github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
51,078 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

521 Commits (f32b390cf08a9afd9f9899e0d97a90eb162b32a8)

Author SHA1 Message Date
deads2k 11e8068d3f move pkg/fields to apimachinery 2017-01-19 09:50:16 -05:00
deads2k c47717134b move utils used in restclient to client-go 2017-01-19 07:55:14 -05:00
Clayton Coleman 9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dan Williams 5907639140 proxy/iptables: clean up service map creation 
Instead of copying the map, like OnServicesUpdate() used to do and which
was copied into buildServiceMap() to preserve semantics while creating
testcases, start with a new empty map and do deletion checking later.
 2017-01-11 15:17:55 -06:00
Dan Williams 6aa784e6f2 proxy/iptables: don't sync proxy rules if services map didn't change 2017-01-11 14:46:12 -06:00
Dan Williams 433f6830f8 proxy/iptables: don't proxy ExternalName services 
The API docs say:

	// ServiceTypeExternalName means a service consists of only a reference to
	// an external name that kubedns or equivalent will return as a CNAME
	// record, with no exposing or proxying of any pods involved.

which implies that ExternalName services should be ignored for proxy
purposes.
 2017-01-11 14:46:12 -06:00
Dan Williams eae2b8e9ba proxy/iptables: split out service map creation and add testcases 2017-01-11 14:46:12 -06:00
deads2k 6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Kubernetes Submit Queue ff8e8c6778 Merge pull request #38920 from k82cn/k8s_37979 
Automatic merge from submit-queue

Add event when failed to open local port.

fixes #37979 .
 2016-12-22 21:32:27 -08:00
Klaus Ma b0dfa4ad47 Add event when failed to open local port. 2016-12-23 04:51:12 +08:00
Brendan Burns 47b79de76e Refactor port allocation logic a little, deflake tests. 2016-12-18 21:18:34 -08:00
Chun Chen 0da1573169 Raise a warning instead of info if br-netfilter is missing or unset 2016-12-14 18:27:58 +08:00
Dan Winship d95181fa1e Port iptables code to pkg/util/version, don't use semvers 2016-12-13 08:53:04 -05:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Kubernetes Submit Queue 4fb21c8409 Merge pull request #37429 from andrewsykim/fix-kube-proxy-node-ip-warning 
Automatic merge from submit-queue (batch tested with PRs 35884, 37305, 37369, 37429, 35679)

fix mixleading warning message regarding kube-proxy nodeIP initializa…

The current warning message implies that the operator should restart kube-proxy with some flag related to node IP which can be very misleading.
 2016-12-08 03:55:17 -08:00
Kubernetes Submit Queue 08c0f7dded Merge pull request #27711 from xiangpengzhao/port-allocator-test 
Automatic merge from submit-queue

Cover port_allocator_test with more conditions

The test cases of port_allocator_test should cover more conditions, such as `rangeAllocator.used.Bit`.
 2016-12-07 12:14:36 -08:00
Eric Paris 78798f6191 Remove girishkalele from most places 
This also updates the maintainers list and reassigns his tests
 2016-12-05 19:29:34 -05:00
Kubernetes Submit Queue 6abb472357 Merge pull request #37720 from freehan/lb-src-update 
Automatic merge from submit-queue

Fix Service Update on LoadBalancerSourceRanges Field

Fixes: https://github.com/kubernetes/kubernetes/issues/33033
Also expands: https://github.com/kubernetes/kubernetes/pull/32748
 2016-12-01 18:21:39 -08:00
Kubernetes Submit Queue 9defe2ce99 Merge pull request #32561 from zreigz/fix-incoming-udp 
Automatic merge from submit-queue

Bug fix. Incoming UDP packets not reach newly deployed services

**What this PR does / why we need it**:

Incoming UDP packets not reach newly deployed services when old connection's state in conntrack is not cleared. When a packet arrives, it will not go through NAT table again, because it is not "the first" packet. The PR fix the issue

**Which issue this PR fixes** 
Fixes #31983
xref https://github.com/docker/docker/issues/8795
 2016-12-01 16:02:03 -08:00
Kubernetes Submit Queue 5c2117764b Merge pull request #36055 from m1093782566/m109-fix-proxy-hasjump 
Automatic merge from submit-queue

[kube-proxy] Fix Jump() bug in pkg/proxy/iptables/proxier_test.go

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**Which issue this PR fixes**

