contiv / vpp / 1122 / 1
66%
master: 66%

DEFAULT BRANCH: master
Ran
Files 29
Run time 1s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 75.396% (-0.3%) from 75.731%
GO_BUILD_TAGS=mockvpp

push

travis-ci

brecode 
[WIP, READY FOR REVIEW] Integration of policies with services and the Internet access (#609)

* Keep kube-system pods accessible regardless of the policies installed.

Pods should be able to access kubernetes services (e.g. DNS)
even if they are isolated from the kube-system namespace by the
installed K8s network policies.
However, this is not the case in the opposite direction.
Policy may disallow kube-system pod to conntact pod from another
namespace.

* Update NAT binary APIs.

* Expose default GW IP via Contiv plugin API.

* SNAT traffic leaving cluster network.

This commit implements source NATing for all traffic leaving the cluster
network, which in effect opens up the Internet access for all pods.
The SNAT was included into the Service plugin in order to keep the NAT-related
configuration all in one place.

The solution is to add the IP address of the default GW interface into
the pool of VPP/NAT44 addresses and to enable postrouting on that
interface.

The traffic going between cluster nodes should not be NATed otherwise
the ACLs of the destination node would no longer match against
pod IPs, but rather against node IPs, which breaks the semantic.
It is possible to separate external traffic from the internal one
only with the assistance of VXLANs, therefore the SNAT is not supported
and gets disabled in the L2-only mode.

* Add API to the Contiv plugin to get pod ID by the application namespace

* Get rid of the uneccessary ContivRule ID.

* Order ContivRules by the size of the traffic matched.

* Renderer cache API - cache unified for both ACL and VPPTCP renderer

RendererCache combines capabilites of the VPPTCP and ACL caches
under a unified interface.

The rules are grouped into tables (ContivRuleTable type) and the
configuration is represented as a list of local tables, applied
on the ingress or the egress side of pods, and a single global table,
applied on the interfaces connecting the node wit... (continued)

4425 of 5869 relevant lines covered (75.4%)

38.85 hits per line

Source Files on job 1122.1 (GO_BUILD_TAGS=mockvpp)