github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
48,599 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

499 Commits (286bcc6f5c0e4b1bd9315cb5b898966b48efb4b1)

Author SHA1 Message Date
Minhan Xia e1df5c8b30 fix proxy unit tests 2016-07-07 17:43:22 -07:00
k8s-merge-robot 3895cede49 Merge pull request #28434 from thockin/br-netfilter-warning 
Automatic merge from submit-queue

Remove br_netfilter warning in kube-proxy

Many distros have this module linked in, generating a spurious error.

Fixes #23385
 2016-07-07 10:27:20 -07:00
bin liu 426fdc431a Merge branch 'master' into fix-typos 2016-07-04 11:20:47 +08:00
Tim Hockin 04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
Minhan Xia 51dcff40e6 Merge remote-tracking branch 'thockin/userspace-proxy-affinity-25314' into kubeproxyfix 2016-07-01 11:48:02 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
bin liu fd27cd47f7 fix some typos 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2016-06-22 18:14:26 +08:00
Minhan Xia 6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
k8s-merge-robot f9b8fd0c96 Merge pull request #25011 from zhouhaibing089/addclose 
Automatic merge from submit-queue

followup to add http server close method

Fixes #25009, a follow up of https://github.com/kubernetes/kubernetes/pull/24595.
 2016-05-09 22:32:02 -07:00
Tim Hockin 9052eddaf6 Don't delete affinity when endpoints are empty 
This only affects the userspace kube-proxy.
 2016-05-07 21:23:50 -07:00
zhouhaibing089 5923fd352e followup to add http server close method 2016-05-05 12:04:41 +08:00
Gao Zheng c75cb94be6 Squashed commit of the following: 
commit 7bf1a05f61b78196c8d272e0d55980ba2254e81d
Author: gaozheng <gaozheng0123@163.com>
Date:   Thu Apr 28 01:23:42 2016 +0000

    fix gofmt

commit 54f6fa6ca76ee0fc5c4f8609fb2f875111ce2141
Author: Gao Zheng <gaozheng0123@163.com>
Date:   Sat Apr 23 13:09:41 2016 +0000

    reset session affinity if endpoint is unconnected
 2016-05-03 01:36:32 +00:00
Clayton Coleman fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia 0d36dc7000 added test for revertPorts 2016-04-26 14:23:06 -07:00
Minhan Xia 56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
k8s-merge-robot 767fa6913d Merge pull request #24118 from smarterclayton/proxy_args 
Automatic merge from submit-queue

Allow Proxy to be initialized with store
 2016-04-21 04:42:43 -07:00
goltermann 3fa6c6f6d9 Enable vet 2016-04-20 09:48:24 -07:00
CJ Cullen 760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia 4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Clayton Coleman a5152a4005 Allow Proxy to be initialized with store 
The proxy should be able to reuse a store on initialization.
Minor cleanup to make experimentation with the proxy easier.
 2016-04-11 23:30:58 -04:00
Eric Paris 5e5a823294 Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
Dan Williams 6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre 9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
Jan Chaloupka 4389b3f0d6 Rewritte util.* -> wait.* wherever reasonable 2016-02-07 12:02:20 +01:00
k8s-merge-robot c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
k8s-merge-robot 0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin 1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin 107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian 589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin 11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot 26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry 1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang 936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer 8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot 5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski 960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot 36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah 5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali 06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah 7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot 18ad5f8cdf Merge pull request #15745 from ArtfulCoder/reduceTimeout 
Auto commit by PR queue bot
 2015-10-19 13:02:17 -07:00
k8s-merge-robot 75c977d200 Merge pull request #15596 from zhengguoyong/alias_util_errors_packagename 
Auto commit by PR queue bot
 2015-10-19 02:35:37 -07:00
Jordan Liggitt 55cd3f1030 Platform-specific setRLimit implementations 2015-10-18 21:26:39 -04:00
eulerzgy f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Abhishek Shah de214829f6 Update endpoint dialTimeouts to reasonable values 2015-10-16 14:57:43 -07:00
derekwaynecarr 970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
Alex Robinson c1012d8c93 Merge pull request #14882 from ArtfulCoder/logformat 
fixed log format
 2015-10-05 10:50:30 -07:00
qiaolei 718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
k8s-merge-robot fb4882620f Merge pull request #14611 from MikaelCluseau/wip-optional-sysctl 
Auto commit by PR queue bot
 2015-10-01 00:28:38 -07:00
Abhishek Shah 6278b5f648 fixed log format 2015-09-30 16:29:32 -07:00
Mikaël Cluseau 4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Tim Hockin 3c36439665 Don't log every connection by default 2015-09-25 14:02:24 -07:00
Tim Hockin 7509bf6318 Set UDP timeout to 1/4 second 2015-09-25 14:02:24 -07:00
Abhishek Shah 6945cb050c Set rlimit for openfile handles to 64k 2015-09-18 10:53:55 -07:00
Daniel Martí 586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Alex Mohr 2cf207ec60 Merge pull request #13992 from aveshagarwal/userspace-proxy-typo 
Fixes error message.
 2015-09-16 21:49:19 -07:00
Tim Hockin 84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Avesh Agarwal a84e49aaab Fixes error message. 2015-09-15 14:37:56 -04:00
Dan Winship 30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship 8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith 15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
Daniel Smith 9fc8a79e37 Revert "Revert "Don't take the proxy mutex in the traffic path"" 2015-09-01 16:40:11 -07:00
Daniel Smith 46ae7e87c7 Increase timeout to fix flaky tests 2015-09-01 16:08:13 -07:00
Daniel Smith a20d7ca481 Revert "Don't take the proxy mutex in the traffic path" 2015-09-01 13:33:05 -07:00
k8s-merge-robot 3d51f524b5 Merge pull request #13386 from danwinship/iptables-w 
Auto commit by PR queue bot
 2015-09-01 13:07:57 -07:00
Tim Hockin f0a9badd2d Don't take the proxy mutex in the traffic path 
This should make throughput better on the userspace proxier.

