refactor: remove options netstack (#673)

* refactor: remove options netstack * refactor: remove options netstack * refactor: forward chain use gvisor tcp * refactor: docs * refactor: remove forwarder options * refactor: optimize code * refactor: remove node type "tcp://" * hotfix: packet read from tun needs to handle by gvisor * hotfix: fix charts * refactor: remove parameter engine
2025-12-24 11:51:13 +08:00 · 2025-07-27 17:26:14 +08:00
parent 5a97a5d6e2
commit 38584da9d3
39 changed files with 206 additions and 516 deletions
--- a/pkg/inject/controller.go
+++ b/pkg/inject/controller.go
@@ -59,7 +59,7 @@ iptables -t nat -A PREROUTING ! -p icmp ! -s 127.0.0.1 ! -d ${CIDR4} -j DNAT --t
 ip6tables -t nat -A PREROUTING ! -p icmp ! -s 0:0:0:0:0:0:0:1 ! -d ${CIDR6} -j DNAT --to :15006
 iptables -t nat -A POSTROUTING ! -p icmp ! -s 127.0.0.1 ! -d ${CIDR4} -j MASQUERADE
 ip6tables -t nat -A POSTROUTING ! -p icmp ! -s 0:0:0:0:0:0:0:1 ! -d ${CIDR6} -j MASQUERADE
-kubevpn server -l "tun:/localhost:8422?net=${TunIPv4}&net6=${TunIPv6}&route=${CIDR4}" -f "tcp://${TrafficManagerService}:10800"`,
+kubevpn server -l "tun:/tcp://${TrafficManagerService}:10801?net=${TunIPv4}&net6=${TunIPv6}&route=${CIDR4}"`,
 		},
 		Env: []v1.EnvVar{
 			{
@@ -178,9 +178,10 @@ func AddEnvoyContainer(spec *v1.PodTemplateSpec, ns, nodeID string, ipv6 bool, m
 	spec.Spec.Containers = append(spec.Spec.Containers, v1.Container{
 		Name:    config.ContainerSidecarVPN,
 		Image:   image,
-		Command: []string{"/bin/sh", "-c"},
-		Args: []string{`
-kubevpn server -l "ssh://:2222"`,
+		Command: []string{"kubevpn"},
+		Args: []string{
+			"server",
+			"-l ssh://:2222",
 		},
 		Resources: v1.ResourceRequirements{
 			Requests: map[v1.ResourceName]resource.Quantity{
@@ -193,10 +194,7 @@ kubevpn server -l "ssh://:2222"`,
 			},
 		},
 		ImagePullPolicy: v1.PullIfNotPresent,
-		SecurityContext: &v1.SecurityContext{
-			RunAsUser:  pointer.Int64(0),
-			RunAsGroup: pointer.Int64(0),
-		},
+		SecurityContext: &v1.SecurityContext{},
 	})
 	spec.Spec.Containers = append(spec.Spec.Containers, v1.Container{
 		Name:  config.ContainerSidecarEnvoyProxy,
--- a/pkg/inject/exchange.go
+++ b/pkg/inject/exchange.go
@@ -104,7 +104,7 @@ iptables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv4}
 ip6tables -t nat -A PREROUTING ! -p icmp -j DNAT --to ${LocalTunIPv6}
 iptables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE
 ip6tables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE
-kubevpn server -l "tun:/127.0.0.1:8422?net=${TunIPv4}&net6=${TunIPv6}&route=${CIDR4}" -f "tcp://${TrafficManagerService}:10800"`,
+kubevpn server -l "tun:/tcp://${TrafficManagerService}:10801?net=${TunIPv4}&net6=${TunIPv6}&route=${CIDR4}"`,
 		},
 		SecurityContext: &corev1.SecurityContext{
 			Capabilities: &corev1.Capabilities{
--- a/pkg/inject/fargate.go
+++ b/pkg/inject/fargate.go
@@ -93,9 +93,6 @@ func InjectEnvoyAndSSH(ctx context.Context, nodeID string, f cmdutil.Factory, ma
 		return err
 	}

-	if !util.IsK8sService(current) {
-		return nil
-	}
 	// 2) modify service containerPort to envoy listener port
 	err = ModifyServiceTargetPort(ctx, clientset, object.Namespace, current.Name, containerPort2EnvoyListenerPort)
 	if err != nil {