Documentation ¶
Index ¶
Constants ¶
View Source
const (
NetnsPath = "/var/run/netns"
)
View Source
const (
PodNetNamespaceName = "pod"
)
Variables ¶
This section is empty.
Functions ¶
func EnableForwarding ¶
func EnableForwarding() error
func EnsurePodMasq ¶
Enable SNAT so the pod can communicate with the public internet. E.g. if the pod IP is 10.0.30.14:
iptables -t nat -N POD_MASQ_CHAIN iptables -t nat -A POSTROUTING -j POD_MASQ_CHAIN iptables -t nat -A POD_MASQ_CHAIN ! -o eth0 -j RETURN iptables -t nat -A POD_MASQ_CHAIN ! -s 10.0.30.14 -j RETURN iptables -t nat -A POD_MASQ_CHAIN -d 10.0.0.0/8 -j RETURN iptables -t nat -A POD_MASQ_CHAIN -d 172.16.0.0/12 -j RETURN iptables -t nat -A POD_MASQ_CHAIN -d 192.168.0.0/16 -j RETURN iptables -t nat -A POD_MASQ_CHAIN -j MASQUERADE
Types ¶
type NetNamespacer ¶
type NetNamespacer interface { Create() error WithNetNamespace(cb func() error) error CreateVeth(ipaddr string) error }
func NewNoopNetNamespacer ¶
func NewNoopNetNamespacer() NetNamespacer
func NewOSNetNamespacer ¶
func NewOSNetNamespacer(nsname string) NetNamespacer
type NoopNetNamespacer ¶
type NoopNetNamespacer struct { }
func (*NoopNetNamespacer) Create ¶
func (n *NoopNetNamespacer) Create() error
func (*NoopNetNamespacer) CreateVeth ¶
func (n *NoopNetNamespacer) CreateVeth(ipaddr string) error
func (*NoopNetNamespacer) WithNetNamespace ¶
func (n *NoopNetNamespacer) WithNetNamespace(cb func() error) error
type OSNetNamespacer ¶
type OSNetNamespacer struct {
NSName string
}
func (*OSNetNamespacer) Create ¶
func (n *OSNetNamespacer) Create() error
Start a new net namespace, and ensure it persists via creating a bind mount to it. We use NetnsPath to ensure "ip netns" interoperability, so e.g. "ip netns exec <nsname> ip link ls" will work.
func (*OSNetNamespacer) CreateVeth ¶
func (n *OSNetNamespacer) CreateVeth(ipaddr string) error
Create a veth pair, and move the second one into a net namespace.
func (*OSNetNamespacer) WithNetNamespace ¶
func (n *OSNetNamespacer) WithNetNamespace(cb func() error) error
Change to a net namespace temporarily, call a function, and switch back.
Click to show internal directories.
Click to hide internal directories.