Fixes #11977
 2015-08-31 17:01:52 -07:00
Dan Winship a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin 8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Tim Hockin 5087ae6c93 Hold node-ports for publicIPs for local IPs 2015-08-24 16:32:44 -07:00
Tim Hockin f5a9281a26 Actually hold NodePorts open in kube-proxy 2015-08-24 16:32:44 -07:00
Nikhil Jindal 9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin 16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00
BenTheElder 81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00
Jerzy Szczepkowski 3df1b9e151 Merge pull request #12986 from BenTheElder/masquerade_all_flag 
Add flag to masquerade all in kube-proxy when using iptables proxier
 2015-08-21 10:28:07 +02:00
BenTheElder 1f2076ce64 Add flag to masquerade all in kube-proxy when using iptables proxier 2015-08-20 20:12:32 -04:00
Abhishek Shah b6b8e99393 External IPs support. 2015-08-20 16:10:01 -07:00
jiangyaoguo 5a95eb7326 Test UDP timeout 2015-08-19 21:50:43 +08:00
Kris Rousey ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Tim Hockin 6f34be30a3 Limit float precision to 5 points 2015-08-17 20:57:44 -07:00
Tim Hockin 7e9c685ba6 Require same min iptables version as -C 2015-08-17 20:57:44 -07:00
Tim Hockin 3a5c23d727 test for and set bridge-nf-call-iptables sysctl 2015-08-17 20:57:44 -07:00
Tim Hockin 9cf33772b4 test for and set route_localnet sysctl 2015-08-17 20:52:06 -07:00
Tim Hockin f1a48574a6 Clean up logging, make initial sync faster 2015-08-17 20:52:06 -07:00
Tim Hockin d72892d0b0 Include protocol in the hash for chain names 2015-08-17 20:52:06 -07:00
Tim Hockin 731d5e5191 Clean up iptables rules, add nodeport support 2015-08-17 20:52:06 -07:00
Tim Hockin d14c98f6cc Add nodepoprt chain and link it in, add unused MASQ rule 2015-08-17 20:52:06 -07:00
Robert Bailey 6fcdcec25d Merge pull request #12658 from sdminonne/bug_fix2 
to fix govet issue
 2015-08-17 10:58:10 -07:00
Tim Hockin 776132e1ae Make kube-proxy iptables sync period configurable 2015-08-13 09:53:32 -07:00
Salvatore Dario Minonne 48018c402c to fix govet issue 2015-08-13 17:26:43 +02:00
BenTheElder 8006a39cc3 Fix #12596 
Fix for https://github.com/kubernetes/kubernetes/issues/12596
Disconnect the pure-iptables proxy’s services chain when starting the
userspace proxy.
 2015-08-12 20:06:09 -04:00
BenTheElder ae569e20b5 Partially Implement #3760 2015-08-12 02:39:15 -04:00
Piotr Szczesniak 1df0267f4a Merge pull request #12551 from eparis/underscore-to-dash 
Update code and docs to use - in flag names instead of _
 2015-08-12 07:16:31 +02:00
Kris Rousey 565189f5b8 Correcting all go vet errors 2015-08-11 13:55:37 -07:00
Eric Paris 5aa495cdad Update code to use - in flag names instead of _ 2015-08-11 16:31:52 -04:00
Alex Robinson c5e221dca7 Merge pull request #12440 from BenTheElder/proxy_config_handler_refactor 
Refactor `pkg/proxy/config`'s ServiceConfigHandler and EndpointsConfigHandler.
 2015-08-10 09:44:38 -07:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
BenTheElder 6bbf2aaab7 Refactor pkg/proxy/config's ServiceConfigHandler and EndpointsConfigHandler to have different update methods. 
Refactor `pkg/proxy/config`’s ServiceConfigHandler.OnUpdate and
EndpointsConfigHandler.OnUpdate to different method names as they have
different signatures.

