* .goreleaser.yml: Multiarch build

* Makefile: Record phony targets

service proxy: ensure hearbeats are sent during sync

Fixes #879

(pod's traffic that is destined to node's local ip). with out this fix even
with network policy to drop all egress traffic, pod can reach host IP's.
Pod's can access any service hosted in host network as well

* push multi-arch images to the dev registry

* cleam things up with a array of arches

* missed setting a GOARCH

* put quotes and {} everywhere

* one of these isn't a variable

* nflog the packet that will be dropped by network policy enforcement
that can be further by read by ulogd

Fixes #505

* addressing review comments

Fix for same issue as #750, but for network_routes_controller

* Add multi-arch support for container images

Currently we have a arch-specific binary that gets installed on an amd64
container. This change ensures that the container image matches the
arch-specific binary.

Using alpine archictecture-specific images as  mentioned under
https://hub.docker.com/_/alpine

To support architectures different from host architecture, this uses
qemu-static.

* Lint Dockerfile

Use COPY instead of ADD
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy

https://github.com/estesp/manifest-tool/releases/tag/v1.0.2

Enabling --bgp-graceful-restart by default when the router component is deployed via daemonset

used by iptables command when run by kube-router

Fixes #506

The behavior of iproute2 changed in 5.0 as described in #750: now if a
table has not been created, `ip route list table <table>` will produce a
non-zero exit code.

It's not really needed to check tables via `list` anyway, since they
will be created by iproute2 when needed on first use. So relax error
handling for `ip route list table`, and remove it completely when a
table might be missing.

This fixes #750

* honor the ClientIP session affinity timeout

* update moq file

* Fix unit test failure due to adding a new arg to ipvsAddService
Co-authored-by: Bumyong Choi <bchoi@digitalocean.com>

withdraw external IP from advertisement only if the deleted service is the last service using external IP (#850)

* withdraw external IP from advertisement only if the deleted service
is the last service using external IP

Fixes #828

* addressing review comment

--------------------------------------------
Copyright: Sony Interactive Entertainment Inc.
Co-authored-by: Author Name <Filinto.Duran@sony.com>

intercept pod egress traffic going through the OUTPUT chain of filter table and run through the (#875)

network policies.

Fixes #609

* in DeleteFunc handlers across the controllers  handle the case where received object can be of
type DeletedFinalStateUnknown

fixes one of the symptoms (panic on receiving DeletedFinalStateUnknown objects) reported in #712

* address review comments

While --set is still ambiguous it can clash with other module options,
so it is better to be more specific and use the --match-set option. This
also more closely aligns with all other areas of the code that already
use --match-set.

From iptables-extensions man page:
The option --match-set can be replaced by --set if that does not clash
with an option of other extensions.

API server to cached informer. Modify test to use informer

Fixes #862

use endpoint (IP, port) tuple to track active endpoints of a service in use. Currently only endpoint IP (#842)

used so any change in port of the endpoint leaves stale ipvs server config

Fixes #841

populate pod CID in network routing controler to simulate reading from node spec once at begining (#844)

* fix router controller unhealthy on api server down

* import glog

* use  NetworkRoutingController  podCidr

* fix undefind

* add a --excluded-cidrs
* ignore deletion of ipvs rules with address in excluded cidrs
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>

* Use SNAT instead of MASQUERADE to source NAT outbound IPVS traffic

* Perform cleanup of depreciated masquerade iptables rules (if needed)

restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services (#836)

* restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services

Fixes #818

* addressing review comments

* fix broken CI

* fix .travis.yml

* skip gomoqs

* fix multi arch image building

Revert "restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services (#819)" (#835)

This reverts commit 27ec314e.

restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services (#819)

* restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services

Fixes #818

* refactoring service controller sync() logic to be more modular