Automatic merge from submit-queue (batch tested with PRs 60457, 60331, 54970, 58731, 60562). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
implement begin-port+offset port range parsing
**What this PR does / why we need it**:
Allocate specific numbers of port from a host by indicating a begin port and its offsets.
This can be used for kube-proxy configuration.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes#58730
**Special notes for your reviewer**:
**Release note**:
```release-note
"beginPort+offset" format support for port range which affects kube-proxy only
```
This patch adds support for kubernetes to integrate
with Windows SCM.
As a first step both `kubelet` and `kube-proxy` can be registered as a service.
To create the service:
PS > sc.exe create <component_name> binPath= "<path_to_binary> --service <other_args>"
CMD > sc create <component_name> binPath= "<path_to_binary> --service <other_args>"
Please note that if the arguments contain spaces, it must be escaped.
Example:
PS > sc.exe create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"
CMD > sc create kubelet binPath= "C:\kubelet.exe --service --hostname-override 'minion' <other_args>"
Example to start the service:
PS > Start-Service kubelet; Start-Service kube-proxy
CMD > net start kubelet && net start kube-proxy
Example to stop the service:
PS > Stop-Service kubelet (-Force); Stop-Service kube-proxy (-Force)
CMD > net stop kubelet && net stop kube-proxy
Example to query the service:
PS > Get-Service kubelet; Get-Service kube-proxy;
CMD > sc.exe queryex kubelet && sc qc kubelet && sc.exe queryex kube-proxy && sc.exe qc kube-proxy
Signed-off-by: Alin Balutoiu <abalutoiu@cloudbasesolutions.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@ovn.org>
Co-authored-by: Alin Gabriel Serdean <aserdean@ovn.org>
Automatic merge from submit-queue (batch tested with PRs 59463, 59719, 60181, 58283, 59966). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
components pprof profiling make use of existing genericapiserver's
**What this PR does / why we need it**:
fix#60278
Instead of writing private pprof, all components make use of generic apiserver existing profiling.
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Migrate FeatureGates type of kube-proxy from string to map[string]bool
**What this PR does / why we need it**:
Migration of FeatureGates type. This is a follow-up of #53025.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
ref: #53025https://github.com/kubernetes/kubernetes/pull/57754#discussion_r160023416
**Special notes for your reviewer**:
/cc @luxas @mtaufen @ncdc
**Release note**:
```release-note
action required: kube-proxy: feature gates are now specified as a map when provided via a JSON or YAML KubeProxyConfiguration, rather than as a string of key-value pairs.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-proxy: Fix flag validation for healthz-bind-address and metrics-bind-address
**What this PR does / why we need it**: `--healthz-bind-address` and `--metrics-bind-address` are broken for kube-proxy as they do not allow `ip:port` format, though they claim to support it.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: Fixes#53754
**Special notes for your reviewer**:
cc @ncdc
**Release note**:
```release-note
Fix kube-proxy flags validation for --healthz-bind-address and --metrics-bind-address to allow specifying ip:port.
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Update bazelbuild/rules_go, kubernetes/repo-infra, and gazelle dependencies
**What this PR does / why we need it**: updates our bazelbuild/rules_go dependency in order to bump everything to go1.9.4. I'm separating this effort into two separate PRs, since updating rules_go requires a large cleanup, removing an attribute from most build rules.
**Release note**:
```release-note
NONE
```
With d7ddcca231, we lost the logging
of the flags. We should at least log what the command line flags
were used to start processes as those incredibly useful for trouble shooting.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
kube-proxy: fix field name comments & json tags
**What this PR does / why we need it**: correct some minor issues in the comments and json tags for some of the fields in the kube-proxy config structs.
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
The udpTimeoutMilliseconds field in the kube-proxy configuration file has been renamed to udpIdleTimeout. Action required: administrators need to update their files accordingly.
```
This was extracted from my currently unmerged f074b28fe9, as requested [here](https://github.com/kubernetes/kubernetes/pull/52198#pullrequestreview-85538637).
@kubernetes/sig-network-pr-reviews @luxas
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Test Proxy Mode
**What this PR does / why we need it**:
Currently, IPVS-based kube-proxy is protected by feature gateway and there is no UT for it. We should test ipvs proxy mode when feature gateway is set.
**Which issue(s) this PR fixes**:
Fixes#56404
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Using ipset doing SNAT and packet filter in IPVS kube-proxy
**What this PR does / why we need it**:
Try ipset in ipvs proxy mode.
