proxy

func (*DummyProxyProcessor) CleanupRules ¶

func (d *DummyProxyProcessor) CleanupRules(KeepMap map[string]string) error

func (*DummyProxyProcessor) DeleteRules ¶

func (d *DummyProxyProcessor) DeleteRules(SvcIP, PodIP string) error

func (*DummyProxyProcessor) EnsureRules ¶

func (d *DummyProxyProcessor) EnsureRules(SvcIP, PodIP string) error

func (*DummyProxyProcessor) InitRules ¶

func (d *DummyProxyProcessor) InitRules() error

func (*NFTProxyProcessor) CleanupRules ¶

func (p *NFTProxyProcessor) CleanupRules(keepMap map[string]string) error

CleanupRules receives a keepMap (keys: svcIP, values: podIP) representing the desired state. It recovers from an inconsistent state by: 1. Removing any mappings in the pod_svc and svc_pod maps that do not match keepMap. 2. Adding any missing mappings from keepMap into both maps. 3. Cleaning up the raw sets (pod and svc) so that only the desired IPs remain.

func (*NFTProxyProcessor) DeleteRules ¶

func (p *NFTProxyProcessor) DeleteRules(svcIP, podIP string) error

DeleteRules removes the mapping for the given svcIP and podIP from both maps and commits the removal from NAT translation maps.

func (*NFTProxyProcessor) EnsureRules ¶

func (p *NFTProxyProcessor) EnsureRules(svcIP, podIP string) error

EnsureRules ensures that a one-to-one mapping exists between svcIP and podIP. If a mapping already exists for svcIP with a different podIP, the old mapping is removed (from svc_pod, pod_svc, and from the raw pod set) before the new mapping is added.

func (*NFTProxyProcessor) InitRules ¶

func (p *NFTProxyProcessor) InitRules() error

InitRules initializes the nftables configuration in a single table "cozy_proxy". It flushes the entire ruleset, then re-creates the table with the desired sets, maps, and chains.