github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
44,617 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

393 Commits (49d1814b3a6ba59e1190d2b9ce5ad92ee98479cc)

Author SHA1 Message Date
Chao Xu bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu b9e3ffb515 misc 2016-11-23 15:53:09 -08:00
Kubernetes Submit Queue ddf5888da4 Merge pull request #35681 from vincentheet/issue-35677 
Automatic merge from submit-queue

Change stickyMaxAge from seconds to minutes, fixes issue #35677

**What this PR does / why we need it**: Increases the service sessionAfinity time from 180 seconds to 180 minutes for proxy mode iptables which was a bug introduced in a refactor.

**Which issue this PR fixes**: fixes #35677

**Special notes for your reviewer**: 

**Release note**:

``` release-note
Fixed wrong service sessionAffinity stickiness time from 180 sec to 180 minutes in proxy mode iptables.
```

Since there is no test for the sessionAffinity feature at the moment I wanted to create one but I don't know how.
 2016-11-22 10:35:36 -08:00
m1093782566 315c8359cf fix proxier_test.go hasJump() 2016-11-17 10:31:48 +08:00
Mandar U Jog 3fdc343a98 Handle Empty clusterCIDR 
Empty clusterCIDR causes invalid rules generation.
Fixes issue #36652
 2016-11-15 14:34:25 -08:00
Tim Hockin 19dd9c1271 Reduce to folks with context 2016-11-15 08:51:12 +01:00
Tim Hockin 1aeecd7847 Reduce to people with context 2016-11-15 08:50:14 +01:00
Tim Hockin 5bcaa09a5a Trim to folks with context 2016-11-15 08:49:30 +01:00
Tim Hockin 4caa6e0b78 Trim down to the folks I think have real context 2016-11-15 08:48:31 +01:00
Antoine Pelisse 40a8574b0a Update OWNERS 2016-11-09 14:37:31 -08:00
Antoine Pelisse cbbf366f1f Update OWNERS approvers and reviewers: pkg/proxy 2016-11-09 10:17:55 -08:00
Kubernetes Submit Queue c52efa570d Merge pull request #36079 from apprenda/windows_kube_proxy 
Automatic merge from submit-queue

Add Windows support to kube-proxy

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:
This is the first stab at supporting kube-proxy (userspace mode) on Windows

**Which issue this PR fixes** : 
fixes #30278

**Special notes for your reviewer**:
The MVP uses `netsh portproxy` to redirect traffic from `ServiceIP:ServicePort` to a `LocalIP:LocalPort`. 
For the next version we are expecting to have guidance from Microsoft Container Networking team.

**Limitations**:
Current implementation does not support DNS queries over UDP as `netsh portproxy` currently only supports TCP. We are working with Microsoft to remediate this.