Fixes #36043
 2016-12-01 06:31:27 -08:00
Lukasz Zajaczkowski dc54a8d46e Bug fix. Incoming UDP packets not reach newly deployed services 2016-12-01 08:52:30 +01:00
Minhan Xia 1c2c0c1f63 support service loadBalancerSourceRange update 2016-11-30 15:27:34 -08:00
Kubernetes Submit Queue 8a99f17f24 Merge pull request #37454 from xiaolou86/close-channel 
Automatic merge from submit-queue

fix bug of closing the same channel multiple times

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->


**Which issue this PR fixes**: fixes #37444 

**Release note**:None
 2016-11-30 08:43:51 -08:00
Kubernetes Submit Queue 919dfc4211 Merge pull request #36523 from apelisse/owners-pkg-proxy 
Automatic merge from submit-queue

Curating Owners: pkg/proxy

cc @thockin

In an effort to expand the existing pool of reviewers and establish a
two-tiered review process (first someone lgtms and then someone
experienced in the project approves), we are adding new reviewers to
existing owners files.


If You Care About the Process:
------------------------------

We did this by algorithmically figuring out who’s contributed code to
the project and in what directories.  Unfortunately, that doesn’t work
well: people that have made mechanical code changes (e.g change the
copyright header across all directories) end up as reviewers in lots of
places.

Instead of using pure commit data, we generated an excessively large
list of reviewers and pruned based on all time commit data, recent
commit data and review data (number of PRs commented on).

At this point we have a decent list of reviewers, but it needs one last
pass for fine tuning.

Also, see https://github.com/kubernetes/contrib/issues/1389.

TLDR:
-----

As an owner of a sig/directory and a leader of the project, here’s what
we need from you:

1. Use PR https://github.com/kubernetes/kubernetes/pull/35715 as an example.

2. The pull-request is made editable, please edit the `OWNERS` file to
remove the names of people that shouldn't be reviewing code in the
future in the **reviewers** section. You probably do NOT need to modify
the **approvers** section. Names asre sorted by relevance, using some
secret statistics.

3. Notify me if you want some OWNERS file to be removed.  Being an
approver or reviewer of a parent directory makes you a reviewer/approver
of the subdirectories too, so not all OWNERS files may be necessary.

4. Please use ALIAS if you want to use the same list of people over and
over again (don't hesitate to ask me for help, or use the pull-request
above as an example)
 2016-11-28 11:42:49 -08:00
LouZhengwei 9fe0b88f92 fix bug of closing the same channel multiple times 2016-11-24 23:41:48 +08:00
andrewsykim 439ab5a487 fix mixleading warning message regarding kube-proxy nodeIP initialization 2016-11-24 01:35:45 -05:00
Chao Xu bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu b9e3ffb515 misc 2016-11-23 15:53:09 -08:00
Kubernetes Submit Queue ddf5888da4 Merge pull request #35681 from vincentheet/issue-35677 
Automatic merge from submit-queue

Change stickyMaxAge from seconds to minutes, fixes issue #35677

**What this PR does / why we need it**: Increases the service sessionAfinity time from 180 seconds to 180 minutes for proxy mode iptables which was a bug introduced in a refactor.

**Which issue this PR fixes**: fixes #35677

**Special notes for your reviewer**: 

**Release note**:

``` release-note
Fixed wrong service sessionAffinity stickiness time from 180 sec to 180 minutes in proxy mode iptables.
```

Since there is no test for the sessionAffinity feature at the moment I wanted to create one but I don't know how.
 2016-11-22 10:35:36 -08:00
m1093782566 315c8359cf fix proxier_test.go hasJump() 2016-11-17 10:31:48 +08:00
Mandar U Jog 3fdc343a98 Handle Empty clusterCIDR 
Empty clusterCIDR causes invalid rules generation.
Fixes issue #36652
 2016-11-15 14:34:25 -08:00
Tim Hockin 19dd9c1271 Reduce to folks with context 2016-11-15 08:51:12 +01:00
Tim Hockin 1aeecd7847 Reduce to people with context 2016-11-15 08:50:14 +01:00
Tim Hockin 5bcaa09a5a Trim to folks with context 2016-11-15 08:49:30 +01:00
Tim Hockin 4caa6e0b78 Trim down to the folks I think have real context 2016-11-15 08:48:31 +01:00
Antoine Pelisse 40a8574b0a Update OWNERS 2016-11-09 14:37:31 -08:00
Antoine Pelisse cbbf366f1f Update OWNERS approvers and reviewers: pkg/proxy 2016-11-09 10:17:55 -08:00
Kubernetes Submit Queue c52efa570d Merge pull request #36079 from apprenda/windows_kube_proxy 
Automatic merge from submit-queue

