Skip to content

Commit

Permalink
refactor(transparent-proxy): simplify more tproxy configuration (#10206)
Browse files Browse the repository at this point in the history
- Got rid of unnecessary internal `defaultConfig` function

  We had `defaultConfig` and `DefaultConfig`, where latter was just
  calling former function.

- Simplified configuration handling by removing `MergeConfigWithDefaults`

  This commit removed the unnecessary and hard-to-maintain
  `MergeConfigWithDefaults` function. Instead, we now use `DefaultConfig`
  directly and explicitly set modified values in commands like
  `kumactl install transparent-proxy` and CNI.

  I've also streamlined the `transparentProxyArgs` structure by removing
  parameters that can be directly configured via the `Config` structure.
  This paves the way for potentially removing this intermediate structure
  altogether in the future, although that would involve more complex
  changes in flag parsing.

- Added `StoreFirewalld` parameter to `Config` structure

  I think it's the logical place for this value as it's basically part of
  the configuration.

- Replaced writes to Writers with pure `fmt.Fprintln` to make code cleaner

  We don't have to cast string literals to `[]byte` now and don't have to
  explicitly ignore errors.

Signed-off-by: Bart Smykla <bartek@smykla.com>
Signed-off-by: Ilya Lobkov <ilya.lobkov@konghq.com>
  • Loading branch information
bartsmykla authored and lobkovilya committed May 15, 2024
1 parent 78bf5b6 commit 2863d8c
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 330 deletions.
46 changes: 20 additions & 26 deletions app/cni/pkg/cni/injector_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ func Inject(netns string, logger logr.Logger, intermediateConfig *IntermediateCo
}

func mapToConfig(intermediateConfig *IntermediateConfig, logWriter *bufio.Writer) (*config.Config, error) {
cfg := config.DefaultConfig()

port, err := convertToUint16("inbound port", intermediateConfig.targetPort)
if err != nil {
return nil, err
Expand All @@ -88,20 +90,13 @@ func mapToConfig(intermediateConfig *IntermediateConfig, logWriter *bufio.Writer
return nil, err
}

cfg := config.Config{
RuntimeStdout: logWriter,
Owner: config.Owner{
UID: intermediateConfig.noRedirectUID,
},
Redirect: config.Redirect{
Outbound: config.TrafficFlow{
Enabled: true,
Port: port,
ExcludePorts: excludePorts,
ExcludePortsForUIDs: excludePortsForUIDsParsed,
},
},
}
cfg.Verbose = true
cfg.RuntimeStdout = logWriter
cfg.Owner.UID = intermediateConfig.noRedirectUID
cfg.Redirect.Outbound.Enabled = true
cfg.Redirect.Outbound.Port = port
cfg.Redirect.Outbound.ExcludePorts = excludePorts
cfg.Redirect.Outbound.ExcludePortsForUIDs = excludePortsForUIDsParsed

isGateway, err := GetEnabled(intermediateConfig.isGateway)
if err != nil {
Expand Down Expand Up @@ -133,12 +128,11 @@ func mapToConfig(intermediateConfig *IntermediateConfig, logWriter *bufio.Writer
if err != nil {
return nil, err
}
cfg.Redirect.Inbound = config.TrafficFlow{
Enabled: true,
Port: inboundPort,
PortIPv6: inboundPortV6,
ExcludePorts: excludedPorts,
}

cfg.Redirect.Inbound.Enabled = true
cfg.Redirect.Inbound.Port = inboundPort
cfg.Redirect.Inbound.PortIPv6 = inboundPortV6
cfg.Redirect.Inbound.ExcludePorts = excludedPorts
}

useBuiltinDNS, err := GetEnabled(intermediateConfig.builtinDNS)
Expand All @@ -150,13 +144,13 @@ func mapToConfig(intermediateConfig *IntermediateConfig, logWriter *bufio.Writer
if err != nil {
return nil, err
}
cfg.Redirect.DNS = config.DNS{
Enabled: true,
Port: builtinDnsPort,
CaptureAll: true,
ConntrackZoneSplit: true,
}

cfg.Redirect.DNS.Enabled = true
cfg.Redirect.DNS.Port = builtinDnsPort
cfg.Redirect.DNS.CaptureAll = true
cfg.Redirect.DNS.ConntrackZoneSplit = true
}

return &cfg, nil
}

Expand Down
Loading

0 comments on commit 2863d8c

Please sign in to comment.