From 98b93b77f43c2bd09b89b6bcc9102bb6e8e1d7af Mon Sep 17 00:00:00 2001
From: "Blackwell, Ian (ib733q)" <ib733q@att.com>
Date: Thu, 20 Sep 2018 15:56:25 +0100
Subject: Initial drop of tproxy-config init container

The tproxy-config init container sets up a pod's internal
network routing such that any traffic outbound from
the primary service is routed through the forward
proxy.

Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a
Issue-ID: AAI-1664
Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
---
 sidecar/tproxy-config/src/main/bin/start.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 sidecar/tproxy-config/src/main/bin/start.sh

(limited to 'sidecar/tproxy-config/src/main/bin/start.sh')

diff --git a/sidecar/tproxy-config/src/main/bin/start.sh b/sidecar/tproxy-config/src/main/bin/start.sh
new file mode 100644
index 0000000..cbb003d
--- /dev/null
+++ b/sidecar/tproxy-config/src/main/bin/start.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+set -x
+set -eo pipefail
+
+#iptables -t nat -A PREROUTING -p tcp -j REDIRECT --to-port 9080
+iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 1001
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner '!' --uid-owner 100
+#iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9999 -m owner --uid-owner 0
+iptables -t nat --list
-- 
cgit 1.2.3-korg