spidernet-io / egressgateway Goto Github PK
View Code? Open in Web Editor NEWNetwork egress policy for Kubernetes
Home Page: https://spidernet-io.github.io/egressgateway/
License: Apache License 2.0
egressgateway's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
bzsuni cyclinder ty-dc rangyang windsonsea ihuibin adamdang jiecloud songjoy stella0621 jeanine-tw chong19951021 kasmoghaile9 icarus9913 ii2dayegressgateway's Issues
observability
The iptables rules are not cleared when the agent exits.
after changing the mac address of egress.vxlan on the node, the mac address did not restore its original value based on the egressnode cr status.tunnelMac
Describe the version
egressgateway v0.1.0
Describe the bug
after changing the mac address of egress.vxlan on the node, the mac address did not restore its original value based on the egressnode cr status.tunnelMac
Hwo To Reproduce
Steps to reproduce the issue:
- check egressnode cr egressgateway-worker status.tunnelMac
- change the egress.vxlan mac address
- the mac address did not restore its original value based on the egressnode cr status.tunnelMac
Expected behavior
the mac address should restore its original value based on the egressnode cr status.tunnelMac
can egressgateway and metallb work together?
Describe the version
Describe the bug
Consider a pod(located in node A) backing a LoadBalancer service, and the pod is matched an egress rule: the packets of pod access to external forwarded via Node B.
Now I announced the loadBalancer IP to node A via metallb L2 mode. In this case, the LB IP cannot be accessed by clients outside the cluster.
- External client:
1.1.1.1 - LoadBalancer(announced in nodeA):
10.6.212.100 - Backend Pod IP(in nodeA):
10.244.0.1 - EgressGateway:
Node B - Node A IP:
10.6.212.101 - Node B IP:
10.6.212.102
package flow:
request package: 1.1.1.1(client) -> 10.6.212.100(lb IP) -> Node A -> dnat -> 10.244.0.1
reply package: 10.244.0.1 -> match egressRule -> Node B -> ?(drop)
Hwo To Reproduce
Steps to reproduce the issue:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots and log
If applicable, add screenshots and log to help explain your problem.
Additional context
Add any other context about the problem here.
feature: udp support
Night CI 2022-11-10: Failed
Night CI 2022-12-13: Failed
Any docs for install or quick_start?
Documentation issue
- miss documentation
- documentation go wrong
Night CI 2022-11-10: Failed
Night CI 2022-12-16: Failed
Helm chart README.md generation check CI is not working
Night CI 2023-04-17: Failed
Night CI 2022-11-10: Failed
Night CI 2022-12-14: Failed
Work in default calico config (chainInsertMode )
Work in default calico config.
In most use cases the chainInsertMode is set to the default value.
Would we improve the egress gateway to support calico chainInsertMode=Insert
the status.physicalInterface of the egressnode cr have not been upgrade after i changed the node interface name
Describe the version
egressgateway v0.1.0
Describe the bug
the status.physicalInterface of the egressnode cr have not been upgrade after i changed the node interface name
Hwo To Reproduce
Steps to reproduce the issue:
- change the interface name of one one of your cluster
- check the status.physicalInterface of the egressnode cr on the node
Expected behavior
we expect that the status.physicalInterface of the egressnode cr would be upgraded same with the node interface name
Screenshots and log
Night CI 2022-12-17: Failed
Night CI 2022-11-10: Failed
eBPF datapath mode
Night CI 2022-11-22: Failed
Night CI 2022-11-10: Failed
Support make update_chart_version on macOS
- Support make update_chart_version on macOS
- Update the image tag of values at the same time
Dependency bot failed to upgrade k8s.io/client-go
refer to: #217
feature: test performance and stability
e2e case design
Night CI 2022-12-16: Failed
Night CI 2022-12-15: Failed
datapath model
1 verify datapath model with calico cilium macvlan
2 update datapath designe markdown
3 tcp udp websocket
feature: websocket support
Night CI 2023-03-30: Failed
Night CI 2023-02-20: Failed
Night CI 2022-12-18: Failed
EgressGateway CR Status not update
When EgressGateway creation preceded node labeling, EgressGateway CR status not updated.
Bug reported by @bzsuni.
