- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 16 for rules (0.2 sec)
-
cni/pkg/nodeagent/net.go
} // pod is removed from the mesh, but is still running. remove iptables rules log.Debugf("calling DeleteInpodRules.") if err := s.netnsRunner(openNetns, func() error { return s.iptablesConfigurator.DeleteInpodRules() }); err != nil { log.Errorf("failed to delete inpod rules %v", err) return fmt.Errorf("failed to delete inpod rules %w", err) }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 12.2K bytes - Viewed (1) -
cni/pkg/nodeagent/server.go
} // Create hostprobe rules now, in the host netns // Later we will reuse this same configurator inside the pod netns for adding other rules iptablesConfigurator.DeleteHostRules() if err := iptablesConfigurator.CreateHostRulesForHealthChecks(&HostProbeSNATIP, &HostProbeSNATIPV6); err != nil { return nil, fmt.Errorf("error initializing the host rules for health checks: %w", err) }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 7.2K bytes - Viewed (0) -
cni/pkg/iptables/iptables.go
// Append our rules here builder := cfg.appendHostRules(hostSNATIP, hostSNATIPV6) log.Info("Adding host netnamespace iptables rules") if err := cfg.executeCommands(builder); err != nil { log.Errorf("failed to add host netnamespace iptables rules: %v", err) return err } return nil }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue May 07 19:54:50 GMT 2024 - 19.7K bytes - Viewed (0) -
cni/pkg/repair/netns.go
// in a pod, we cannot just access any arbitrary file they happen to bind mount in, as we don't know ahead of time where // it might be. // // Instead, we rely directly on the procfs. // This rules out two possible methods: // * use crictl to inspect the pod; this returns the bind-mounted network namespace file. // * /var/lib/cni/results shows the outputs of CNI plugins; this containers the bind-mounted network namespace file.
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Wed Dec 20 22:14:13 GMT 2023 - 4.8K bytes - Viewed (0) -
cni/pkg/iptables/iptables_linux.go
inpodMarkRule.Mark = InpodTProxyMark inpodMarkRule.Mask = InpodTProxyMask inpodMarkRule.Priority = 32764 rules = append(rules, inpodMarkRule) } for _, rule := range rules { log.Debugf("Iterating netlink rule : %+v", rule) if err := f(rule); err != nil { return fmt.Errorf("failed to configure netlink rule: %w", err) } } return nil } func AddLoopbackRoutes(cfg *Config) error {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 3.3K bytes - Viewed (0) -
cni/pkg/nodeagent/net_test.go
err := netServer.DelPodFromMesh(ctx, pod) assert.NoError(t, err) assert.Equal(t, ztunnelServer.deletedPods.Load(), 1) // with delete iptables is not called, as there is no need to delete the iptables rules // from a pod that's gone from the cluster. assert.Equal(t, nlDeps.DelInpodMarkIPRuleCnt.Load(), 0) assert.Equal(t, nlDeps.DelLoopbackRoutesCnt.Load(), 0) // make sure the uid was taken from cache and netns closed
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Tue Apr 30 22:24:38 GMT 2024 - 16.4K bytes - Viewed (0) -
istioctl/pkg/authz/analyzer_test.go
}, ClientStatus: 453, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { var buf bytes.Buffer a.Print(&buf) expectedOutput := "ACTION AuthorizationPolicy RULES\n" actualOutput := buf.String() if !reflect.DeepEqual(expectedOutput, actualOutput) { t.Errorf("Found %v, wanted %v", actualOutput, expectedOutput) } }) }
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sun Apr 21 17:42:54 GMT 2024 - 2.8K bytes - Viewed (0) -
cni/pkg/plugin/sidecar_intercept_rule_mgr.go
Ben Leggett <******@****.***> 1707525115 -0500
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat Feb 10 00:31:55 GMT 2024 - 940 bytes - Viewed (0) -
cni/pkg/repair/repaircontroller.go
} else if c.cfg.LabelPods { return c.labelBrokenPod(pod) } return nil } // repairPod actually dynamically repairs a pod. This is done by entering the pods network namespace and setting up rules. // This differs from the general CNI plugin flow, which triggers before the pod fully starts. // Additionally, we need to jump through hoops to find the network namespace. func (c *Controller) repairPod(pod *corev1.Pod) error {
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat Feb 10 00:31:55 GMT 2024 - 10.4K bytes - Viewed (0) -
cni/pkg/plugin/plugin_dryrun_test.go
if err != nil { log.Fatalf("Cannot read generated IPTables rule file: %v", err) } generatedRules := getRules(generated) refreshGoldens(t, tt.golden, generatedRules) // Compare generated iptables rule with golden files. golden, err := os.ReadFile(tt.golden) if err != nil { log.Fatalf("Cannot read golden rule file: %v", err) } goldenRules := getRules(golden)
Go - Registered: Wed May 08 22:53:08 GMT 2024 - Last Modified: Sat Feb 10 00:31:55 GMT 2024 - 8.4K bytes - Viewed (0)