This will let the new proxy
(https://github.com/GoogleCloudPlatform/kubernetes/issues/3760)
implement both interfaces.

Since we won’t need a separate loadbalancer structure (load balancing
is handled in the proxy rules), we will simply handle both event types
from the same object.
 2015-08-08 15:16:55 -04:00
BenTheElder f6d257c0f3 fix missing import in roundrobin_test.go 2015-08-08 00:02:35 -04:00
BenTheElder 962a7b492b in pkg/proxy, merge proxy_provider.go and service_port_name.go to types.go 2015-08-07 21:10:34 -04:00
BenTheElder 1f6baa6549 Move userspace code to sub-package in proxy. 
Moves the userspace code in proxy to a sub-package and adds the
ProxyProvider interface.

This is in preparation for landing an implementation of
https://github.com/GoogleCloudPlatform/kubernetes/issues/3760, which
will mostly be in another sub package for iptables.
 2015-08-07 20:07:15 -04:00
BenTheElder 5867fca8bf Fix iptables Interface mocking, move Restore/RestoreAll to shared impl 
also put TODO for unit tests, move defer file deletion until after file
creation error is checked.
 2015-08-07 19:08:21 -04:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Abhishek Shah 4bbecea4e6 Changed udpIdleTimeout to 1 second from 10 seconds 2015-08-03 15:32:59 -07:00
jiangyaoguo 79ed954ec2 replace Reflector with client.cache.Reflector in kube-proxy 2015-06-29 11:21:50 +08:00
James DeFelice 4abcf7449c implementation of proxy port allocation 2015-06-02 12:28:25 +00:00
Tim Hockin ac3cc3c518 Rename PORTAL_NET all over 2015-05-28 16:10:44 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Tim Hockin bd2314fa78 Fix session affinity in kube-proxy 2015-05-26 17:19:29 -07:00
BenTheElder d223b795f3 Correct copyright in proxysocket.go 
I created this file earlier this year. It should say 2015 not 2014.
 2015-05-25 12:00:50 -04:00
Justin Santa Barbara 4b9b7ec2f9 Continue to support (deprecated) publicIPs 
Not doing so breaks e2e tests and people that may be using them,
even though we will eventually want to stop supporting this now
that we have better alternatives for typical use cases (NodePort)
 2015-05-23 16:37:27 -04:00
Justin Santa Barbara 7346cc8042 Add ServiceType = NodePort; wire everything up 2015-05-22 19:14:28 -04:00
Justin Santa Barbara e49ad95462 Mark PublicIPs as deprecated & rename to DeprecatedPublicIPs in the latest API 
We need to keep them in the API so that we can round-trip between versions.
 2015-05-22 19:14:27 -04:00
Justin Santa Barbara 3884d5fc59 Add LoadBalancer status to ServiceStatus 
This will replace publicIPs
 2015-05-22 18:27:05 -04:00
Justin Santa Barbara 1ad4549f5f Proxy infrastructure for NodePorts 
A service with a NodePort set will listen on that port, on every node.

