github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
36,506 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

319 Commits (3215e8535ae8afcf850fbaac9df7ff9abe42f9e0)

Author SHA1 Message Date
Tim Hockin 107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian 589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin 11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot 26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry 1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang 936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer 8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot 5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski 960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot 36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah 5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali 06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah 7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot 18ad5f8cdf Merge pull request #15745 from ArtfulCoder/reduceTimeout 
Auto commit by PR queue bot
 2015-10-19 13:02:17 -07:00
k8s-merge-robot 75c977d200 Merge pull request #15596 from zhengguoyong/alias_util_errors_packagename 
Auto commit by PR queue bot
 2015-10-19 02:35:37 -07:00
Jordan Liggitt 55cd3f1030 Platform-specific setRLimit implementations 2015-10-18 21:26:39 -04:00
eulerzgy f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Abhishek Shah de214829f6 Update endpoint dialTimeouts to reasonable values 2015-10-16 14:57:43 -07:00
derekwaynecarr 970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
Alex Robinson c1012d8c93 Merge pull request #14882 from ArtfulCoder/logformat 
fixed log format
 2015-10-05 10:50:30 -07:00
qiaolei 718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
k8s-merge-robot fb4882620f Merge pull request #14611 from MikaelCluseau/wip-optional-sysctl 
Auto commit by PR queue bot
 2015-10-01 00:28:38 -07:00
Abhishek Shah 6278b5f648 fixed log format 2015-09-30 16:29:32 -07:00
Mikaël Cluseau 4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Tim Hockin 3c36439665 Don't log every connection by default 2015-09-25 14:02:24 -07:00
Tim Hockin 7509bf6318 Set UDP timeout to 1/4 second 2015-09-25 14:02:24 -07:00
Abhishek Shah 6945cb050c Set rlimit for openfile handles to 64k 2015-09-18 10:53:55 -07:00
Daniel Martí 586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Alex Mohr 2cf207ec60 Merge pull request #13992 from aveshagarwal/userspace-proxy-typo 
Fixes error message.
 2015-09-16 21:49:19 -07:00
Tim Hockin 84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Avesh Agarwal a84e49aaab Fixes error message. 2015-09-15 14:37:56 -04:00
Dan Winship 30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship 8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith 15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
Daniel Smith 9fc8a79e37 Revert "Revert "Don't take the proxy mutex in the traffic path"" 2015-09-01 16:40:11 -07:00
Daniel Smith 46ae7e87c7 Increase timeout to fix flaky tests 2015-09-01 16:08:13 -07:00
Daniel Smith a20d7ca481 Revert "Don't take the proxy mutex in the traffic path" 2015-09-01 13:33:05 -07:00
k8s-merge-robot 3d51f524b5 Merge pull request #13386 from danwinship/iptables-w 
Auto commit by PR queue bot
 2015-09-01 13:07:57 -07:00
Tim Hockin f0a9badd2d Don't take the proxy mutex in the traffic path 
This should make throughput better on the userspace proxier.

