github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
69,775 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

108 Commits (2fbd47da561cb80e7f01f38da6a556b63b2579bd)

Author SHA1 Message Date
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Dan Winship d95181fa1e Port iptables code to pkg/util/version, don't use semvers 2016-12-13 08:53:04 -05:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Kubernetes Submit Queue aeb81f2488 Merge pull request #37594 from thockin/fix-old-iptables-mark-extra-zeroes 
Automatic merge from submit-queue (batch tested with PRs 38194, 37594, 38123, 37831, 37084)

Better compat with very old iptables (e.g. CentOS 6)

Fixes reported issue with CentOS6 iptables 1.4.7 (ancient)

Older iptables expanded things like 0x4000 into 0x00004000, which defeats the
fallback "check" logic.

Fixes #37416
 2016-12-06 17:41:31 -08:00
Tim Hockin 35cc60e4ba Better compat with very old iptables 
Older iptables expanded things like 0x4000 into 0x00004000, which defeats the
fallback "check" logic.
 2016-11-28 17:50:44 -08:00
m1093782566 315c8359cf fix proxier_test.go hasJump() 2016-11-17 10:31:48 +08:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
bprashanth 06cbb36a1f Proxier unittests 2016-09-29 17:35:43 -07:00
Angus Salkeld f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
k8s-merge-robot 68632db799 Merge pull request #27562 from 7ing/ipt 
Automatic merge from submit-queue

improve iptables-restore implementation #27559

[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]()
fixes #27559
- improve restoreInternal implementation in iptables
- add SetStdin and SetStdout functions to Cmd interface
- modify kubelet/prober and some tests in order to work with Cmd interface
 2016-08-02 08:02:32 -07:00
Davanum Srinivas 2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
joe2far 5ead89b5bb Fixed several typos 2016-07-13 15:06:24 +01:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jing Liu ef66f1ead8 improve iptables-restore implementation #27559 
- improve restoreInternal implementation in iptables
- add SetStdin and SetStdout functions to Cmd interface
- modify kubelet/prober and some tests in order to work with Cmd interface
 2016-06-16 12:19:34 -07:00
Minhan Xia 6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
Tim Hockin 7cab7bd472 fix a few go-vet errors 2016-02-09 13:20:31 -08:00
Tim Hockin 1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Maru Newby a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
gmarek 5a4e4d4d57 Add a HollowProxy to the HollowNode. 2015-10-27 18:23:29 +01:00
Alex Robinson b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
qiaolei 718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
Dan Winship 6ec4d229de glog.Info() -> glog.Infof() 2015-09-21 17:47:29 -04:00
Dan Winship 8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
tummychow 78ce5da988 Move util.StringSet into its own package 
A lot of packages use StringSet, but they don't use anything else from
the util package. Moving StringSet into another package will shrink
their dependency trees significantly.
 2015-09-10 12:04:15 -07:00
Dan Winship 1d90c6d537 Use iptables --wait flag if available 
Use iptables --wait (if available) to avoid race conditions with
util.iptables failing if it tries to modify the tables at the same
time as another process.
 2015-08-31 10:00:19 -04:00
Dan Winship 6bab1adfd1 Check iptables for -C flag at construct time 
Also, reorganize the code a bit in preparation for checking for
another flag as well. And, if semver.NewVersion() returns an error, it
means there's a bug in the code somewhere (we should only ever be
passing it valid version strings), so just log that error rather than
returning it to the caller.
 2015-08-31 09:54:57 -04:00
Dan Winship a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Dan Winship 97a2cbc6ef Fix some incorrect test debug output on error 2015-08-31 09:54:57 -04:00
Yu-Ju Hong d839ab2024 Merge pull request #12940 from Miciah/Warning-to-Warningf 
glog.Warning -> glog.Warningf
 2015-08-26 13:36:05 -07:00
Saad Ali 2f1edf7db5 Merge pull request #12839 from difro/archaic_iptables 
Fix dup rule generation with older iptables
 2015-08-20 14:33:19 -07:00
Jihoon Chung 837edf850d Fix dup rule generation with older iptables 
With older iptables binary, kube-proxy generates duplicate
iptables rules in NAT table every few seconds.