Add Windows support to kube-proxy

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:
This is the first stab at supporting kube-proxy (userspace mode) on Windows

**Which issue this PR fixes** : 
fixes #30278

**Special notes for your reviewer**:
The MVP uses `netsh portproxy` to redirect traffic from `ServiceIP:ServicePort` to a `LocalIP:LocalPort`. 
For the next version we are expecting to have guidance from Microsoft Container Networking team.

**Limitations**:
Current implementation does not support DNS queries over UDP as `netsh portproxy` currently only supports TCP. We are working with Microsoft to remediate this.

cc: @brendandburns @dcbw 

**Release note**:
<!--  Steps to write your release note:
1. Use the release-note-* labels to set the release note state (if you have access) 
2. Enter your extended release note in the below block; leaving it blank means using the PR title as the release note. If no release note is required, just write `NONE`. 
-->
```release-note
```
 2016-11-09 01:26:27 -08:00
Paulo Pires 562d0756ef
Fixed copyright headers. 2016-11-07 09:18:07 +00:00
Paulo Pires acf3f368bc
Added new userspace proxy mode specifically for Windows. 2016-11-07 09:11:35 +00:00
Zihong Zheng 55f75c37f7 Default to the old behavior for proxier sync. 2016-11-06 22:45:53 -08:00
Timothy St. Clair 2b012e822a Add minimum iptables sync period to the proxy, default is 2/sec 2016-11-04 00:38:35 -05:00
xiangpengzhao 513b346bb7 Log portal IP in error info. 2016-11-01 05:26:16 -04:00
Vincent Heet 528bc97dd3 Change stickyMaxAge from seconds to minutes, fixes issue #35677 2016-10-27 09:56:17 +02:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
bprashanth a46a849b9e Promote source ip annotations to beta 2016-10-19 13:39:37 -07:00
bprashanth 5cb8e8e1d6 Fix health check node port leak 2016-10-19 13:39:37 -07:00
bprashanth 06cbb36a1f Proxier unittests 2016-09-29 17:35:43 -07:00
bprashanth 93f9b54cab NodePorts understand OnlyLocal 2016-09-29 17:35:43 -07:00
Girish Kalele d3a1510e02 Fix kube-proxy logic to change iptables chains when ESIPP is turned on or off 2016-09-06 11:04:36 -07:00
Angus Salkeld f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
Kubernetes Submit Queue ecf24101d3 Merge pull request #31485 from m1093782566/m109-proxy-fix-naming 
Automatic merge from submit-queue

[kube-proxy] Fix naming errors and sentence breaking in pkg/proxy/healthcheck

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

addresses #31484 

@girishkalele
 2016-08-26 01:53:24 -07:00
m1093782566 e16e5c4fec fix naming error and sentence breaking in pkg/proxy/healthcheck 
Change-Id: Iee36ff4e497052f473f95f8f0a92421d85e3c416
 2016-08-26 10:39:56 +08:00
Kubernetes Submit Queue 189a870ec8 Merge pull request #30376 from justinsb/kubenet_mtu 
Automatic merge from submit-queue

