Make kube-proxy default to iptables (regression)
This was accidentally introduced as part of the component config changes.
This commit is contained in:
Tim Hockin
parent
ba13454430
commit
7ed83ad4f9
@ -57,7 +57,6 @@ func NewProxyConfig() *ProxyServerConfig {
|
|||||||
ResourceContainer: "/kube-proxy",
|
ResourceContainer: "/kube-proxy",
|
||||||
IPTablesSyncPeriod: unversioned.Duration{30 * time.Second},
|
IPTablesSyncPeriod: unversioned.Duration{30 * time.Second},
|
||||||
UDPIdleTimeout: unversioned.Duration{250 * time.Millisecond},
|
UDPIdleTimeout: unversioned.Duration{250 * time.Millisecond},
|
||||||
Mode: componentconfig.ProxyModeUserspace,
|
|
||||||
ConntrackMax: 256 * 1024, // 4x default (64k)
|
ConntrackMax: 256 * 1024, // 4x default (64k)
|
||||||
ConntrackTCPEstablishedTimeout: unversioned.Duration{Duration: 24 * time.Hour}, // 1 day (1/5 default)
|
ConntrackTCPEstablishedTimeout: unversioned.Duration{Duration: 24 * time.Hour}, // 1 day (1/5 default)
|
||||||
},
|
},
|
||||||
|
|||||||
@ -20,6 +20,7 @@ package app
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
_ "net/http/pprof"
|
_ "net/http/pprof"
|
||||||
@ -58,6 +59,7 @@ type ProxyServer struct {
|
|||||||
Broadcaster record.EventBroadcaster
|
Broadcaster record.EventBroadcaster
|
||||||
Recorder record.EventRecorder
|
Recorder record.EventRecorder
|
||||||
Conntracker Conntracker // if nil, ignored
|
Conntracker Conntracker // if nil, ignored
|
||||||
|
ProxyMode string
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -83,6 +85,7 @@ func NewProxyServer(
|
|||||||
broadcaster record.EventBroadcaster,
|
broadcaster record.EventBroadcaster,
|
||||||
recorder record.EventRecorder,
|
recorder record.EventRecorder,
|
||||||
conntracker Conntracker,
|
conntracker Conntracker,
|
||||||
|
proxyMode string,
|
||||||
) (*ProxyServer, error) {
|
) (*ProxyServer, error) {
|
||||||
return &ProxyServer{
|
return &ProxyServer{
|
||||||
Client: client,
|
Client: client,
|
||||||
@ -92,6 +95,7 @@ func NewProxyServer(
|
|||||||
Broadcaster: broadcaster,
|
Broadcaster: broadcaster,
|
||||||
Recorder: recorder,
|
Recorder: recorder,
|
||||||
Conntracker: conntracker,
|
Conntracker: conntracker,
|
||||||
|
ProxyMode: proxyMode,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -248,7 +252,7 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
|
|||||||
|
|
||||||
conntracker := realConntracker{}
|
conntracker := realConntracker{}
|
||||||
|
|
||||||
return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker)
|
return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker, proxyMode)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set).
|
// Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set).
|
||||||
@ -265,8 +269,11 @@ func (s *ProxyServer) Run() error {
|
|||||||
|
|
||||||
s.Broadcaster.StartRecordingToSink(s.Client.Events(""))
|
s.Broadcaster.StartRecordingToSink(s.Client.Events(""))
|
||||||
|
|
||||||
// Start up Healthz service if requested
|
// Start up a webserver if requested
|
||||||
if s.Config.HealthzPort > 0 {
|
if s.Config.HealthzPort > 0 {
|
||||||
|
http.HandleFunc("/proxyMode", func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
fmt.Fprintf(w, "%s", s.ProxyMode)
|
||||||
|
})
|
||||||
go util.Until(func() {
|
go util.Until(func() {
|
||||||
err := http.ListenAndServe(s.Config.HealthzBindAddress+":"+strconv.Itoa(s.Config.HealthzPort), nil)
|
err := http.ListenAndServe(s.Config.HealthzBindAddress+":"+strconv.Itoa(s.Config.HealthzPort), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -71,12 +71,12 @@ kube-proxy
|
|||||||
--masquerade-all[=false]: If using the pure iptables proxy, SNAT everything
|
--masquerade-all[=false]: If using the pure iptables proxy, SNAT everything
|
||||||
--master="": The address of the Kubernetes API server (overrides any value in kubeconfig)
|
--master="": The address of the Kubernetes API server (overrides any value in kubeconfig)
|
||||||
--oom-score-adj=-999: The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
|
--oom-score-adj=-999: The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
|
||||||
--proxy-mode=userspace: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
|