**Which issue this PR fixes**:
fixes#54203
xref: #53393, #53775
**Special notes for your reviewer**:
**Release note**:
```release-note
Using ipset doing SNAT and packet filtering in IPVS kube-proxy
```
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 55247, 55324, 55261, 55147, 54052). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Implement dummy device operation by netlink for ipvs proxier
**What this PR does / why we need it**:
Currently, we implement network interface operations, e.g. create a dummy device and delete a dummy interface via ip cmd and then collect the exist code. For example, we assume the following command:
```
ip link add kube-ipvs0 type dummy
```
returns 2 means the dummy device `kube-ipvs0` exists, see https://github.com/kubernetes/kubernetes/blob/master/pkg/proxy/ipvs/proxier.go#L1529 .
However, from the man page of ip command, exit status 2 just means an error was reported by the kernel, see http://man7.org/linux/man-pages/man8/ip.8.html#EXIT_STATUS.
So, that's a bug.
This PR implements dummy device operation by netlink for ipvs proxier so that can get ride of ip command operations.
**Which issue this PR fixes**:
fixes#54054
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
/kind bug
When kube-proxy was refactored to use a configuration file, the ability
to use 0 for conntrack min, max, max per core, and tcp timeouts was
inadvertently broken; if you specified 0, it would instead apply the
default value from defaults.go.
This change restores the ability to use 0 to mean 0.
Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Improve unit test coverage for kube-proxy configuration.
**What this PR does / why we need it**:
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #
**Special notes for your reviewer**:
/cc @ncdc
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 54906, 54120, 54934, 54915, 54848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kube-proxy fall back to iptables firstly when unable to load kernel modules
**What this PR does / why we need it**:
Fix kube-proxy fall back to iptables firstly when unable to load kernel modules
**Which issue this PR fixes**:
fixes#54121
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
/kind bug
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 55016, 50887). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
If command.Execute() return err, print to stdErr
The current kube-proxy not print error if (execute() failed) . not so good and not so friendly to user.
If print err to stdError, will show us why it failed.
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
validate ipvs scheduler
**What this PR does / why we need it**:
validate ipvs scheduler options
**Which issue this PR fixes**:
closes#53975
**Special notes for your reviewer**:
It depends on work of #53780.
**Release note**:
```release-note
NONE
```
/sig network
/area kube-proxy
Automatic merge from submit-queue (batch tested with PRs 53946, 53993, 54315, 54143, 54532). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix kube-proxy panic on cleanup
**What this PR does / why we need it**:
Set the execer properly when we initialize ProxyServer or we will
end up with a panic.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#54305
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52479, 53956). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Register sync proxy rules latency metrics in app level
**What this PR does / why we need it**:
IMO, should may should register proxy metrics in app level instead of in specific proxy mode, e.g. iptables, ipvs, winkernel...
By registering sync proxy rules latency metrics in app level, we can reuse codes among different proxiers.
**Which issue this PR fixes**:
closes#53957
**Special notes for your reviewer**:
@wojtek-t What do you think about it?
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 52883, 52183, 53915, 53848). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
[GCE kube-up] Don't provision kubeconfig file for kube-proxy service account
**What this PR does / why we need it**:
Offloading the burden of provisioning kubeconfig file for kube-proxy service account from GCE startup scripts. This also helps us decoupling kube-proxy daemonset upgrade from node upgrade.
Previous attempt on https://github.com/kubernetes/kubernetes/pull/51172, using InClusterConfig for kube-proxy based on discussions on https://github.com/kubernetes/client-go/issues/281.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #NONE
**Special notes for your reviewer**:
/assign @bowei @thockin
cc @luxas @murali-reddy
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 53776, 53786, 53352, 51567). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Clean up unused func checkKnownProxyMode
**What this PR does / why we need it**:
Minor cleanup.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
In iptables/proxier.go, there is code to check the length of the
CIDR and setup nat/iptables only if the length of the string is
greater than zero. However in PR #49087, strong validation was
added so kube proxy currently bails out and basically mandates
a valid cidr has to be specified. Let us go back to the earlier
behavior.
Automatic merge from submit-queue (batch tested with PRs 53044, 52956, 53512, 53028). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Fix wrong deprecated option info
Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
**What this PR does / why we need it**:
`--cleanup-iptables` is replaced by `--cleanup` not `--cleanup-proxyrules`
**Release note**:
```
None
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add check for IPv6 '::' when calculating kube-proxy's node IP
kube-proxy currently checks for a bind address of 0.0.0.0 (IPv4 all-zeros)
when calculating kube-proxy's node IP, but it does not check for
an address of '::' (IPv6 all-zeros). For either of those all-zeros
addresses, the node IP should be determined based on the hostname,
rather than using the address directly.