This is both handy for some load balancers (AWS ELB) and for people
that want to expose a service without using a load balancer.
 2015-05-22 17:21:49 -04:00
Tim Hockin 270c031bec Merge pull request #8484 from thockin/proxier-old-iptables 
Clean up old iptables (pre-ip-per-service) legacy
 2015-05-19 11:21:46 -07:00
Justin Santa Barbara 2473a81412 Add mutex lock to cleanupStaleStickySessions 
Proxier.serviceMap is supposed to be guarded by the mutex
 2015-05-19 09:11:05 -04:00
Tim Hockin b64868f23b Clean up old iptables (pre-ip-per-service) legacy 2015-05-18 20:27:40 -07:00
Tim Hockin a548d542db Rename AffinityType to ServiceAffinity 2015-05-18 17:21:30 -07:00
Clayton Coleman a2e4f95e32 Merge pull request #8269 from smarterclayton/add_proxier_error 
Proxier should return typed errors
 2015-05-18 10:00:44 -04:00
Clayton Coleman de36967c7e Proxier should return typed errors 2015-05-15 13:50:05 -04:00
BenTheElder 78d2fda480 Move proxySocket out of proxier.go to proxysocket.go 
Moves proxySocket out of proxier.go to new proxysocket.go in proxy
package in order to start separating proxy logic and implementation and
make proxier more manageable to review.
 2015-05-14 19:08:35 -04:00
Tim Hockin 667dd81905 un-export CreateProxier 2015-05-14 11:37:25 -07:00
Daniel Smith 16a6fb8ef7 Replace calls to time.After with time.NewTimer for explicit stopping 2015-05-04 14:29:33 -07:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Xiang Li 7e36a88068 pkg/proxy: a more reliable way to detect a closed proxy 2015-04-13 10:11:22 -07:00
Dawn Chen b6ec2f971e Merge pull request #6741 from xiang90/udp_timeout 
proxy: lower udp timeout
 2015-04-13 08:58:02 -07:00
Xiang Li 233ec922f3 proxy: lower udp timeout 2015-04-11 23:51:08 -07:00
Xiang Li 4b29947652 pkg/proxy: panic if run out of fd 
When proxy runs out of fd, it fills the logs with error message.
From #6716, it is better to just panic().
 2015-04-11 13:09:15 -07:00
Clayton Coleman 51db3bd654 Create a new testclient package that can be backed by disk files 
Standardize how our fakes are used so that a test case can use a
simpler mechanism for providing large, complex data sets, as well
as represent queries over time.
 2015-04-07 14:56:15 -04:00
Vishnu Kannan eb1c453a9a Updating kube-proxy logging levels to assist debugging. 2015-04-03 20:19:52 +00:00
Tim Hockin 186818d787 WIP: Implement multi-port Services 2015-03-30 19:28:11 -07:00
Alex Robinson 151b871eff Fix bug in kube-proxy of not updating iptables rules if a service's 
public IPs change, and add tests to catch the bug.
 2015-03-30 20:39:59 +00:00
Tim Hockin 8ae203825b Implement multi-port endpoints 
Instead of endpoints being a flat list, it is now a list of "subsets"
where each is a struct of {Addresses, Ports}.  To generate the list of
endpoints you need to take union of the Cartesian products of the
subsets.  This is compact in the vast majority of cases, yet still
represents named ports and corner cases (e.g. each pod has a different
port number).

This also stores subsets in a deterministic order (sorted by hash) to
avoid spurious updates and comparison problems.

This is a fully compatible change - old objects and clients will
keepworking as long as they don't need the new functionality.

This is the prep for multi-port Services, which will add API to produce
endpoints in this new structure.
 2015-03-27 12:36:32 -07:00
Abhishek Gupta b0c23c1046 Headless Services: Adding option to specify None for PortalIP 2015-03-20 12:10:03 -07:00
Salvatore Dario Minonne 31ddefc347 Finalize fields.Selector 2015-03-17 22:55:43 +01:00
Quinton Hoole cc72eaec3a Fix services namespace clash. 
Serve identically names services in different namespaces on different external IP addresses.
 2015-03-16 18:19:19 -07:00
Subin M 269ad3216f fix proxy_test.go file to avoid ChooseHostInterface 2015-03-13 01:40:48 +05:30
Tim Hockin 52298ab851 Merge pull request #4865 from sub-mod/proxier_go_change 
use ChooseHostInterface in kube-proxy
 2015-03-11 08:09:32 -07:00
Subin M b8c91e7344 use ChooseHostInterface in kube-proxy 2015-03-11 13:50:53 +05:30
Eric Tune 2ca265ae3b Remove --etcd_servers flag from kubelet and proxy. 
All the distros that use this have been updated,
or have PRs out to update them, or owners
have been asked to fix RPMs.

