apps/kubevpn
1
0
Fork 0
mirror of https://github.com/kubenetworks/kubevpn.git synced 2025-12-24 11:51:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ed2064edaccb30c42aed5ebacb8d44c1a7eb940
kubevpn/pkg/exchange/controller.go
wencaiwulue 1ed2064eda feature: Sort import
2022-06-22 10:49:27 +08:00

66 lines
2.0 KiB
Go
Raw Blame History

package exchange
import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
"github.com/wencaiwulue/kubevpn/config"
"github.com/wencaiwulue/kubevpn/util"
)
func RemoveContainer(spec *corev1.PodSpec) {
for i := 0; i < len(spec.Containers); i++ {
if spec.Containers[i].Name == config.SidecarVPN {
spec.Containers = append(spec.Containers[:i], spec.Containers[i+1:]...)
i--
}
}
}
func AddContainer(spec *corev1.PodSpec, c util.PodRouteConfig) {
// remove vpn container if already exist
RemoveContainer(spec)
t := true
zero := int64(0)
spec.Containers = append(spec.Containers, corev1.Container{
Name: config.SidecarVPN,
Image: config.ImageServer,
Command: []string{"/bin/sh", "-c"},
Args: []string{
"sysctl net.ipv4.ip_forward=1;" +
"iptables -F;" +
"iptables -P INPUT ACCEPT;" +
"iptables -P FORWARD ACCEPT;" +
"iptables -t nat -A PREROUTING ! -p icmp -j DNAT --to " + c.LocalTunIP + ";" +
"iptables -t nat -A POSTROUTING ! -p icmp -j MASQUERADE;" +
"sysctl -w net.ipv4.conf.all.route_localnet=1;" +
"iptables -t nat -A OUTPUT -o lo ! -p icmp -j DNAT --to-destination " + c.LocalTunIP + ";" +
"kubevpn serve -L 'tun://0.0.0.0:8421/" + c.TrafficManagerRealIP + ":8422?net=" + c.InboundPodTunIP + "&route=" + c.Route + "' --debug=true",
},
SecurityContext: &corev1.SecurityContext{
Capabilities: &corev1.Capabilities{
Add: []corev1.Capability{
"NET_ADMIN",
//"SYS_MODULE",
},
},
RunAsUser: &zero,
Privileged: &t,
},
Resources: corev1.ResourceRequirements{
Requests: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceCPU: resource.MustParse("128m"),
corev1.ResourceMemory: resource.MustParse("128Mi"),
},
Limits: map[corev1.ResourceName]resource.Quantity{
corev1.ResourceCPU: resource.MustParse("256m"),
corev1.ResourceMemory: resource.MustParse("256Mi"),
},
},
ImagePullPolicy: corev1.PullIfNotPresent,
})
if len(spec.PriorityClassName) == 0 {
spec.PriorityClassName = "system-cluster-critical"
}
}
Reference in New Issue View Git Blame Copy Permalink