feat(routing): implemented back iptables filtering

[lukas8219]

No description provided.

[github-actions]

Terraform Plan:

google_project_iam_custom_role.resource_cleaner: Refreshing state... [id=projects/gke-metadata-server/roles/resourceCleaner]
google_iam_workload_identity_pool.test_kind_cluster: Refreshing state... [id=projects/gke-metadata-server/locations/global/workloadIdentityPools/test-kind-cluster]
google_service_account.release: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]]
data.google_project.gke_metadata_server: Reading...
google_project_iam_custom_role.continuous_integration: Refreshing state... [id=projects/gke-metadata-server/roles/continuousIntegration]
google_service_account.test: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]]
google_service_account.pull_request: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]]
google_service_account.clean_resources: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]]
google_storage_bucket.test: Refreshing state... [id=gke-metadata-server-test]
google_service_account_iam_member.clean_resources_workload_identity_user: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser/principal://iam.googleapis.com/projects/637293746831/locations/global/workloadIdentityPools/github-actions/subject/repo:matheuscscp/gke-metadata-server:environment:clean-resources]
google_service_account_iam_member.pull_request_workload_identity_user: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser/principal://iam.googleapis.com/projects/637293746831/locations/global/workloadIdentityPools/github-actions/subject/repo:matheuscscp/gke-metadata-server:environment:pull-request]
google_service_account_iam_member.release_workload_identity_user: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser/principal://iam.googleapis.com/projects/637293746831/locations/global/workloadIdentityPools/github-actions/subject/repo:matheuscscp/gke-metadata-server:environment:release]
google_service_account_iam_binding.test_workload_identity_users: Refreshing state... [id=projects/gke-metadata-server/serviceAccounts/[email protected]/roles/iam.workloadIdentityUser]
google_storage_bucket_iam_binding.test_bucket_object_admins: Refreshing state... [id=b/gke-metadata-server-test/roles/storage.objectAdmin]
data.google_project.gke_metadata_server: Read complete after 1s [id=projects/gke-metadata-server]
google_project_iam_member.openid_token_creator: Refreshing state... [id=gke-metadata-server/roles/iam.serviceAccountOpenIdTokenCreator/principal://iam.googleapis.com/projects/637293746831/locations/global/workloadIdentityPools/test-kind-cluster/subject/system:serviceaccount:kube-system:gke-metadata-server]
google_project_iam_member.resource_cleaner: Refreshing state... [id=gke-metadata-server/projects/gke-metadata-server/roles/resourceCleaner/serviceAccount:[email protected]]
google_project_iam_binding.continuous_integration: Refreshing state... [id=gke-metadata-server/projects/gke-metadata-server/roles/continuousIntegration]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

[github-actions]

New Releases Check:

No version releases in this pull request.

[lukas8219]

Not sure this is needed but I think i ran go mod tidy instead of go mod download ?

[matheuscscp]

go mod tidy is the right one, go mod download is for dockerfile caching magic. Super weird this tag changing like this, their latest is still 1.3.0: https://github.com/vishvananda/netlink/releases/tag/v1.3.0

But the CI failed it ran make tidy (which runs go mod tidy) and found differences. I think it corrected the go.mod file back to simply 1.3.0, so I think there's something wrong with your environment modifying the go.mod file like this?

[matheuscscp]

There was also a diff on the file internal/iptables/iptables.go, this one is probably because of go fmt. Are you using format on save? I use VSCode format on save for Go.

[lukas8219]

We should do it in lowercase?

[matheuscscp]

I think uppercase like this is fine 👍

[matheuscscp]

First pass ❤️

[matheuscscp]

go mod tidy is the right one, go mod download is for dockerfile caching magic. Super weird this tag changing like this, their latest is still 1.3.0: https://github.com/vishvananda/netlink/releases/tag/v1.3.0

But the CI failed it ran make tidy (which runs go mod tidy) and found differences. I think it corrected the go.mod file back to simply 1.3.0, so I think there's something wrong with your environment modifying the go.mod file like this?

[matheuscscp]

There was also a diff on the file internal/iptables/iptables.go, this one is probably because of go fmt. Are you using format on save? I use VSCode format on save for Go.

[matheuscscp]

I think uppercase like this is fine 👍

[matheuscscp]

Is this the change you mentioned about devcontainers? Your commented is outdated with the code so I can't see it in the exact part of the code you made it anymore. If yes, this looks good to me 👍

[matheuscscp]

Suggested change

	GKEMetadataServerAddressDefault = "169.254.169.254"
	GKEMetadataServerPortDefault = 80
	GKEMetadataServerDefaultAddress = "169.254.169.254"
	GKEMetadataServerDefaultPort = 80

[matheuscscp]

Nice one, please check if we have these values anywhere else in the code and use these constants 🙏

[matheuscscp]

We put internal imports in a separate import block between the standard libraries and third party imports

Suggested change

	"github.com/matheuscscp/gke-metadata-server/api"
	"github.com/matheuscscp/gke-metadata-server/api"