Removing this prevents further use of this model.

Remove now dead code: EtcdClientOrDie

Remove now dead pkg/proxy/config/etcd.go.

Remove unused imports.
 2015-03-10 09:29:09 -07:00
Tim Hockin 5dc98968c3 Refactor load balancer. 
Flatten 3 parallel maps into a map to structs (balancerState).
 2015-02-23 12:59:59 -08:00
Tim Hockin 8503c34694 Fix unprotected shared state in load balancer 2015-02-23 12:59:35 -08:00
Tim Hockin e88134f736 Some renames in round-robin balancer 
Making a clear path for more service port changes,making this code more
comprehensible.
 2015-02-23 12:56:44 -08:00
Tim Hockin 37b8c14a4f use a strong type for loadbalancer keys 2015-02-23 12:56:44 -08:00
Brendan Burns 9829128a75 Merge pull request #4580 from thockin/plural_20_endpoints 
Part 2 of plural ports: make endpoints a struct
 2015-02-20 15:42:19 -08:00
Daniel Smith 17feadf977 Merge pull request #4240 from thockin/hyperkube 
Hyperkube cleanup
 2015-02-20 11:12:32 -08:00
Eric Paris e8acfe5f81 change proxy to satisfy both gofmt 1.3 and 1.4 gofmt 
gofmt -s from 1.4  does not like
	for _ = range BLAH
it wants
	for range BLAH

But gofmt from 1.3 dies:
	./pkg/proxy/config/config.go:265:6: expected operand, found 'range'
	./pkg/proxy/config/config.go:268:3: expected '{', found 'EOF'

So instead, rewrite the code to make them both happy
 2015-02-20 12:30:33 -05:00
Tim Hockin 8c2ff81ae0 move pkg/proxy/server to cmd/kube-proxy/app 2015-02-20 08:49:12 -08:00
Eric Paris 9965604d4b check gofmt with golang 1.4 2015-02-20 10:31:06 -05:00
Victor Marmol 2d1a8d0da0 Allow ApplyOomScoreAdj to specify what PID to adjust for. 2015-02-19 17:16:31 -08:00
Tim Hockin ae0062d001 Part 2 of plural ports: make endpoints a struct 
Includes conversions for v1b[12] and tests and fixups for call sites.
 2015-02-18 19:54:15 -08:00
Tim Hockin 411666decb Get rid of ServiceSpec.ProxyPort 
As far as I know, nobody uses it.  It was replaced by PublicIPs.  If I were
being very polite I would leave it in internal, but since I am 99.99% sure
nobody uses it, I am cutting it.  Let's argue about it.
 2015-02-03 22:45:00 -08:00
Tim Hockin 3b5ea74a48 Fix a race in kube-proxy causing runaways 
It was an ABA problem where the proxy loop might see its own service as
"existing" when it had been destroyed and recreated (as in an update).

To prove this I added a counter of running ProxyLoop goroutines and check that
in tests.  If I undo my main change, the tests fail.  This makes the
proxier_test significantly slower (3 seconds vs 0.5 seconds).  Sorry.
 2015-02-03 17:08:09 -08:00
Joe Beda 638069b879 Convert proxy server to hyperkube 2015-02-02 14:03:13 -08:00
Mike Danese d77743a07c gimports nits 2015-01-26 22:42:29 -08:00
Steve Reed f7e3cb12a6 Moves string slice sorting, copying and shuffling into pkg/util/slice 2015-01-22 14:20:23 -08:00
Steve Reed 38241c7e80 Copies endpoint slices before any sorting 2015-01-22 14:20:18 -08:00
Steve Reed 79a6bfb95f Fixes #3640 by shuffling endpoints in the round-robin load balancer 2015-01-22 14:19:56 -08:00
Mike Danese 8b65621aeb fix interface conversion panic 2015-01-16 12:23:16 -08:00
fabianofranz 0235bca2d3 When choosing a host interface proxier must only consider the ones with an address assigned 2015-01-14 17:09:27 -02:00
Daniel Smith 24e59de06e Merge pull request #3392 from erictune/reflector_proxy 
Reconcile kubelet and kube-proxy watching code, initial steps.
 2015-01-12 14:55:26 -08:00
Eric Tune 295800201e Make pkg/proxy/config more like pkg/kubelet/config 
Split SourceAPI into two subobjects.

