github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

kube-proxy: allow running in userns 

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
k3s-v1.14.6
Akihiro Suda 2018-08-23 14:14:44 +09:00 committed by Erik Wilson
parent bfb3806701
commit 9c7db00892
4 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kube-proxy/app/BUILD
View File

@ -65,6 +65,7 @@ go_library(
"//staging/src/k8s.io/component-base/config:go_default_library", "//staging/src/k8s.io/component-base/config:go_default_library",
"//staging/src/k8s.io/kube-proxy/config/v1alpha1:go_default_library", "//staging/src/k8s.io/kube-proxy/config/v1alpha1:go_default_library",
"//vendor/github.com/fsnotify/fsnotify:go_default_library", "//vendor/github.com/fsnotify/fsnotify:go_default_library",
"//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
"//vendor/github.com/prometheus/client_golang/prometheus:go_default_library", "//vendor/github.com/prometheus/client_golang/prometheus:go_default_library",
"//vendor/github.com/spf13/cobra:go_default_library", "//vendor/github.com/spf13/cobra:go_default_library",
"//vendor/github.com/spf13/pflag:go_default_library", "//vendor/github.com/spf13/pflag:go_default_library",

9
cmd/kube-proxy/app/server_others.go
View File

@ -47,6 +47,7 @@ import (
utilnode "k8s.io/kubernetes/pkg/util/node" utilnode "k8s.io/kubernetes/pkg/util/node"
utilsysctl "k8s.io/kubernetes/pkg/util/sysctl" utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
"k8s.io/utils/exec" "k8s.io/utils/exec"
rsystem "github.com/opencontainers/runc/libcontainer/system"
"k8s.io/klog" "k8s.io/klog"
) )
@ -230,6 +231,12 @@ func newProxyServer(
iptInterface.AddReloadFunc(proxier.Sync) iptInterface.AddReloadFunc(proxier.Sync)
var connTracker Conntracker
if !rsystem.RunningInUserNS(){
// if we are in userns, sysctl does not work and connTracker should be kept nil
connTracker = &realConntracker{}
}
return &ProxyServer{ return &ProxyServer{
Client: client, Client: client,
EventClient: eventClient, EventClient: eventClient,
@ -241,7 +248,7 @@ func newProxyServer(
Broadcaster: eventBroadcaster, Broadcaster: eventBroadcaster,
Recorder: recorder, Recorder: recorder,
ConntrackConfiguration: config.Conntrack, ConntrackConfiguration: config.Conntrack,
Conntracker: &realConntracker{}, Conntracker: connTracker,
ProxyMode: proxyMode, ProxyMode: proxyMode,
NodeRef: nodeRef, NodeRef: nodeRef,
MetricsBindAddress: config.MetricsBindAddress, MetricsBindAddress: config.MetricsBindAddress,

1
pkg/proxy/userspace/BUILD
View File

@ -33,6 +33,7 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library", "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
"//vendor/k8s.io/klog:go_default_library", "//vendor/k8s.io/klog:go_default_library",
"//vendor/github.com/opencontainers/runc/libcontainer/system:go_default_library",
"//vendor/k8s.io/utils/exec:go_default_library", "//vendor/k8s.io/utils/exec:go_default_library",
] + select({ ] + select({
"@io_bazel_rules_go//go/platform:android": [ "@io_bazel_rules_go//go/platform:android": [

6
pkg/proxy/userspace/proxier.go
View File

@ -25,6 +25,7 @@ import (
"sync/atomic" "sync/atomic"
"time" "time"
rsystem "github.com/opencontainers/runc/libcontainer/system"
"k8s.io/api/core/v1" "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
utilerrors "k8s.io/apimachinery/pkg/util/errors" utilerrors "k8s.io/apimachinery/pkg/util/errors"
@ -179,7 +180,10 @@ func NewCustomProxier(loadBalancer LoadBalancer, listenIP net.IP, iptables iptab
err = setRLimit(64 * 1000) err = setRLimit(64 * 1000)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to set open file handler limit: %v", err) if !rsystem.RunningInUserNS() {
return nil, fmt.Errorf("failed to set open file handler limit to 64000: %v", err)
}
klog.Errorf("failed to set open file handler limit to 64000: %v", err)
} }
proxyPorts := newPortAllocator(pr) proxyPorts := newPortAllocator(pr)