Night CI 2022-11-10: Failed
proposal: package structural
├── api
│ └── v1
├── charts
├── cmd
│ ├── agent
│ │ ├── cmd
│ │ │ └── root.go
│ │ └── main.go
│ └── controller
│ ├── cmd
│ │ └── root.go
│ └── main.go
├── docs
├── images
├── output
├── pkg
│ ├── config
│ │ └── config.go
│ ├── agent
│ │ ├── agent.go
│ │ ├── egress_gateway_node.go
│ │ ├── egress_node.go
│ │ ├── egress_police.go
│ │ ├── ipset
│ │ │ ├── ipset.go
│ │ │ └── types.go
│ │ ├── iptables
│ │ │ └── iptables.go
│ │ ├── route
│ │ │ └── route.go
│ │ └── vxlan
│ │ └── vxlan.go
│ ├── controller
│ │ ├── allocator
│ │ │ └── interface.go
│ │ ├── controller.go
│ │ ├── controller_test.go
│ │ ├── egress_gateway_node.go
│ │ ├── node.go
│ │ └── webhook
│ │ ├── mutating.go
│ │ └── validate.go
│ ├── k8s
│ ├── lock
│ ├── logger
│ ├── metrics
│ ├── profiling
│ ├── schema
│ └── types
├── test
├── tools
└── vendor
update egress gateway status failed
Describe the version
0.1.0 rc1
Describe the bug
A clear and concise description of what the bug is.
{
"msg":"Reconciler error%!(EXTRA []interface {}=[])",
"error":"EgressGateway.egressgateway.spidernet.io "default" is invalid: status.nodeList.interfaceStatus: Invalid value: "null": status.nodeList.interfaceStatus in body must be of type array: "null"
}Night CI 2023-03-16: Failed
EgressNode failed to update its status
Support select vxlan parent
Fix in #179
docs pages style not work
On README.md, 'police' is misspelled.
rp_filter=0
the egress need rp_filter=0
it could refer to cilium code
https://github.com/cilium/cilium/blob/master/tools/sysctlfix/main.go#L39
helm chart has warn
Warning: spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[1].matchExpressions[0].key: beta.kubernetes.io/os is deprecated since v1.14; use "kubernetes.io/os" instead
There are deprecated warnings in the build release image CI
The `save-state` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Fix multi route not update
Describe the version
Describe the bug
A clear and concise description of what the bug is.
workstation:~$ ip r show table 50
default
nexthop via 192.200.168.78 dev egress.vxlan weight 1
nexthop via 192.200.230.246 dev egress.vxlan weight 1
workstation:~$ ip r show table 50
default via 192.200.168.78 dev egress.vxlan
Hwo To Reproduce
Steps to reproduce the issue:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots and log
If applicable, add screenshots and log to help explain your problem.
Additional context
Add any other context about the problem here.
Night CI 2023-03-13: Failed
nettools opt
(1) 优化1 , server
(2) 优化2 , client
client ,可以是 支持 压测 用法,输入 命令行参数 “目标地址(v4 v6)” “tps” “压测时间” “每个请求的超时时间定义” 等等,
最终输出 成功率 等等输出
后续 E2E 压测等,皆可 复用该 程序
feature: EIP support
customize the snat of egress source ip
Night CI 2022-11-10: Failed
The non-gateway node where the Pod resides lacks the iptables rule
Describe the version
v0.1.0
Describe the bug
root@dual-worker2:/#
root@dual-worker2:/# iptables -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 6450 packets, 389K bytes)
pkts bytes target prot opt in out source destination
6461 389K KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
0 0 DOCKER_POSTROUTING all -- * * 0.0.0.0/0 172.18.0.1
6294 379K FLANNEL-POSTRTG all -- * * 0.0.0.0/0 0.0.0.0/0 /* flanneld masq */
# After the agent is restarted, the ACCEPT rule is restored. This problem may also exist in other ACCEPT rules
root@dual-worker2:/# iptables -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 6484 packets, 391K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* egw:OucywG_GSKckREz8 */ mark match 0x12000000
6496 392K KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
0 0 DOCKER_POSTROUTING all -- * * 0.0.0.0/0 172.18.0.1
6328 381K FLANNEL-POSTRTG all -- * * 0.0.0.0/0 0.0.0.0/0 /* flanneld masq */
root@dual-worker2:/#
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.