Add kubelet --network-plugin-mtu flag for MTU selection

* Add network-plugin-mtu option which lets us pass down a MTU to a network provider (currently processed by kubenet)
* Add a test, and thus make sysctl testable
 2016-08-23 21:54:50 -07:00
Girish Kalele b82c028f77 GCE Cloud provider changes for ESIPP 
Add feature gate (ExternalTrafficLocalOnly) for alpha feature
 2016-08-23 16:16:39 -07:00
xiangpengzhao 9ef7475c12 Cover port_allocator_test with more conditions 2016-08-23 05:19:44 -04:00
Justin Santa Barbara 2c103af2b6 Create testable implementation of sysctl 
This is so we can test kubenet Init, which calls sysctl
 2016-08-23 01:42:37 -04:00
Minhan Xia ec5699e451 clean up oldIptablesMasqueradeMark 2016-08-22 15:05:13 -07:00
Girish Kalele 282880f549 Code review changes 2016-08-20 19:49:30 -07:00
Girish Kalele 29188c68d5 Load Balancer Health Check responder library for ESIPP 2016-08-20 19:45:56 -07:00
Minhan Xia 392a92c9fa change KUBE-XLB back to KUBE-FW 2016-08-18 10:19:59 -07:00
Minhan Xia b31874fe82 bug fixes and nits 2016-08-18 10:19:59 -07:00
Minhan Xia 1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith 2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia 643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
Girish Kalele 5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Lucas Käldström c88a07ce1a Run goimports 2016-08-02 15:12:39 +03:00
Michal Rostecki 59ca5986dd Print/log pointers of structs with %#v instead of %+v 
There are many places in k8s where %+v is used to format a pointer
to struct, which isn't working as expected.

Fixes #26591
 2016-08-01 22:27:56 +02:00
Davanum Srinivas 2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
k8s-merge-robot 04602bb9e5 Merge pull request #28655 from freehan/kubeproxyfix 
Automatic merge from submit-queue

Don't delete affinity when endpoints are empty

closes: #25316
 2016-07-08 11:28:43 -07:00
Minhan Xia e1df5c8b30 fix proxy unit tests 2016-07-07 17:43:22 -07:00
k8s-merge-robot 3895cede49 Merge pull request #28434 from thockin/br-netfilter-warning 
Automatic merge from submit-queue

Remove br_netfilter warning in kube-proxy

Many distros have this module linked in, generating a spurious error.

Fixes #23385
 2016-07-07 10:27:20 -07:00
bin liu 426fdc431a Merge branch 'master' into fix-typos 2016-07-04 11:20:47 +08:00
Tim Hockin 04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
Minhan Xia 51dcff40e6 Merge remote-tracking branch 'thockin/userspace-proxy-affinity-25314' into kubeproxyfix 2016-07-01 11:48:02 -07:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
bin liu fd27cd47f7 fix some typos 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2016-06-22 18:14:26 +08:00
Minhan Xia 6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
k8s-merge-robot f9b8fd0c96 Merge pull request #25011 from zhouhaibing089/addclose 
Automatic merge from submit-queue

followup to add http server close method

Fixes #25009, a follow up of https://github.com/kubernetes/kubernetes/pull/24595.
 2016-05-09 22:32:02 -07:00
Tim Hockin 9052eddaf6 Don't delete affinity when endpoints are empty 
This only affects the userspace kube-proxy.
 2016-05-07 21:23:50 -07:00
zhouhaibing089 5923fd352e followup to add http server close method 2016-05-05 12:04:41 +08:00
Gao Zheng c75cb94be6 Squashed commit of the following: 
commit 7bf1a05f61b78196c8d272e0d55980ba2254e81d
Author: gaozheng <gaozheng0123@163.com>
Date:   Thu Apr 28 01:23:42 2016 +0000

    fix gofmt

commit 54f6fa6ca76ee0fc5c4f8609fb2f875111ce2141
Author: Gao Zheng <gaozheng0123@163.com>
Date:   Sat Apr 23 13:09:41 2016 +0000

    reset session affinity if endpoint is unconnected
 2016-05-03 01:36:32 +00:00
Clayton Coleman fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia 0d36dc7000 added test for revertPorts 2016-04-26 14:23:06 -07:00
Minhan Xia 56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
k8s-merge-robot 767fa6913d Merge pull request #24118 from smarterclayton/proxy_args 
Automatic merge from submit-queue

