* For HnsV2 we will only add outbound nat policy for single tenant scenario or if enableSnatForDns is true.
* adding comments to detail results of determineSnat func
Co-authored-by: Jaeryn <tsun.chu@microsoft.com>
* About to take debugging comments out
* Removed debugging statements and tested again
* Removed more debugging statements and unused method
* Made changes suggested by Tamilmani, tested again.
* Made spacing changes suggested by Tamilmani
* Triggering new tests to run
* Added EB rule for ip addresses in conflist for linux
* Made methods more generic and removed line from endpoint struct
* Adding log statement
* Fixed syntax error
* Made review2 changes
* Made review3 changes
* Made method lowercase
* Save enable snat on host settings after querying NMagent version
* Adding changes to exclude outbound snat for win cni if new NMAgent is running
* try to acquire lock file when writing to disableSnatOnHost.json
* addressed some of Tamilmani's comments
* Adding snat for DNS if current NMAgent does not support it yet
* Adding DNS NAT changes for Windows CNI
* vendoring HCSShim changes that support destination based SNATing
* Reverting k8s.io/api dependencies from master branch to last working version
* Addressing Tamilmani's comments
* syncing with an older version of k8s.io dependencies
* verify valid windows version before Dns NAT.
* only remove snat on windows when host has full support
* addressing Tamilmani's comments
* addressing Tamilmani's comments
* rebased and re-depped
This PR adds support for host NC bidirectional communication with windows HnsV2. This is supported in multitenant scenario only. AllowHostToNCCommunication and AllowNCToHostCommunication flags are used to enable Host to NC and NC to host communication respectively.
* Block IP Sppofing in linux multitenacy by verifying the source IP based on ovs port
* removed tag while adding portto ovs bridge
* addressed review comments
* addressed review comments
* allow inbound connection to container from host if the feature is enabled
* Allowinbound from host to NC if flag is enabled
* fixed old changes
* minor fixes
* added NC to host commn support
* added NCToHostCommunication field in cns contract
* addressed review comments
* addressed review comments
* addressed review comments
* address comments
* fixed space damage
* configure dns server on azure bridge for ubuntu versions > 18. Moved hns related apis from platform package to hsnclient package
* read dns server from interface instead of file and fixed few issues
* renturn error on fail to configure dns
* added unitest and fixed an issue in ReadFileByLines method
* added a UT
* addressed comments and added few tests to get code coverage
* confiure dns for ubuntu17 also
* corrected typo error of filename
Signed-off-by: John Howard <jhoward@microsoft.com>
- First, the store timeout is woefully low. Bumped to 20 seconds from 2 seconds.
This may fix https://github.com/Azure/azure-container-networking/issues/242#issuecomment-422701838
IMO, as only test code calls it non-blocked, why even have a block parameter to Lock()?
IMO also, why a timeout at all? They're always fraught with error and machine timing.
- Presence of a key should be checked using `raw, ok := hvs.data[key]`, not the current nil checked
- ErrKeyNotFound should be returned if the store file does not exist. It shouldn't ignore that error.
- Actually now reports if a timeout occurred correctly, along with non-block lock attempt when already locked.
- Serial pattern abuse in not always closing the lock file.
- Some golang correctness (errors should be lower case)
- go build ./... actually passes on Windows now - various compile errors previously.
- golang pattern conformance `if err:=<test>; err!=nil {....`
- Simplified timeout duration (no need for time.Duration(...))
Ramiro
Adelina Tuvenie
vivekagg-MSFT
Mathew Merrick
tamilmani1989
Jaeryn
PrIce Qian
Paul Johnston
Vipul Hattiwale
Ashvin Deodhar
tamilmani1989
Ashvin Deodhar
Vivek Aggarwal
Sushant Sharma
Yongli Chen
John Howard