Fixes #11977
 2015-08-31 17:01:52 -07:00
Dan Winship a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin 8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Tim Hockin 5087ae6c93 Hold node-ports for publicIPs for local IPs 2015-08-24 16:32:44 -07:00
Tim Hockin f5a9281a26 Actually hold NodePorts open in kube-proxy 2015-08-24 16:32:44 -07:00
Nikhil Jindal 9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin 16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00
BenTheElder 81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00
Jerzy Szczepkowski 3df1b9e151 Merge pull request #12986 from BenTheElder/masquerade_all_flag 
Add flag to masquerade all in kube-proxy when using iptables proxier
 2015-08-21 10:28:07 +02:00
BenTheElder 1f2076ce64 Add flag to masquerade all in kube-proxy when using iptables proxier 2015-08-20 20:12:32 -04:00
Abhishek Shah b6b8e99393 External IPs support. 2015-08-20 16:10:01 -07:00
jiangyaoguo 5a95eb7326 Test UDP timeout 2015-08-19 21:50:43 +08:00
Kris Rousey ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Tim Hockin 6f34be30a3 Limit float precision to 5 points 2015-08-17 20:57:44 -07:00
Tim Hockin 7e9c685ba6 Require same min iptables version as -C 2015-08-17 20:57:44 -07:00
Tim Hockin 3a5c23d727 test for and set bridge-nf-call-iptables sysctl 2015-08-17 20:57:44 -07:00
Tim Hockin 9cf33772b4 test for and set route_localnet sysctl 2015-08-17 20:52:06 -07:00
Tim Hockin f1a48574a6 Clean up logging, make initial sync faster 2015-08-17 20:52:06 -07:00
Tim Hockin d72892d0b0 Include protocol in the hash for chain names 2015-08-17 20:52:06 -07:00
Tim Hockin 731d5e5191 Clean up iptables rules, add nodeport support 2015-08-17 20:52:06 -07:00
Tim Hockin d14c98f6cc Add nodepoprt chain and link it in, add unused MASQ rule 2015-08-17 20:52:06 -07:00
Robert Bailey 6fcdcec25d Merge pull request #12658 from sdminonne/bug_fix2 
to fix govet issue
 2015-08-17 10:58:10 -07:00
Tim Hockin 776132e1ae Make kube-proxy iptables sync period configurable 2015-08-13 09:53:32 -07:00
Salvatore Dario Minonne 48018c402c to fix govet issue 2015-08-13 17:26:43 +02:00
BenTheElder 8006a39cc3 Fix #12596 
Fix for https://github.com/kubernetes/kubernetes/issues/12596
Disconnect the pure-iptables proxy’s services chain when starting the
userspace proxy.
 2015-08-12 20:06:09 -04:00
BenTheElder ae569e20b5 Partially Implement #3760 2015-08-12 02:39:15 -04:00
Piotr Szczesniak 1df0267f4a Merge pull request #12551 from eparis/underscore-to-dash 
Update code and docs to use - in flag names instead of _
 2015-08-12 07:16:31 +02:00
Kris Rousey 565189f5b8 Correcting all go vet errors 2015-08-11 13:55:37 -07:00
Eric Paris 5aa495cdad Update code to use - in flag names instead of _ 2015-08-11 16:31:52 -04:00
Alex Robinson c5e221dca7 Merge pull request #12440 from BenTheElder/proxy_config_handler_refactor 
Refactor `pkg/proxy/config`'s ServiceConfigHandler and EndpointsConfigHandler.
 2015-08-10 09:44:38 -07:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
BenTheElder 6bbf2aaab7 Refactor pkg/proxy/config's ServiceConfigHandler and EndpointsConfigHandler to have different update methods. 
Refactor `pkg/proxy/config`’s ServiceConfigHandler.OnUpdate and
EndpointsConfigHandler.OnUpdate to different method names as they have
different signatures.

This will let the new proxy
(https://github.com/GoogleCloudPlatform/kubernetes/issues/3760)
implement both interfaces.

Since we won’t need a separate loadbalancer structure (load balancing
is handled in the proxy rules), we will simply handle both event types
from the same object.
 2015-08-08 15:16:55 -04:00
BenTheElder f6d257c0f3 fix missing import in roundrobin_test.go 2015-08-08 00:02:35 -04:00
BenTheElder 962a7b492b in pkg/proxy, merge proxy_provider.go and service_port_name.go to types.go 2015-08-07 21:10:34 -04:00
BenTheElder 1f6baa6549 Move userspace code to sub-package in proxy. 
Moves the userspace code in proxy to a sub-package and adds the
ProxyProvider interface.

This is in preparation for landing an implementation of
https://github.com/GoogleCloudPlatform/kubernetes/issues/3760, which
will mostly be in another sub package for iptables.
 2015-08-07 20:07:15 -04:00
BenTheElder 5867fca8bf Fix iptables Interface mocking, move Restore/RestoreAll to shared impl 
also put TODO for unit tests, move defer file deletion until after file
creation error is checked.
 2015-08-07 19:08:21 -04:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Abhishek Shah 4bbecea4e6 Changed udpIdleTimeout to 1 second from 10 seconds 2015-08-03 15:32:59 -07:00
jiangyaoguo 79ed954ec2 replace Reflector with client.cache.Reflector in kube-proxy 2015-06-29 11:21:50 +08:00
James DeFelice 4abcf7449c implementation of proxy port allocation 2015-06-02 12:28:25 +00:00
Tim Hockin ac3cc3c518 Rename PORTAL_NET all over 2015-05-28 16:10:44 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Tim Hockin bd2314fa78 Fix session affinity in kube-proxy 2015-05-26 17:19:29 -07:00
BenTheElder d223b795f3 Correct copyright in proxysocket.go 
I created this file earlier this year. It should say 2015 not 2014.
 2015-05-25 12:00:50 -04:00
Justin Santa Barbara 4b9b7ec2f9 Continue to support (deprecated) publicIPs 
Not doing so breaks e2e tests and people that may be using them,
even though we will eventually want to stop supporting this now
that we have better alternatives for typical use cases (NodePort)
 2015-05-23 16:37:27 -04:00