Allow Proxy to be initialized with store
 2016-04-21 04:42:43 -07:00
goltermann 3fa6c6f6d9 Enable vet 2016-04-20 09:48:24 -07:00
CJ Cullen 760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia 4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Clayton Coleman a5152a4005 Allow Proxy to be initialized with store 
The proxy should be able to reuse a store on initialization.
Minor cleanup to make experimentation with the proxy easier.
 2016-04-11 23:30:58 -04:00
Eric Paris 5e5a823294 Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
Dan Williams 6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre 9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
Jan Chaloupka 4389b3f0d6 Rewritte util.* -> wait.* wherever reasonable 2016-02-07 12:02:20 +01:00
k8s-merge-robot c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
k8s-merge-robot 0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin 1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin 107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin 41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian 589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin 11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot 26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry 1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang 936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer 8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot 5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski 960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin 970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot 36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah 5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali 06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah 7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot 18ad5f8cdf Merge pull request #15745 from ArtfulCoder/reduceTimeout 
Auto commit by PR queue bot
 2015-10-19 13:02:17 -07:00
k8s-merge-robot 75c977d200 Merge pull request #15596 from zhengguoyong/alias_util_errors_packagename 
Auto commit by PR queue bot
 2015-10-19 02:35:37 -07:00
Jordan Liggitt 55cd3f1030 Platform-specific setRLimit implementations 2015-10-18 21:26:39 -04:00
eulerzgy f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Abhishek Shah de214829f6 Update endpoint dialTimeouts to reasonable values 2015-10-16 14:57:43 -07:00
derekwaynecarr 970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
Alex Robinson c1012d8c93 Merge pull request #14882 from ArtfulCoder/logformat 
fixed log format
 2015-10-05 10:50:30 -07:00
qiaolei 718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
k8s-merge-robot fb4882620f Merge pull request #14611 from MikaelCluseau/wip-optional-sysctl 
Auto commit by PR queue bot
 2015-10-01 00:28:38 -07:00
Abhishek Shah 6278b5f648 fixed log format 2015-09-30 16:29:32 -07:00
Mikaël Cluseau 4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Tim Hockin 3c36439665 Don't log every connection by default 2015-09-25 14:02:24 -07:00
Tim Hockin 7509bf6318 Set UDP timeout to 1/4 second 2015-09-25 14:02:24 -07:00
Abhishek Shah 6945cb050c Set rlimit for openfile handles to 64k 2015-09-18 10:53:55 -07:00
Daniel Martí 586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Alex Mohr 2cf207ec60 Merge pull request #13992 from aveshagarwal/userspace-proxy-typo 
Fixes error message.
 2015-09-16 21:49:19 -07:00
Tim Hockin 84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Avesh Agarwal a84e49aaab Fixes error message. 2015-09-15 14:37:56 -04:00
Dan Winship 30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship 8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith 15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
Daniel Smith 9fc8a79e37 Revert "Revert "Don't take the proxy mutex in the traffic path"" 2015-09-01 16:40:11 -07:00
Daniel Smith 46ae7e87c7 Increase timeout to fix flaky tests 2015-09-01 16:08:13 -07:00
Daniel Smith a20d7ca481 Revert "Don't take the proxy mutex in the traffic path" 2015-09-01 13:33:05 -07:00
k8s-merge-robot 3d51f524b5 Merge pull request #13386 from danwinship/iptables-w 
Auto commit by PR queue bot
 2015-09-01 13:07:57 -07:00
Tim Hockin f0a9badd2d Don't take the proxy mutex in the traffic path 
This should make throughput better on the userspace proxier.

