From 90f4c9fb4894cfc23ac666d94302e6a45c1da851 Mon Sep 17 00:00:00 2001 From: walnuts1018 Date: Tue, 27 Aug 2024 11:34:56 +0900 Subject: [PATCH] rename dummy device Signed-off-by: walnuts1018 --- config/samples/nat-client.yaml | 2 ++ dockerfiles/Dockerfile.egress-controller | 3 ++- dockerfiles/Dockerfile.nat-gateway | 7 +++++-- internal/fou/fou.go | 5 ++++- internal/nat/nat.go | 8 ++++++-- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/config/samples/nat-client.yaml b/config/samples/nat-client.yaml index 01b776f..f194eb9 100644 --- a/config/samples/nat-client.yaml +++ b/config/samples/nat-client.yaml @@ -22,5 +22,7 @@ spec: - name: nat-client image: ghcr.io/cybozu/ubuntu-debug:22.04 command: ["sleep"] + securityContext: + privileged: true args: - infinity diff --git a/dockerfiles/Dockerfile.egress-controller b/dockerfiles/Dockerfile.egress-controller index 023a6c9..bdf1001 100644 --- a/dockerfiles/Dockerfile.egress-controller +++ b/dockerfiles/Dockerfile.egress-controller @@ -16,7 +16,8 @@ COPY cmd/egress-controller/main.go cmd/egress-controller/main.go COPY api/ api/ COPY internal/ internal/ -RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o egress-controller cmd/egress-controller/main.go +RUN --mount=type=cache,target=/go/pkg/mod/ \ + CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o egress-controller cmd/egress-controller/main.go FROM ghcr.io/cybozu/ubuntu:22.04 WORKDIR / diff --git a/dockerfiles/Dockerfile.nat-gateway b/dockerfiles/Dockerfile.nat-gateway index 4b9609f..2e10461 100644 --- a/dockerfiles/Dockerfile.nat-gateway +++ b/dockerfiles/Dockerfile.nat-gateway @@ -16,11 +16,14 @@ COPY cmd/nat-gateway/main.go cmd/nat-gateway/main.go COPY api/ api/ COPY internal/ internal/ -RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o nat-gateway cmd/nat-gateway/main.go +RUN --mount=type=cache,target=/go/pkg/mod/ \ + CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o nat-gateway cmd/nat-gateway/main.go FROM ghcr.io/cybozu/ubuntu:22.04 WORKDIR / -RUN apt-get -yy update && apt-get install -yy netbase kmod iptables iproute2 +RUN --mount=type=cache,target=/var/lib/apt,sharing=locked \ + --mount=type=cache,target=/var/cache/apt,sharing=locked \ + apt-get -yy update && apt-get install -yy netbase kmod iptables iproute2 COPY --from=builder /workspace/nat-gateway . USER 0:0 diff --git a/internal/fou/fou.go b/internal/fou/fou.go index 84f3819..ac24336 100644 --- a/internal/fou/fou.go +++ b/internal/fou/fou.go @@ -139,8 +139,11 @@ func (t *FouTunnelController) Init() error { attrs := netlink.NewLinkAttrs() attrs.Name = fouDummy - return netlink.LinkAdd(&netlink.Dummy{LinkAttrs: attrs}) + if err := netlink.LinkAdd(&netlink.Dummy{LinkAttrs: attrs}); err != nil { + return fmt.Errorf("failed to add dummy device: %w", err) + } + return nil } func (t *FouTunnelController) initIPTables(p iptables.Protocol) error { diff --git a/internal/nat/nat.go b/internal/nat/nat.go index 2550119..5dd8c37 100644 --- a/internal/nat/nat.go +++ b/internal/nat/nat.go @@ -15,7 +15,7 @@ const ( egressProtocolID = 30 egressRulePrio = 2000 - egressDummy = "pona-egress-dummy" + egressDummy = "nat-dummy" ) type Controller interface { @@ -100,7 +100,11 @@ func (c *controller) Init() error { attrs := netlink.NewLinkAttrs() attrs.Name = egressDummy - return netlink.LinkAdd(&netlink.Dummy{LinkAttrs: attrs}) + + if err := netlink.LinkAdd(&netlink.Dummy{LinkAttrs: attrs}); err != nil { + return fmt.Errorf("failed to add dummy device: %w", err) + } + return nil } func (c *controller) AddClient(addr netip.Addr, link netlink.Link) error {