This fixes the problem by properly unquoting && parsing
older iptables-save output.
 2015-08-20 14:24:35 +09:00
Miciah Masters 8aa299da90 glog.Warning -> glog.Warningf 
Fix three places where glog.Warning is used with a formatted string.
 2015-08-19 16:22:28 -04:00
Tim Hockin 3d309700d0 Make iptables use semver lib 2015-08-17 20:57:44 -07:00
BenTheElder ae569e20b5 Partially Implement #3760 2015-08-12 02:39:15 -04:00
Kris Rousey 565189f5b8 Correcting all go vet errors 2015-08-11 13:55:37 -07:00
BenTheElder 5867fca8bf Fix iptables Interface mocking, move Restore/RestoreAll to shared impl 
also put TODO for unit tests, move defer file deletion until after file
creation error is checked.
 2015-08-07 19:08:21 -04:00
BenTheElder 6b3906b07e Add Save, SaveAll, Restore, RestoreAll to pkg/util/iptables 
Adds utility wrappers for `iptables-save` and `iptables-restore` to the
iptables Interface in pkg/util/iptables. Also const’s command strings.
 2015-08-07 16:55:14 -04:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
BenTheElder c5baf1f284 Export GetIptablesVersion utility in util/iptables 
For kube-proxy to determine whether to use pure iptables as in
https://github.com/GoogleCloudPlatform/kubernetes/issues/3760
Related WIP PR:
https://github.com/GoogleCloudPlatform/kubernetes/pull/9210
 2015-06-12 17:13:40 -04:00
Justin Santa Barbara 1ad4549f5f Proxy infrastructure for NodePorts 
A service with a NodePort set will listen on that port, on every node.

This is both handy for some load balancers (AWS ELB) and for people
that want to expose a service without using a load balancer.
 2015-05-22 17:21:49 -04:00
Eric Paris 6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Dawn Chen 4aac47c31d make kube-proxy.log less verbose. 2015-02-02 11:15:14 -08:00
Tim Hockin e045c6ce2f Split portals into host and container 
After this DNS is resolvable from the host, if the DNS server is targetted
explicitly.  This does NOT add the cluster DNS to the host's resolv.conf.  That
is a larger problem, with distro-specific tie-ins and circular deps.
 2014-12-29 09:18:12 -08:00
Tim Hockin b1470b6672 strip quotes in back-compat iptables 2014-12-03 08:34:34 -08:00
Tim Hockin e925deccb0 Fix iptables for old systems 
The iptables args list needs to include all fields as they are eventually spit
out by iptables-save.  This is because some systems do not support the
'iptables -C' arg, and so fall back on parsing iptables-save output.  If this
does not match, it will not pass the check.  For example: adding the /32 on
the destination IP arg is not strictly required, but causes this list to not
match the final iptables-save output.  This is fragile and I hope one day we
can stop supporting such old iptables versions.
 2014-11-26 12:50:44 -08:00
Tim Hockin 95a9098311 fix 'go vet' warnings 2014-11-21 09:45:28 +08:00
Tim Hockin ea960711ff Clean up error logs. 
Use %v for errors, tidy some messages, make error messages start lowe-case
(as per go guidelines).  Just accumulated nits.
 2014-11-21 09:45:26 +08:00
Tim Hockin 8fdaa5d453 Merge pull request #2067 from hmrm/iptables-compatibility 
Remove iptables >1.4.11 specific functionality
 2014-11-18 08:54:38 -08:00
Haney Maxwell 5d69faa6d6 Allow proxy to run on systems with iptables <1.4.11 2014-11-17 13:37:46 -08:00
Tim Hockin 9c218f0a19 Cleanups of ipv6 changes. 
I was late re-reviewing and some comments did not get resolved.
 2014-11-17 09:33:14 -08:00
Brendan Burns 2aa52d043b Add external services v2 support. 2014-11-14 11:32:54 -08:00
Justin SB 9a053a4b59 Initial ipv6 / iptables work 2014-11-03 15:23:04 -08:00
Brendan Burns b59e49fa13 Add support for git volumes. 2014-10-27 16:35:52 -07:00
Tim Hockin 4bbe6a10ff Add a pkg for iptables support 
This makes iptables an injectable dependency.  The test for this started off
simple, but got a bit out of hand.  It's starting to become a mocking
framework.
 2014-10-07 11:36:46 -07:00