cc: @brendandburns @dcbw 

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
```
 2016-11-09 01:26:27 -08:00
Paulo Pires 562d0756ef
Fixed copyright headers. 2016-11-07 09:18:07 +00:00
Paulo Pires acf3f368bc
Added new userspace proxy mode specifically for Windows. 2016-11-07 09:11:35 +00:00
Zihong Zheng 55f75c37f7 Default to the old behavior for proxier sync. 2016-11-06 22:45:53 -08:00
Timothy St. Clair 2b012e822a Add minimum iptables sync period to the proxy, default is 2/sec 2016-11-04 00:38:35 -05:00
xiangpengzhao 513b346bb7 Log portal IP in error info. 2016-11-01 05:26:16 -04:00
Vincent Heet 528bc97dd3 Change stickyMaxAge from seconds to minutes, fixes issue #35677 2016-10-27 09:56:17 +02:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
bprashanth a46a849b9e Promote source ip annotations to beta 2016-10-19 13:39:37 -07:00
bprashanth 5cb8e8e1d6 Fix health check node port leak 2016-10-19 13:39:37 -07:00
bprashanth 06cbb36a1f Proxier unittests 2016-09-29 17:35:43 -07:00
bprashanth 93f9b54cab NodePorts understand OnlyLocal 2016-09-29 17:35:43 -07:00
Girish Kalele d3a1510e02 Fix kube-proxy logic to change iptables chains when ESIPP is turned on or off 2016-09-06 11:04:36 -07:00
Angus Salkeld f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
Kubernetes Submit Queue ecf24101d3 Merge pull request #31485 from m1093782566/m109-proxy-fix-naming 
Automatic merge from submit-queue

[kube-proxy] Fix naming errors and sentence breaking in pkg/proxy/healthcheck

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

addresses #31484 

@girishkalele
 2016-08-26 01:53:24 -07:00
m1093782566 e16e5c4fec fix naming error and sentence breaking in pkg/proxy/healthcheck 
Change-Id: Iee36ff4e497052f473f95f8f0a92421d85e3c416
 2016-08-26 10:39:56 +08:00
Kubernetes Submit Queue 189a870ec8 Merge pull request #30376 from justinsb/kubenet_mtu 
Automatic merge from submit-queue

Add kubelet --network-plugin-mtu flag for MTU selection

* Add network-plugin-mtu option which lets us pass down a MTU to a network provider (currently processed by kubenet)
* Add a test, and thus make sysctl testable
 2016-08-23 21:54:50 -07:00
Girish Kalele b82c028f77 GCE Cloud provider changes for ESIPP 
Add feature gate (ExternalTrafficLocalOnly) for alpha feature
 2016-08-23 16:16:39 -07:00
xiangpengzhao 9ef7475c12 Cover port_allocator_test with more conditions 2016-08-23 05:19:44 -04:00
Justin Santa Barbara 2c103af2b6 Create testable implementation of sysctl 
This is so we can test kubenet Init, which calls sysctl
 2016-08-23 01:42:37 -04:00
Minhan Xia ec5699e451 clean up oldIptablesMasqueradeMark 2016-08-22 15:05:13 -07:00
Girish Kalele 282880f549 Code review changes 2016-08-20 19:49:30 -07:00
Girish Kalele 29188c68d5 Load Balancer Health Check responder library for ESIPP 2016-08-20 19:45:56 -07:00
Minhan Xia 392a92c9fa change KUBE-XLB back to KUBE-FW 2016-08-18 10:19:59 -07:00
Minhan Xia b31874fe82 bug fixes and nits 2016-08-18 10:19:59 -07:00
Minhan Xia 1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith 2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia 643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
Girish Kalele 5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Lucas Käldström c88a07ce1a Run goimports 2016-08-02 15:12:39 +03:00
Michal Rostecki 59ca5986dd Print/log pointers of structs with %#v instead of %+v 
There are many places in k8s where %+v is used to format a pointer
to struct, which isn't working as expected.

Fixes #26591
 2016-08-01 22:27:56 +02:00
Davanum Srinivas 2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
k8s-merge-robot 04602bb9e5 Merge pull request #28655 from freehan/kubeproxyfix 
Automatic merge from submit-queue

Don't delete affinity when endpoints are empty

closes: #25316
 2016-07-08 11:28:43 -07:00
Minhan Xia e1df5c8b30 fix proxy unit tests 2016-07-07 17:43:22 -07:00
k8s-merge-robot 3895cede49 Merge pull request #28434 from thockin/br-netfilter-warning 
Automatic merge from submit-queue

Remove br_netfilter warning in kube-proxy

Many distros have this module linked in, generating a spurious error.

Fixes #23385
 2016-07-07 10:27:20 -07:00
bin liu 426fdc431a Merge branch 'master' into fix-typos 2016-07-04 11:20:47 +08:00
Tim Hockin 04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
Minhan Xia 51dcff40e6 Merge remote-tracking branch 'thockin/userspace-proxy-affinity-25314' into kubeproxyfix 2016-07-01 11:48:02 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
bin liu fd27cd47f7 fix some typos 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2016-06-22 18:14:26 +08:00
Minhan Xia 6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
k8s-merge-robot f9b8fd0c96 Merge pull request #25011 from zhouhaibing089/addclose 
Automatic merge from submit-queue

followup to add http server close method

Fixes #25009, a follow up of https://github.com/kubernetes/kubernetes/pull/24595.
 2016-05-09 22:32:02 -07:00
Tim Hockin 9052eddaf6 Don't delete affinity when endpoints are empty 
This only affects the userspace kube-proxy.
 2016-05-07 21:23:50 -07:00
zhouhaibing089 5923fd352e followup to add http server close method 2016-05-05 12:04:41 +08:00
Gao Zheng c75cb94be6 Squashed commit of the following: 
commit 7bf1a05f61b78196c8d272e0d55980ba2254e81d
Author: gaozheng <gaozheng0123@163.com>
Date:   Thu Apr 28 01:23:42 2016 +0000

    fix gofmt

commit 54f6fa6ca76ee0fc5c4f8609fb2f875111ce2141
Author: Gao Zheng <gaozheng0123@163.com>
Date:   Sat Apr 23 13:09:41 2016 +0000

    reset session affinity if endpoint is unconnected
 2016-05-03 01:36:32 +00:00
Clayton Coleman fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia 0d36dc7000 added test for revertPorts 2016-04-26 14:23:06 -07:00
Minhan Xia 56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
k8s-merge-robot 767fa6913d Merge pull request #24118 from smarterclayton/proxy_args 
Automatic merge from submit-queue

Allow Proxy to be initialized with store
 2016-04-21 04:42:43 -07:00
goltermann 3fa6c6f6d9 Enable vet 2016-04-20 09:48:24 -07:00
CJ Cullen 760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia 4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Clayton Coleman a5152a4005 Allow Proxy to be initialized with store 
The proxy should be able to reuse a store on initialization.
Minor cleanup to make experimentation with the proxy easier.
 2016-04-11 23:30:58 -04:00
Eric Paris 5e5a823294 Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
Dan Williams 6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre 9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
Jan Chaloupka 4389b3f0d6 Rewritte util.* -> wait.* wherever reasonable 2016-02-07 12:02:20 +01:00
k8s-merge-robot c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
k8s-merge-robot 0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin 1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin 107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian 589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin 11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot 26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry 1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang 936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer 8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot 5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski 960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot 36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah 5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali 06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah 7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00