github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
92,005 Commits 1 Branch 31 Tags 1,019 MiB
2bc3210b2e
Commit Graph

1320 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
73fa63a86d
Merge pull request #92035 from danwinship/unmark-before-masq 
kubelet, kube-proxy: unmark packets before masquerading them
 2020-06-16 00:50:03 -07:00
Dan Winship
c12534d8b4 kubelet, kube-proxy: unmark packets before masquerading them 
It seems that if you set the packet mark on a packet and then route
that packet through a kernel VXLAN interface, the VXLAN-encapsulated
packet will still have the mark from the original packet. Since our
NAT rules are based on the packet mark, this was causing us to
double-NAT some packets, which then triggered a kernel checksumming
bug. But even without the checksum bug, there are reasons to avoid
double-NATting, so fix the rules to unmark the packets before
masquerading them.
 2020-06-15 18:45:38 -04:00
Kubernetes Prow Robot
35fc65dc2c
Merge pull request #89998 from Nordix/issue-89923 
Filter nodePortAddresses to proxiers
 2020-06-13 09:39:55 -07:00
Vinod K L Swamy
ac3f87346f
KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows 
Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>
 2020-06-10 15:36:48 -07:00
Kubernetes Prow Robot
6ac3ca4b17
Merge pull request #91886 from sbangari/fixsourcevip 
Fix access to Kubernetes Service from inside Windows Pod when two ser…
 2020-06-09 14:49:50 -07:00
Kubernetes Prow Robot
b731b2ebbc
Merge pull request #91905 from lo24/master 
fix minor typos in ipvs readme.md
 2020-06-09 03:13:18 -07:00
Kubernetes Prow Robot
86e14157d0
Merge pull request #91706 from sbangari/remoteendpointrefcount 
Fixing refcounting of remote endpoints used across services
 2020-06-08 21:43:34 -07:00
Sravanth Bangari
c3eb69c1f1 Fix access to Kubernetes Service from inside Windows Pod when two services have same NodeIp as backend (Overlay) 2020-06-08 11:20:56 -07:00
lo24
491961e03c fix minor typos in ipvs readme.md 2020-06-08 14:31:39 +00:00
Sravanth Bangari
cd43fc94f7 Fixing refcounting of remote endpoints used across services 2020-06-04 21:59:14 -07:00
Kubernetes Prow Robot
98de6bd142
Merge pull request #91701 from elweb9858/sessionaffinity 
Adding windows implementation for sessionaffinity
 2020-06-03 17:44:43 -07:00
elweb9858
44096b8f71 Adding windows implementation for sessionaffinity 2020-06-03 13:41:59 -07:00
Kubernetes Prow Robot
8f5e8514b3
Merge pull request #90103 from SataQiu/refactor-proxy-20200413 
kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation
 2020-06-02 19:44:17 -07:00
Andrew Sy Kim
18741157ef proxier/ipvs: remove redundant length check for node addresses 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-28 11:48:48 -04:00
Andrew Sy Kim
f96d35fc11 proxy utils: GetNodeAddresses should check if matching addresses were found 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-26 12:45:32 -04:00
Andrew Sy Kim
a99321c87c proxy utils: check network interfaces only once 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-05-26 12:12:15 -04:00
SataQiu
b68312e688 kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-05-26 15:32:05 +08:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2020-05-16 07:54:27 -04:00
Lars Ekman
f54b8f98b9 Filter nodePortAddresses to the proxiers. 
Log a warning for addresses of wrong family.
 2020-05-15 09:54:33 +02:00
Casey Callendrello
042daa24ac proxy: followup to last-queued-change metric 
Fixes two small issues with the metric added in #90175:

1. Bump the timestamp on initial informer sync. Otherwise it remains 0 if
   restarting kube-proxy in a quiescent cluster, which isn't quite right.
2. Bump the timestamp even if no healthz server is specified.
 2020-05-11 18:48:47 +02:00
Casey Callendrello
2e1a884bf3 pkg/proxy: add last-queued-timestamp metric 
This adds a metric, kubeproxy_sync_proxy_rules_last_queued_timestamp,
that captures the last time a change was queued to be applied to the
proxy. This matches the healthz logic, which fails if a pending change
is stale.

This allows us to write alerts that mirror healthz.

Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2020-04-21 15:19:32 +02:00
Tim Hockin
9551ecb7c3 Cleanup: Change "Ip" to "IP" in func and var names 2020-04-10 15:29:50 -07:00
Tim Hockin
efb24d44c6 Rename iptables IsIpv6 to IsIPv6 2020-04-10 15:29:50 -07:00
Tim Hockin
ef934a2c5e Add Protocol() method to iptables 
Enables simpler printing of which IP family the iptables interface is
managing.
 2020-04-10 15:29:49 -07:00
Tim Hockin
b874f7c626 Encapsulate sysctl test and log 2020-04-10 15:29:49 -07:00
Tim Hockin
341022f8d1 kube-proxy: log service and endpoint updates 2020-04-10 15:29:44 -07:00
Tim Hockin
37da906db2 kube-proxy: more logging at startup 2020-04-10 15:17:46 -07:00
Kubernetes Prow Robot
4a63d95916
Merge pull request #89792 from andrewsykim/remove-redundant-len-check 
proxy: remove redundant length check on local address sets
 2020-04-10 00:31:47 -07:00
Kubernetes Prow Robot
cabf5d1cdc
Merge pull request #89350 from SataQiu/fix-kube-proxy-20200323 
kube-proxy: treat failure to bind to a port as fatal
 2020-04-06 17:47:20 -07:00
louisgong
619f657b15 add loaded module 2020-04-04 08:49:19 +08:00
Andrew Sy Kim
5169ef5fb5 proxy: remove redundant length check on local address set 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-02 16:06:51 -04:00
Kubernetes Prow Robot
bbe5594409
Merge pull request #89296 from danwinship/random-emptily 
Don't log whether we're using iptables --random-fully
 2020-04-02 12:42:24 -07:00
Kubernetes Prow Robot
c2ae0bd763
Merge pull request #74073 from Nordix/issue-70020 
Issue #70020; Flush Conntrack entities for SCTP
 2020-04-01 22:14:24 -07:00
SataQiu
871b90ba23 kube-proxy: add '--bind-address-hard-fail' flag to treat failure to bind to a port as fatal 
Signed-off-by: SataQiu <1527062125@qq.com>
 2020-04-02 13:13:10 +08:00
Tim Hockin
15632b10cb Clean up kube-proxy metrics startup 2020-03-30 10:29:14 -07:00
Tim Hockin
8747ba9370 Clean up kube-proxy healthz startup 
Make the healthz package simpler, move retries back to caller.
 2020-03-30 10:29:14 -07:00
Dan Winship
945d5f8d7d Make userspace proxy logging quieter 2020-03-20 08:24:02 -04:00
Dan Winship
8edd656238 Don't log whether we're using iptables --random-fully 2020-03-20 08:06:27 -04:00
Kubernetes Prow Robot
1b3c94b034
Merge pull request #89146 from SataQiu/fix-kube-proxy-20200316 
comment cleanup for kube-proxy
 2020-03-18 22:25:05 -07:00
Kubernetes Prow Robot
42c94f35a7
Merge pull request #88541 from cmluciano/cml/41ipvsfix 
ipvs: only attempt setting of sysctlconnreuse on supported kernels
 2020-03-17 16:21:28 -07:00
SataQiu
64a496e645 kube-proxy: some code cleanup 2020-03-17 21:46:54 +08:00
Minhan Xia
068963fc06 add testing 2020-03-13 14:59:40 -07:00
Minhan Xia
d527a09192 add ExternalTrafficPolicy support for External IPs in ipvs kubeproxy 2020-03-13 14:59:39 -07:00
Minhan Xia
efc4b12186 add ExternalTrafficPolicy support for External IPs in iptables kubeproxy 2020-03-13 14:59:39 -07:00
Christopher M. Luciano
d22e18ad4f
ipvs: only attempt setting of sysctlconnreuse on supported kernels 
This builds on previous work but only sets the sysctlConnReuse value
if the kernel is known to be above 4.19. To avoid calling GetKernelVersion
twice, I store the value from the CanUseIPVS method and then check the version
constraint at time of expected sysctl call.

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-03-12 13:16:00 -04:00
Lars Ekman
aa8521df66 Issue #70020; Flush Conntrack entities for SCTP 
Signed-off-by: Lars Ekman <lars.g.ekman@est.tech>
 2020-03-11 09:56:54 +01:00
Kubernetes Prow Robot
0ec85a1467
Merge pull request #88934 from aojea/endpointnolog 
Stop flooding the kube-proxy logs on dual-stack because of IPFamily
 2020-03-10 12:43:37 -07:00
Satyadeep Musuvathy
e053fdd08a Add NodeCIDR for detect-local-mode 2020-03-09 13:44:34 -07:00
Antonio Ojea
df58c042a8 metaproxier logging for endpoints ipfamily 
The kube-proxy metaproxier implementations tries to get the IPFamily
from the endpoints, but if the endpoints doesn't contains an IP
address it logs a Warning.

This causes that services without endpoints keep flooding the logs
with warnings.

We log this errors with a level of Verbosity of 4 instead of a Warning
 2020-03-07 11:42:02 +01:00