Also added a helpful log message when the kube-proxy protocol is
determined to be IPv6.
fixes#52613
**What this PR does / why we need it**:
This PR adds a check for a bind address of IPv6 '::' (all zeros) when kube-proxy is calculating its node IP,
similar to what is done for a bind address of IPv4 0.0.0.0. For either of these all-zeros addresses,
kube-proxy should derive the node IP based on the hostname, rather than use the bind address
directly.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#52613
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.
Add version info to kube-scheduler, kube-proxy and kubelet logs.
**What this PR does / why we need it**:
#46047 add such info to apiserver and CM. This adds version info to other binaries.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: related to #46047
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
kube-proxy currently checks for a bind address of 0.0.0.0 (IPv4 all-zeros)
when calculating kube-proxy's node IP, but it does not check for
an address of '::' (IPv6 all-zeros). For either of those all-zeros
addresses, the node IP should be determined based on the hostname,
rather than using the address directly.
Also added a helpful log message when the kube-proxy protocol is
determined to be IPv6.
fixes#52613
Automatic merge from submit-queue (batch tested with PRs 52355, 52537, 52551, 52403, 50673). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>..
Clear TODO: Adding UT for loading ipvs config
**What this PR does / why we need it**:
Clear TODO: Adding UT for loading ipvs config
**Which issue this PR fixes**:
**Special notes for your reviewer**:
**Release note**:
```release-note
NONE
```
(*) Fix cleanup of NodePort resources. (*) Fix the logic to select existing policies
Fix review comment
Fix Bazel
Update GoDep License
Fix NodePort forwarding to target port
Fix Darwin Build break. +1
Implement IsCompatible to validate kernel support for kernel mode
Windows Kernel now exposes "Internal Load Balancing"
using VFP (Virtual Filtering Platform) part of Virtual Switch. An inbuild
windows service HNS (Host Networking Service) acts as interface to program
the VFP. VFP is synonymous to iptables in functionality. HNS uses json based
data as input.
With the help of the interface available in github.com/Microsoft/hcsshim,
these APIs are exposed to the world in github to program HNS and use
the feature.
*** More info about the changes in this PR ***
(1) For every endpoint available in the system, an HNS Endpoint is added
(1.a) for local endpoints, a local HNS Endpoint would already exist, as part of
container creation.
(1.b) For all remote endpoints, a remote HNS Endpoint is created via HNS
(2) For every Service, a HNS ILB LoadBalancer is added referring the endpoints
created in (1)
Sample Input to HNS:
{
"Policies": [
{
"ExternalPort": 80,
"InternalPort": 80,
"Protocol": 6,
"Type": "ELB",
"VIPs": [
"11.0.98.129"
]
}
],
"References": [
"/endpoints/ca8b877b-ab90-499a-bc0e-7d736c425632",
"/endpoints/ee0ef08b-8434-4f8b-b748-393884e77465"
]
}
(2-a) This is done for Cluster IP, LoadBalancer Ingress IP, NodePort, External IP
Following the regular service and endpoint updates,
the HNS is notified of the updates and the system is kept in sync.
Automatic merge from submit-queue
Improve description for --masquerade-all and --cluster-cidr flags
**What this PR does / why we need it**:
Improves the help text for the kube-proxy's `--masquerade-all` and `--cluster-cidr` flags, which previously were vague and confusing.
Fixes https://github.com/kubernetes/kubernetes/issues/47213
```release-note
NONE
```
Automatic merge from submit-queue
Add test for kube-proxy running with "--cleanup-iptables=true"
**What this PR does / why we need it**:
Add test to prevent such kube-proxy panic to happen again.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes#48177
**Special notes for your reviewer**:
Forgot to add this in last PR #48183. Should we also add this to v1.7 milestone?
/cc @ncdc @dchen1107
**Release note**:
```release-note
NONE
```
Automatic merge from submit-queue (batch tested with PRs 49992, 48861, 49267, 49356, 49886)
Emit event and retry when fail to start healthz server on kube-proxy
**What this PR does / why we need it**: Enhance kube-proxy's logic when fail to start healthz server.
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: From #49263.
**Special notes for your reviewer**:
/assign @thockin @nicksardo @bowei
**Release note**:
```release-note
NONE
```
xuzhonghu