k3s has removed some standard plugins, which we need. So fork and add it back.
Go to file
Alban Bedel 5e0fbd8374 portmap: Apply the DNAT hairpin to the whole subnet
The DNAT hairpin rule only allow the container itself to access the
ports it is exposing thru the host IP. Other containers in the same
subnet might also want to access this service via the host IP, so
apply this rule to the whole subnet instead of just for the container.

This is particularly useful with setups using a reverse proxy for
https. With such a setup connections between containers (for ex.
oauth2) have to downgrade to http, or need complex dns setup to make
use of the internal IP of the reverse proxy. On the other hand going
thru the host IP is easy as that is probably what the service name
already resolve to.

Signed-off-by: Alban Bedel <albeu@free.fr>
--
v2: Fixed the tests
v3: Updated iptables rules documentation in README.md
v4: Fixed the network addresses in README.md to match iptables output
2020-04-17 16:27:57 +02:00
integration integration: fix ip address collision in integration tests 2019-11-11 13:36:21 +01:00
pkg [DO NOT REVIEW] vendor upate to remove useless dependencies 2020-03-17 14:30:28 +08:00
plugins portmap: Apply the DNAT hairpin to the whole subnet 2020-04-17 16:27:57 +02:00
scripts add support for mips64le 2020-01-06 15:51:47 +08:00
vendor [DO NOT REVIEW] vendor upate to remove useless dependencies 2020-03-17 14:30:28 +08:00
.gitignore Update Vendor 2018-09-21 00:34:07 +08:00
.travis.yml add support for mips64le 2020-01-06 15:51:47 +08:00
build_linux.sh Move over to go mod from dep 2019-06-26 02:07:23 -07:00
build_windows.sh Move over to go mod from dep 2019-06-26 02:07:23 -07:00
CONTRIBUTING.md Merge pull request #396 from oshothebig/contributing-doc 2019-10-09 10:21:03 -05:00
DCO Add missing DCO 2018-10-11 16:15:24 +01:00
go.mod [DO NOT REVIEW] vendor upate to remove useless dependencies 2020-03-17 14:30:28 +08:00
go.sum [DO NOT REVIEW] vendor upate to remove useless dependencies 2020-03-17 14:30:28 +08:00
LICENSE Initial commit 2017-03-10 16:46:52 +01:00
OWNERS.md owners: updates for maintainer changes 2020-02-19 10:23:21 -06:00
README.md Add Check support to firewall meta plugin, test cases 2019-04-12 14:37:21 -04:00
RELEASING.md Add release process 2017-07-11 13:57:49 -07:00
test_linux.sh testutils: newNS() works in a rootless user namespace 2019-10-19 12:04:53 +02:00
test_windows.sh Move Windows tests to Travis 2018-12-10 14:43:32 -08:00
Vagrantfile update Go version in Vagrantfile 2019-07-09 16:51:00 -07:00

Build Status

plugins

Some CNI network plugins, maintained by the containernetworking team. For more information, see the individual READMEs.

Read CONTRIBUTING for build and test instructions.

Plugins supplied:

Main: interface-creating

  • bridge: Creates a bridge, adds the host and the container to it.
  • ipvlan: Adds an ipvlan interface in the container.
  • loopback: Set the state of loopback interface to up.
  • macvlan: Creates a new MAC address, forwards all traffic to that to the container.
  • ptp: Creates a veth pair.
  • vlan: Allocates a vlan device.
  • host-device: Move an already-existing device into a container.

Windows: windows specific

  • win-bridge: Creates a bridge, adds the host and the container to it.
  • win-overlay: Creates an overlay interface to the container.

IPAM: IP address allocation

  • dhcp: Runs a daemon on the host to make DHCP requests on behalf of the container
  • host-local: Maintains a local database of allocated IPs
  • static: Allocate a static IPv4/IPv6 addresses to container and it's useful in debugging purpose.

Meta: other plugins

  • flannel: Generates an interface corresponding to a flannel config file
  • tuning: Tweaks sysctl parameters of an existing interface
  • portmap: An iptables-based portmapping plugin. Maps ports from the host's address space to the container.
  • bandwidth: Allows bandwidth-limiting through use of traffic control tbf (ingress/egress).
  • sbr: A plugin that configures source based routing for an interface (from which it is chained).
  • firewall: A firewall plugin which uses iptables or firewalld to add rules to allow traffic to/from the container.

Sample

The sample plugin provides an example for building your own plugin.