Parallel structure for endpoints, services will allow
changing to use generic code in pkg/client/cache/reflector.go.

Rename some funcs to be more like pkg/client/cache.
 2015-01-12 14:37:04 -08:00
Brendan Burns 6ad88bb143 Clear resourceVersion on errors. 2015-01-12 11:45:38 -08:00
Tim Hockin 4fcd496d59 change everything to use new util/errors 2015-01-08 22:10:03 -08:00
Brendan Burns 0f60d7bca3 Reset the resourceVersion so that we poll again for non-timeout errors. 2015-01-06 11:45:03 -08:00
Tim Hockin ca27fb259c Don't use pointers for session affinity 2014-12-29 14:43:17 -08:00
Tim Hockin e045c6ce2f Split portals into host and container 
After this DNS is resolvable from the host, if the DNS server is targetted
explicitly.  This does NOT add the cluster DNS to the host's resolv.conf.  That
is a larger problem, with distro-specific tie-ins and circular deps.
 2014-12-29 09:18:12 -08:00
Mike Foley c4e94efe16 Sticky Session Implementation 
- Added process to cleanup stale session affinity records
- Automatically set cloud provided load balancer for sticky session if the service requires it - Note, this only works on GCE right now.
- Changed sessionAffinityMap a map to pointers instead of structs to improve performance
- Commented out cookie and protocol from sessionAffinityDetail to avoid confusion as it is not yet implemented.
 2014-12-18 18:46:10 -05:00
Eric Tune 64f1084c1a Rename util.config.Watcher -> util.config.Broadcaster. 
Watch is a widely used term in the codebase, which doesn't capture
the key feature of this type: broadcasting a change to several
listeners.
 2014-12-04 00:10:27 -08:00
Daniel Smith 6cb26e17a4 Merge pull request #2697 from erictune/no_accept_err 
Proxy: Avoid log error.  Simplify locking.
 2014-12-03 14:06:17 -08:00
Daniel Smith 5466c06b3a Merge pull request #2733 from erictune/handle_error 
Handle error from watch.
 2014-12-03 14:02:54 -08:00
Eric Tune 909f82f463 Proxy: Avoid log error. Simplify locking. 
Don't log an error when Accept failed because the interface (portal)
was just removed.

Don't pass around a pointer to a serviceInfo since another thread
deletes those.  Instead, just check if service name is still in the
service map.

Delete the locking on the serviceInfo object since it is only used
by the "main" proxier thread.
 2014-12-03 12:34:54 -08:00
Eric Tune deb101a1fb Handle error from watch. 
A watch of the API can return an api.Status rather than the watched
obejct type.  This code didn't handle that.

Tested with services e2e test (in conjunction with other PR).
 2014-12-03 12:33:26 -08:00
Eric Tune 9964410f77 Use plus-v format for some complex structures. 2014-12-02 22:13:08 -08:00
Brendan Burns 6b009f06cd Merge pull request #2635 from thockin/public-ip 
Enable public IPs even in not createExternal...
 2014-12-01 14:56:22 -08:00
Meir Fischer d1c93384e9 Set initial timeout on UDP proxy connection creation 2014-11-29 21:32:45 -05:00
Tim Hockin e925deccb0 Fix iptables for old systems 
The iptables args list needs to include all fields as they are eventually spit
out by iptables-save.  This is because some systems do not support the
'iptables -C' arg, and so fall back on parsing iptables-save output.  If this
does not match, it will not pass the check.  For example: adding the /32 on
the destination IP arg is not strictly required, but causes this list to not
match the final iptables-save output.  This is fragile and I hope one day we
can stop supporting such old iptables versions.
 2014-11-26 12:50:44 -08:00
Tim Hockin 0c03f6e784 Enable public IPs even in not createExternal... 
This allows the proxier to portal Public IPs even if the
createExternalLoadBalancer flag is not set.

