mirror of
https://github.com/kubenetworks/kubevpn.git
synced 2025-12-24 11:51:13 +08:00
support ack
This commit is contained in:
p_caiwfeng
29
pkg/main.go
29
pkg/main.go
@@ -60,11 +60,14 @@ func init() {
|
||||
}
|
||||
|
||||
func prepare() {
|
||||
k8sCIDR, err := getCIDR(clientset, namespace)
|
||||
k8sCIDRs, err := getCIDR(clientset, namespace)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
list := []string{k8sCIDR.String()}
|
||||
var list []string
|
||||
for _, ipNet := range k8sCIDRs {
|
||||
list = append(list, ipNet.String())
|
||||
}
|
||||
|
||||
trafficManager := net.IPNet{
|
||||
IP: net.IPv4(192, 168, 254, 100),
|
||||
@@ -79,7 +82,7 @@ func prepare() {
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
pod, err := remote.CreateServerOutbound(clientset, namespace, &trafficManager, k8sCIDR)
|
||||
pod, err := remote.CreateServerOutbound(clientset, namespace, &trafficManager, k8sCIDRs)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
@@ -173,28 +176,40 @@ func start() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func getCIDR(clientset *kubernetes.Clientset, ns string) (*net.IPNet, error) {
|
||||
func getCIDR(clientset *kubernetes.Clientset, ns string) (result []*net.IPNet, err error) {
|
||||
var cidrs []*net.IPNet
|
||||
if nodeList, err := clientset.CoreV1().Nodes().List(context.TODO(), metav1.ListOptions{}); err == nil {
|
||||
for _, node := range nodeList.Items {
|
||||
if _, ip, err := net.ParseCIDR(node.Spec.PodCIDR); err == nil && ip != nil {
|
||||
ip.Mask = net.IPv4Mask(255, 255, 0, 0)
|
||||
return ip, nil
|
||||
cidrs = append(cidrs, ip)
|
||||
err = nil
|
||||
}
|
||||
}
|
||||
}
|
||||
if services, err := clientset.CoreV1().Services(ns).List(context.TODO(), metav1.ListOptions{}); err == nil {
|
||||
for _, service := range services.Items {
|
||||
if ip := net.ParseIP(service.Spec.ClusterIP); ip != nil {
|
||||
return &net.IPNet{IP: ip, Mask: net.IPv4Mask(255, 255, 0, 0)}, nil
|
||||
cidrs = append(cidrs, &net.IPNet{IP: ip, Mask: net.IPv4Mask(255, 255, 0, 0)})
|
||||
}
|
||||
}
|
||||
}
|
||||
if podList, err := clientset.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{}); err == nil {
|
||||
for _, pod := range podList.Items {
|
||||
if ip := net.ParseIP(pod.Status.PodIP); ip != nil {
|
||||
return &net.IPNet{IP: ip, Mask: net.IPv4Mask(255, 255, 0, 0)}, nil
|
||||
cidrs = append(cidrs, &net.IPNet{IP: ip, Mask: net.IPv4Mask(255, 255, 0, 0)})
|
||||
}
|
||||
}
|
||||
}
|
||||
tempMap := make(map[string]*net.IPNet)
|
||||
for _, cidr := range cidrs {
|
||||
if _, found := tempMap[cidr.String()]; !found {
|
||||
tempMap[cidr.String()] = cidr
|
||||
result = append(result, cidr)
|
||||
}
|
||||
}
|
||||
if len(result) != 0 {
|
||||
return
|
||||
}
|
||||
return nil, fmt.Errorf("can not found cidr")
|
||||
}
|
||||
|
||||
@@ -14,10 +14,11 @@ import (
|
||||
"kubevpn/util"
|
||||
"net"
|
||||
"sort"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
||||
func CreateServerOutbound(clientset *kubernetes.Clientset, namespace string, serverIp, nodeCIDR *net.IPNet) (*v1.Pod, error) {
|
||||
func CreateServerOutbound(clientset *kubernetes.Clientset, namespace string, serverIp *net.IPNet, nodeCIDR []*net.IPNet) (*v1.Pod, error) {
|
||||
firstPod, i, err3 := polymorphichelpers.GetFirstPod(clientset.CoreV1(),
|
||||
namespace,
|
||||
fields.OneTermEqualSelector("app", util.TrafficManager).String(),
|
||||
@@ -30,6 +31,17 @@ func CreateServerOutbound(clientset *kubernetes.Clientset, namespace string, ser
|
||||
if err3 == nil && i != 0 && firstPod != nil {
|
||||
return firstPod, nil
|
||||
}
|
||||
args := []string{
|
||||
"sysctl net.ipv4.ip_forward=1",
|
||||
"iptables -F",
|
||||
"iptables -P INPUT ACCEPT",
|
||||
"iptables -P FORWARD ACCEPT",
|
||||
"iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE",
|
||||
}
|
||||
for _, ipNet := range nodeCIDR {
|
||||
args = append(args, "iptables -t nat -A POSTROUTING -s "+ipNet.String()+" -o eth0 -j MASQUERADE")
|
||||
}
|
||||
args = append(args, "gost -L socks5://:10800 -L tun://:8421?net="+serverIp.String()+" -D")
|
||||
|
||||
t := true
|
||||
zero := int64(0)
|
||||
@@ -46,23 +58,7 @@ func CreateServerOutbound(clientset *kubernetes.Clientset, namespace string, ser
|
||||
Name: "vpn",
|
||||
Image: "naison/kubevpn:latest",
|
||||
Command: []string{"/bin/sh", "-c"},
|
||||
Args: []string{
|
||||
"sysctl net.ipv4.ip_forward=1;" +
|
||||
"iptables -F;" +
|
||||
"iptables -P INPUT ACCEPT;" +
|
||||
"iptables -P FORWARD ACCEPT;" +
|
||||
"iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o eth0 -j MASQUERADE;" +
|
||||
"iptables -t nat -A POSTROUTING -s " + nodeCIDR.String() + " -o eth0 -j MASQUERADE;" +
|
||||
"gost -L socks5://:10800 -L tun://:8421?net=" + serverIp.String() + " -D",
|
||||
},
|
||||
// todo get pod ip
|
||||
Lifecycle: &v1.Lifecycle{
|
||||
PostStart: &v1.Handler{
|
||||
Exec: &v1.ExecAction{
|
||||
Command: []string{"env"},
|
||||
},
|
||||
},
|
||||
},
|
||||
Args: []string{strings.Join(args, ";")},
|
||||
SecurityContext: &v1.SecurityContext{
|
||||
Capabilities: &v1.Capabilities{
|
||||
Add: []v1.Capability{
|
||||
|
||||
Reference in New Issue
Block a user