--proxy-mode=: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
|
||||||
--proxy-port-range=: Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
|
--proxy-port-range=: Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
|
||||||
--udp-timeout=250ms: How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace
|
--udp-timeout=250ms: How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace
|
||||||
```
|
```
|
||||||
|
|
||||||
###### Auto generated by spf13/cobra on 27-Jan-2016
|
###### Auto generated by spf13/cobra on 1-Feb-2016
|
||||||
|
|
||||||
|
|
||||||
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
|
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->
|
||||||
|
|||||||
@ -63,9 +63,9 @@ type KubeProxyConfiguration struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables'
|
// Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables'
|
||||||
// (experimental). If blank, look at the Node object on the Kubernetes API and respect the
|
// (newer, faster). If blank, look at the Node object on the Kubernetes API and respect the
|
||||||
// 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the
|
// 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the
|
||||||
// best-available proxy (currently userspace, but may change in future versions). If the
|
// best-available proxy (currently iptables, but may change in future versions). If the
|
||||||
// iptables proxy is selected, regardless of how, but the system's kernel or iptables
|
// iptables proxy is selected, regardless of how, but the system's kernel or iptables
|
||||||
// versions are insufficient, this always falls back to the userspace proxy.
|
// versions are insufficient, this always falls back to the userspace proxy.
|
||||||
type ProxyMode string
|
type ProxyMode string
|
||||||
|
|||||||
@ -75,7 +75,7 @@ func NewHollowProxyOrDie(
|
|||||||
endpointsConfig.Channel("api"),
|
endpointsConfig.Channel("api"),
|
||||||
)
|
)
|
||||||
|
|
||||||
hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil)
|
hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil, "fake")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Fatalf("Error while creating ProxyServer: %v\n", err)
|
glog.Fatalf("Error while creating ProxyServer: %v\n", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -197,6 +197,10 @@ func (config *KubeProxyTestConfig) hitNodePort(epCount int) {
|
|||||||
config.dialFromNode("udp", node2_IP, nodeUdpPort, tries, epCount)
|
config.dialFromNode("udp", node2_IP, nodeUdpPort, tries, epCount)
|
||||||
By("dialing(http) node1 --> node2:nodeHttpPort")
|
By("dialing(http) node1 --> node2:nodeHttpPort")
|
||||||
config.dialFromNode("http", node2_IP, nodeHttpPort, tries, epCount)
|
config.dialFromNode("http", node2_IP, nodeHttpPort, tries, epCount)
|
||||||
|
|
||||||
|
By("checking kube-proxy URLs")
|
||||||
|
config.getSelfURL("/healthz", "ok")
|
||||||
|
config.getSelfURL("/proxyMode", "iptables") // the default
|
||||||
}
|
}
|
||||||
|
|
||||||
func (config *KubeProxyTestConfig) hitEndpoints() {
|
func (config *KubeProxyTestConfig) hitEndpoints() {
|
||||||
@ -252,6 +256,13 @@ func (config *KubeProxyTestConfig) dialFromNode(protocol, targetIP string, targe
|
|||||||
Expect(strconv.Atoi(strings.TrimSpace(stdout))).To(BeNumerically("==", expectedCount))
|
Expect(strconv.Atoi(strings.TrimSpace(stdout))).To(BeNumerically("==", expectedCount))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (config *KubeProxyTestConfig) getSelfURL(path string, expected string) {
|
||||||
|
cmd := fmt.Sprintf("curl -s --connect-timeout 1 http://localhost:10249%s", path)
|
||||||
|
By(fmt.Sprintf("Getting kube-proxy self URL %s", path))
|
||||||
|
stdout := RunHostCmdOrDie(config.f.Namespace.Name, config.hostTestContainerPod.Name, cmd)
|
||||||
|
Expect(strings.Contains(stdout, expected)).To(BeTrue())
|
||||||
|
}
|
||||||
|
|
||||||
func (config *KubeProxyTestConfig) createNetShellPodSpec(podName string, node string) *api.Pod {
|
func (config *KubeProxyTestConfig) createNetShellPodSpec(podName string, node string) *api.Pod {
|
||||||
pod := &api.Pod{
|
pod := &api.Pod{
|
||||||
TypeMeta: unversioned.TypeMeta{
|
TypeMeta: unversioned.TypeMeta{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user