This also fixes what appears to be a bug in the createExternalLoadBalancer path
wherein multiple PublicIPs would get truncated.
 2014-11-26 10:54:28 -08:00
Meir Fischer 9b441d01ab reset err value to SetDeadline return 2014-11-22 23:48:27 -05:00
Tim Hockin 95a9098311 fix 'go vet' warnings 2014-11-21 09:45:28 +08:00
Tim Hockin ea960711ff Clean up error logs. 
Use %v for errors, tidy some messages, make error messages start lowe-case
(as per go guidelines).  Just accumulated nits.
 2014-11-21 09:45:26 +08:00
Brendan Burns 4a8a2b5a9f Address comments. 2014-11-14 17:23:13 -08:00
Brendan Burns 2aa52d043b Add external services v2 support. 2014-11-14 11:32:54 -08:00
Brendan Burns c2485a4056 Merge pull request #2147 from justinsb/ipv6 
Initial ipv6 / iptables work
 2014-11-14 10:34:37 -08:00
Brendan Burns 3b5029c673 Add some retry to the service proxy. 2014-11-12 16:48:27 -08:00
Tim Hockin bc072206c0 UDP services need UDP portals 2014-11-05 17:47:40 -08:00
markturansky bd7643c033 refactor services to v1beta3 2014-11-04 14:23:53 -05:00
Justin SB 9a053a4b59 Initial ipv6 / iptables work 2014-11-03 15:23:04 -08:00
derekwaynecarr c6eb371c93 Fixup unit tests 2014-10-24 11:49:04 -04:00
derekwaynecarr 580cb5ea4f Rework client.Interface 2014-10-24 11:47:30 -04:00
Clayton Coleman 644eb70085 Refactor tests to split ObjectMeta from TypeMeta 2014-10-24 11:22:21 -04:00
Clayton Coleman 7550c146dc Replace struct initializers for TypeMeta with ObjectMeta 2014-10-24 11:22:21 -04:00
Clayton Coleman bb77a5d15f Rename ID -> Name 2014-10-22 15:00:26 -04:00
derekwaynecarr d4e1076306 Fix etcd in proxy for namespace awareness 2014-10-16 16:28:06 -07:00
Daniel Smith 1f9a4750b5 Fix dangerous Sprintf 2014-10-16 14:36:36 -07:00
Tim Hockin e907011111 Core support for ip-per-service 2014-10-16 08:36:47 -07:00
Daniel Smith 8007614085 Remove untested and unused code 2014-10-13 16:06:44 -07:00
Clayton Coleman a5462c0678 Change test cases to verify the client sends the received resourceVersion 2014-10-07 19:00:26 -04:00
Clayton Coleman 82bcdd3b3b Make ResourceVersion a string internally instead of uint64 
Allows us to define different watch versioning regimes in the future
as well as to encode information with the resource version.

This changes /watch/resources?resourceVersion=3 to start the watch at
4 instead of 3, which means clients can read a resource version and
then send it back to the server. Clients should no longer do math on
resource versions.
 2014-10-07 19:00:26 -04:00
Daniel Smith 2dde76bd03 Fix struct tag in apparently untested config struct 2014-10-07 14:01:45 -07:00
Clayton Coleman d3e51a0f24 Rename JSONBase -> TypeMeta in preparation for v1beta3 
Will make subsequent refactor much easier
 2014-10-07 11:12:16 -04:00
Tim Hockin 0ad0a247c4 Flag-compatible IP type 2014-10-06 11:29:22 -07:00
derekwaynecarr fc67d822c6 Add context as parameter to client interface functions 2014-10-02 12:51:36 -04:00
Tim Hockin 04cdf286a4 Make and use api.Protocol type 2014-09-27 20:31:37 -07:00
Clayton Coleman 4e56dafecc Introduce some default log verbosity control 
Move a lot of common error logging into better buckets:

