From 7ed83ad4f94b94a80d89eded18eaffd5cdd5d63b Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Mon, 1 Feb 2016 17:34:47 -0800 Subject: [PATCH] Make kube-proxy default to iptables (regression) This was accidentally introduced as part of the component config changes. --- cmd/kube-proxy/app/options/options.go | 1 - cmd/kube-proxy/app/server.go | 11 +++++++++-- docs/admin/kube-proxy.md | 4 ++-- pkg/apis/componentconfig/types.go | 4 ++-- pkg/kubemark/hollow_proxy.go | 2 +- test/e2e/kubeproxy.go | 11 +++++++++++ 6 files changed, 25 insertions(+), 8 deletions(-) diff --git a/cmd/kube-proxy/app/options/options.go b/cmd/kube-proxy/app/options/options.go index dff4bdc78b2..12bfa195ec1 100644 --- a/cmd/kube-proxy/app/options/options.go +++ b/cmd/kube-proxy/app/options/options.go @@ -57,7 +57,6 @@ func NewProxyConfig() *ProxyServerConfig { ResourceContainer: "/kube-proxy", IPTablesSyncPeriod: unversioned.Duration{30 * time.Second}, UDPIdleTimeout: unversioned.Duration{250 * time.Millisecond}, - Mode: componentconfig.ProxyModeUserspace, ConntrackMax: 256 * 1024, // 4x default (64k) ConntrackTCPEstablishedTimeout: unversioned.Duration{Duration: 24 * time.Hour}, // 1 day (1/5 default) }, diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go index 4941908cf74..427aa7f33fd 100644 --- a/cmd/kube-proxy/app/server.go +++ b/cmd/kube-proxy/app/server.go @@ -20,6 +20,7 @@ package app import ( "errors" + "fmt" "net" "net/http" _ "net/http/pprof" @@ -58,6 +59,7 @@ type ProxyServer struct { Broadcaster record.EventBroadcaster Recorder record.EventRecorder Conntracker Conntracker // if nil, ignored + ProxyMode string } const ( @@ -83,6 +85,7 @@ func NewProxyServer( broadcaster record.EventBroadcaster, recorder record.EventRecorder, conntracker Conntracker, + proxyMode string, ) (*ProxyServer, error) { return &ProxyServer{ Client: client, @@ -92,6 +95,7 @@ func NewProxyServer( Broadcaster: broadcaster, Recorder: recorder, Conntracker: conntracker, + ProxyMode: proxyMode, }, nil } @@ -248,7 +252,7 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err conntracker := realConntracker{} - return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker) + return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker, proxyMode) } // Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set). @@ -265,8 +269,11 @@ func (s *ProxyServer) Run() error { s.Broadcaster.StartRecordingToSink(s.Client.Events("")) - // Start up Healthz service if requested + // Start up a webserver if requested if s.Config.HealthzPort > 0 { + http.HandleFunc("/proxyMode", func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, "%s", s.ProxyMode) + }) go util.Until(func() { err := http.ListenAndServe(s.Config.HealthzBindAddress+":"+strconv.Itoa(s.Config.HealthzPort), nil) if err != nil { diff --git a/docs/admin/kube-proxy.md b/docs/admin/kube-proxy.md index 7033392651c..f9319633584 100644 --- a/docs/admin/kube-proxy.md +++ b/docs/admin/kube-proxy.md @@ -71,12 +71,12 @@ kube-proxy --masquerade-all[=false]: If using the pure iptables proxy, SNAT everything --master="": The address of the Kubernetes API server (overrides any value in kubeconfig) --oom-score-adj=-999: The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] - --proxy-mode=userspace: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy. + --proxy-mode=: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy. --proxy-port-range=: Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. --udp-timeout=250ms: How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace ``` -###### Auto generated by spf13/cobra on 27-Jan-2016 +###### Auto generated by spf13/cobra on 1-Feb-2016 diff --git a/pkg/apis/componentconfig/types.go b/pkg/apis/componentconfig/types.go index af6417a8893..1717a7c0ddd 100644 --- a/pkg/apis/componentconfig/types.go +++ b/pkg/apis/componentconfig/types.go @@ -63,9 +63,9 @@ type KubeProxyConfiguration struct { } // Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables' -// (experimental). If blank, look at the Node object on the Kubernetes API and respect the +// (newer, faster). If blank, look at the Node object on the Kubernetes API and respect the // 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the -// best-available proxy (currently userspace, but may change in future versions). If the +// best-available proxy (currently iptables, but may change in future versions). If the // iptables proxy is selected, regardless of how, but the system's kernel or iptables // versions are insufficient, this always falls back to the userspace proxy. type ProxyMode string diff --git a/pkg/kubemark/hollow_proxy.go b/pkg/kubemark/hollow_proxy.go index e1bc84bf81f..7a3920eefb7 100644 --- a/pkg/kubemark/hollow_proxy.go +++ b/pkg/kubemark/hollow_proxy.go @@ -75,7 +75,7 @@ func NewHollowProxyOrDie( endpointsConfig.Channel("api"), ) - hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil) + hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil, "fake") if err != nil { glog.Fatalf("Error while creating ProxyServer: %v\n", err) } diff --git a/test/e2e/kubeproxy.go b/test/e2e/kubeproxy.go index 9407715b0d7..35997bdcc55 100644 --- a/test/e2e/kubeproxy.go +++ b/test/e2e/kubeproxy.go @@ -197,6 +197,10 @@ func (config *KubeProxyTestConfig) hitNodePort(epCount int) { config.dialFromNode("udp", node2_IP, nodeUdpPort, tries, epCount) By("dialing(http) node1 --> node2:nodeHttpPort") config.dialFromNode("http", node2_IP, nodeHttpPort, tries, epCount) + + By("checking kube-proxy URLs") + config.getSelfURL("/healthz", "ok") + config.getSelfURL("/proxyMode", "iptables") // the default } func (config *KubeProxyTestConfig) hitEndpoints() { @@ -252,6 +256,13 @@ func (config *KubeProxyTestConfig) dialFromNode(protocol, targetIP string, targe Expect(strconv.Atoi(strings.TrimSpace(stdout))).To(BeNumerically("==", expectedCount)) } +func (config *KubeProxyTestConfig) getSelfURL(path string, expected string) { + cmd := fmt.Sprintf("curl -s --connect-timeout 1 http://localhost:10249%s", path) + By(fmt.Sprintf("Getting kube-proxy self URL %s", path)) + stdout := RunHostCmdOrDie(config.f.Namespace.Name, config.hostTestContainerPod.Name, cmd) + Expect(strings.Contains(stdout, expected)).To(BeTrue()) +} + func (config *KubeProxyTestConfig) createNetShellPodSpec(podName string, node string) *api.Pod { pod := &api.Pod{ TypeMeta: unversioned.TypeMeta{