager) TransientRulesEnd(quiet bool)
TransientRulesEnd removes Cilium related rules installed from TransientRulesStart.
func (*IptablesManager) TransientRulesStart ¶ added in v1.5.6
func (m *IptablesManager) TransientRulesStart(ifName string) error
TransientRulesStart installs iptables rules for Cilium that need to be kept in-tact during agent restart which removes/installs its main rules. Transient rules are then removed once iptables rule update cycle has completed. This is mainly due to interactions with kube-proxy.