glog.Errorf() - Always an error
glog.Warningf() - Something unexpected, but probably not an error
glog.V(0) - Generally useful for this to ALWAYS be visible
            to an operator
            * Programmer errors
            * Logging extra info about a panic
            * CLI argument handling
glog.V(1) - A reasonable default log level if you don't want
            verbosity
            * Information about config (listening on X, watching Y)
            * Errors that repeat frequently that relate to conditions
              that can be corrected (pod detected as unhealthy)
glog.V(2) - Useful steady state information about the service
            * Logging HTTP requests and their exit code
            * System state changing (killing pod)
            * Controller state change events (starting pods)
            * Scheduler log messages
glog.V(3) - Extended information about changes
            * More info about system state changes
glog.V(4) - Debug level verbosity (for now)
            * Logging in particularly thorny parts of code where
              you may want to come back later and check it
 2014-09-25 16:30:14 -04:00
Tim Hockin dd9c562769 Get rid of un-needed lock 2014-09-20 11:40:02 -07:00
Tim Hockin a559d8d9b2 Move some test-only code into the test 2014-09-20 11:38:05 -07:00
Tim Hockin 20826e6d50 Move copyBytes closer to use-sites 2014-09-20 11:31:13 -07:00
Tim Hockin cf6ccaee54 Proxy: delete serviceInfo when stopping a service 2014-09-20 11:29:04 -07:00
Tim Hockin 450ccde521 Don't store name twice in proxy 2014-09-16 17:04:23 -07:00
Clayton Coleman 61e3ce7ddc Make runtime less global for Codec 
* Make Codec separate from Scheme
* Move EncodeOrDie off Scheme to take a Codec
* Make Copy work without a Codec
* Create a "latest" package that imports all versions and
  sets global defaults for "most recent encoding"
  * v1beta1 is the current "latest", v1beta2 exists
  * Kill DefaultCodec, replace it with "latest.Codec"
  * This updates the client and etcd to store the latest known version
* EmbeddedObject is per schema and per package now
* Move runtime.DefaultScheme to api.Scheme
* Split out WatchEvent since it's not an API object today, treat it
like a special object in api
* Kill DefaultResourceVersioner, instead place it on "latest" (as the
  package that understands all packages)
* Move objDiff to runtime.ObjectDiff
 2014-09-16 16:26:43 -04:00
Clayton Coleman fe614aeda2 Simple refactor for ease of readability 
runtime.DefaultCodec -> latest.Codec
 2014-09-16 16:12:35 -04:00
Deyuan Deng d5eb731b3f Fix leaking FD. 2014-09-15 19:12:32 -04:00
Tim Hockin 3181f3555d Wrap goroutines in HandleCrash() 2014-09-12 16:47:40 -07:00
Tim Hockin 1e50f118fd Move UDP backend setup to a function 2014-09-12 16:47:40 -07:00
Tim Hockin 86d12681f2 Inject UDP timeout to enable testing 2014-09-12 16:47:40 -07:00
Tim Hockin 38416f6a23 Implement UDP proxying in kube-proxy 2014-09-12 16:47:40 -07:00
Tim Hockin cad6122fe4 Refactor proxy code to make room for UDP 2014-09-12 16:38:17 -07:00
Brendan Burns a343a93b2d Fix a bug where we don't return an error. 2014-09-09 10:29:00 -07:00
Brian Ketelsen 83d3da1436 changed address variable to bindAddress. Used net.JoinHostPort() instead of fmt.Sprintf() 2014-09-07 23:50:36 -07:00
Brian Ketelsen 34922226fd allow proxy to accept a listen address. fixes #1220 2014-09-07 23:27:43 -07:00
Daniel Smith 48ce23ac91 Make client use pointers 2014-09-07 22:19:24 -07:00
Daniel Smith 1c2b65788d Rename Codec and ResourceVersioner to add Default in front, to allow for types of those names 2014-09-07 22:19:24 -07:00
Clayton Coleman 01e668187c Services and Endpoints weren't properly sync'ing 
They need incremental changes and a resync on start.
 2014-09-03 16:04:55 -04:00
Daniel Smith a63966e73c Combine pkg/apitools and pkg/api/common and call the result pkg/runtime 2014-09-02 11:15:44 -07:00
Daniel Smith 099c8fd36f Propagate rename; tests pass again. 2014-09-02 10:42:06 -07:00
Vojtech Vitek (V-Teq) 59f58cd043 Unify Godoc formatting, fix various typos 
Signed-off-by: Vojtech Vitek (V-Teq) <vvitek@redhat.com>
 2014-09-02 13:41:03 +02:00
Clayton Coleman 9006eadcfe kube-proxy can read config from the apiserver 
All clients that talk to a "master" as a host:port or URL
(scheme://host:port) parameter.  Add tests.
 2014-08-27 15:49:01 -04:00
Tim Hockin 23fc00be5c Fix a race in proxy. 
addService() eventually calls getServiceInfo(), but the serviceInfo object may
not be installed yet (race).
 2014-08-25 21:38:16 -07:00
Brendan Burns da74625ac6 Fix the proxier when a service with the same port is re-created, actually restart the proxy. 2014-08-19 12:24:10 -07:00