github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
36,506 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

68 Commits (3215e8535ae8afcf850fbaac9df7ff9abe42f9e0)

Author SHA1 Message Date
Girish Kalele d3a1510e02 Fix kube-proxy logic to change iptables chains when ESIPP is turned on or off 2016-09-06 11:04:36 -07:00
Angus Salkeld f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
Kubernetes Submit Queue 189a870ec8 Merge pull request #30376 from justinsb/kubenet_mtu 
Automatic merge from submit-queue

Add kubelet --network-plugin-mtu flag for MTU selection

* Add network-plugin-mtu option which lets us pass down a MTU to a network provider (currently processed by kubenet)
* Add a test, and thus make sysctl testable
 2016-08-23 21:54:50 -07:00
Girish Kalele b82c028f77 GCE Cloud provider changes for ESIPP 
Add feature gate (ExternalTrafficLocalOnly) for alpha feature
 2016-08-23 16:16:39 -07:00
Justin Santa Barbara 2c103af2b6 Create testable implementation of sysctl 
This is so we can test kubenet Init, which calls sysctl
 2016-08-23 01:42:37 -04:00
Minhan Xia ec5699e451 clean up oldIptablesMasqueradeMark 2016-08-22 15:05:13 -07:00
Minhan Xia 392a92c9fa change KUBE-XLB back to KUBE-FW 2016-08-18 10:19:59 -07:00
Minhan Xia b31874fe82 bug fixes and nits 2016-08-18 10:19:59 -07:00
Minhan Xia 1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith 2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia 643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
Girish Kalele 5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Lucas Käldström c88a07ce1a Run goimports 2016-08-02 15:12:39 +03:00
Tim Hockin 04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Minhan Xia 6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
Clayton Coleman fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia 0d36dc7000 added test for revertPorts 2016-04-26 14:23:06 -07:00
Minhan Xia 56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
goltermann 3fa6c6f6d9 Enable vet 2016-04-20 09:48:24 -07:00
CJ Cullen 760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia 4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Dan Williams 6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre 9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
k8s-merge-robot c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
k8s-merge-robot 0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin 1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin 107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin 11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot 36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah 5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
derekwaynecarr 970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
qiaolei 718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
Mikaël Cluseau 4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Daniel Martí 586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Tim Hockin 84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Dan Winship 30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin 8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00