Fixes #11977
 2015-08-31 17:01:52 -07:00
Dan Winship a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin 8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Tim Hockin 5087ae6c93 Hold node-ports for publicIPs for local IPs 2015-08-24 16:32:44 -07:00
Tim Hockin f5a9281a26 Actually hold NodePorts open in kube-proxy 2015-08-24 16:32:44 -07:00
Nikhil Jindal 9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin 16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00
BenTheElder 81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00
Jerzy Szczepkowski 3df1b9e151 Merge pull request #12986 from BenTheElder/masquerade_all_flag 
Add flag to masquerade all in kube-proxy when using iptables proxier
 2015-08-21 10:28:07 +02:00
BenTheElder 1f2076ce64 Add flag to masquerade all in kube-proxy when using iptables proxier 2015-08-20 20:12:32 -04:00
Abhishek Shah b6b8e99393 External IPs support. 2015-08-20 16:10:01 -07:00
jiangyaoguo 5a95eb7326 Test UDP timeout 2015-08-19 21:50:43 +08:00
Kris Rousey ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Tim Hockin 6f34be30a3 Limit float precision to 5 points 2015-08-17 20:57:44 -07:00
Tim Hockin 7e9c685ba6 Require same min iptables version as -C 2015-08-17 20:57:44 -07:00
Tim Hockin 3a5c23d727 test for and set bridge-nf-call-iptables sysctl 2015-08-17 20:57:44 -07:00
Tim Hockin 9cf33772b4 test for and set route_localnet sysctl 2015-08-17 20:52:06 -07:00
Tim Hockin f1a48574a6 Clean up logging, make initial sync faster 2015-08-17 20:52:06 -07:00
Tim Hockin d72892d0b0 Include protocol in the hash for chain names 2015-08-17 20:52:06 -07:00
Tim Hockin 731d5e5191 Clean up iptables rules, add nodeport support 2015-08-17 20:52:06 -07:00
Tim Hockin d14c98f6cc Add nodepoprt chain and link it in, add unused MASQ rule 2015-08-17 20:52:06 -07:00
Robert Bailey 6fcdcec25d Merge pull request #12658 from sdminonne/bug_fix2 
to fix govet issue
 2015-08-17 10:58:10 -07:00
Tim Hockin 776132e1ae Make kube-proxy iptables sync period configurable 2015-08-13 09:53:32 -07:00
Salvatore Dario Minonne 48018c402c to fix govet issue 2015-08-13 17:26:43 +02:00
BenTheElder 8006a39cc3 Fix #12596 
Fix for https://github.com/kubernetes/kubernetes/issues/12596
Disconnect the pure-iptables proxy’s services chain when starting the
userspace proxy.
 2015-08-12 20:06:09 -04:00
BenTheElder ae569e20b5 Partially Implement #3760 2015-08-12 02:39:15 -04:00
Piotr Szczesniak 1df0267f4a Merge pull request #12551 from eparis/underscore-to-dash 
Update code and docs to use - in flag names instead of _
 2015-08-12 07:16:31 +02:00
Kris Rousey 565189f5b8 Correcting all go vet errors 2015-08-11 13:55:37 -07:00
Eric Paris 5aa495cdad Update code to use - in flag names instead of _ 2015-08-11 16:31:52 -04:00
Alex Robinson c5e221dca7 Merge pull request #12440 from BenTheElder/proxy_config_handler_refactor 
Refactor `pkg/proxy/config`'s ServiceConfigHandler and EndpointsConfigHandler.
 2015-08-10 09:44:38 -07:00
Veres Lajos 9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
BenTheElder 6bbf2aaab7 Refactor pkg/proxy/config's ServiceConfigHandler and EndpointsConfigHandler to have different update methods. 
Refactor `pkg/proxy/config`’s ServiceConfigHandler.OnUpdate and
EndpointsConfigHandler.OnUpdate to different method names as they have
different signatures.

This will let the new proxy
(https://github.com/GoogleCloudPlatform/kubernetes/issues/3760)
implement both interfaces.

Since we won’t need a separate loadbalancer structure (load balancing
is handled in the proxy rules), we will simply handle both event types
from the same object.
 2015-08-08 15:16:55 -04:00
BenTheElder f6d257c0f3 fix missing import in roundrobin_test.go 2015-08-08 00:02:35 -04:00
BenTheElder 962a7b492b in pkg/proxy, merge proxy_provider.go and service_port_name.go to types.go 2015-08-07 21:10:34 -04:00
BenTheElder 1f6baa6549 Move userspace code to sub-package in proxy. 
Moves the userspace code in proxy to a sub-package and adds the
ProxyProvider interface.

This is in preparation for landing an implementation of
https://github.com/GoogleCloudPlatform/kubernetes/issues/3760, which
will mostly be in another sub package for iptables.
 2015-08-07 20:07:15 -04:00
BenTheElder 5867fca8bf Fix iptables Interface mocking, move Restore/RestoreAll to shared impl 
also put TODO for unit tests, move defer file deletion until after file
creation error is checked.
 2015-08-07 19:08:21 -04:00
Mike Danese 17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Abhishek Shah 4bbecea4e6 Changed udpIdleTimeout to 1 second from 10 seconds 2015-08-03 15:32:59 -07:00
jiangyaoguo 79ed954ec2 replace Reflector with client.cache.Reflector in kube-proxy 2015-06-29 11:21:50 +08:00
James DeFelice 4abcf7449c implementation of proxy port allocation 2015-06-02 12:28:25 +00:00
Tim Hockin ac3cc3c518 Rename PORTAL_NET all over 2015-05-28 16:10:44 -07:00
Tim Hockin 4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Tim Hockin bd2314fa78 Fix session affinity in kube-proxy 2015-05-26 17:19:29 -07:00