mirror/xdp-project-bpf-examples
1
0
Fork 0
mirror of https://github.com/xdp-project/bpf-examples.git synced 2024-05-06 15:54:53 +00:00
Code Issues Projects Releases Wiki Activity
Files
5343ed3377471c7b7ef2237526c8bdc0f00a0cef
xdp-project-bpf-examples/xdp-synproxy/xdp-synproxy-daemonset.yaml
Vincent Li d4450991a2 Add xdp-synproxy Dockerfile and Kubernetes DaemonSet manifest 
User could build xdp-synproxy container and runs in kubernetes
as daemonset to protect kubernetes node from SYN flood attack

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2023-10-26 19:01:56 +00:00

56 lines
1.2 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: xdp-synproxy
labels:
app: xdp-synproxy
spec:
selector:
matchLabels:
app: xdp-synproxy
template:
metadata:
labels:
app: xdp-synproxy
spec:
hostNetwork: true
containers:
- args:
- "--iface=ens192"
- "--mss4=1460"
- "--mss6=1440"
- "--wscale=7"
- "--ttl=254"
- "--ports=80,8080"
command:
- /usr/local/bin/xdp_synproxy
image: vli39/xdp-synproxy:0.1
imagePullPolicy: Always
lifecycle:
postStart:
exec:
command:
- "/install-rules.sh"
- "--interface=ens192"
- "--ports=80,8080"
preStop:
exec:
command:
- "/uninstall-rules.sh"
- "--interface=ens192"
- "--ports=80,8080"
name: xdp-synproxy
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /sys/fs/bpf
name: xdp-synproxy
volumes:
- hostPath:
path: /sys/fs/bpf
type: DirectoryOrCreate
name: xdp-synproxy
Reference in New Issue View Git Blame Copy Permalink