Commit Graph

1335 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
11348a38d7
Merge pull request #92871 from liggitt/kube-features
Move proxy features to kube_features
2020-07-11 20:57:22 -07:00
Kubernetes Prow Robot
76e3b255e1
Merge pull request #92836 from aojea/minsyncperiod
kube-proxy iptables min-sync-period default 1sec
2020-07-11 20:56:03 -07:00
Rob Scott
8039cf9bb1
Graduating EndpointSliceProxying to beta for Linux 2020-07-07 14:18:03 -07:00
Jordan Liggitt
8d03ace92b Move proxy features to kube_features 2020-07-07 12:34:18 -04:00
Antonio Ojea
f8e64d31f9 kube-proxy iptables min-sync-period default 1sec
Currently kube-proxy defaults the min-sync-period for
iptables to 0. However, as explained by Dan Winship,

"With minSyncPeriod: 0, you run iptables-restore 100 times.
 With minSyncPeriod: 1s , you run iptables-restore once.
 With minSyncPeriod: 10s , you also run iptables-restore once,
 but you might have to wait 10 seconds first"
2020-07-07 11:23:00 +02:00
Andrew Sy Kim
de2ecd7e2f proxier/ipvs: check already binded addresses in the IPVS dummy interface
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Co-authored-by: Laurent Bernaille <laurent.bernaille@gmail.com>
2020-07-02 15:32:21 -04:00
Kubernetes Prow Robot
4d0ce2e708
Merge pull request #92584 from aojea/ipvsfix
IPVS: kubelet, kube-proxy: unmark packets before masquerading …
2020-07-01 23:13:57 -07:00
Kubernetes Prow Robot
8623c26150
Merge pull request #90909 from kumarvin123/feature/WindowsEpSlices
EndPointSlices implementation for Windows
2020-07-01 23:12:01 -07:00
Antonio Ojea
c40081b550 kube-proxy ipvs masquerade hairpin traffic
Masquerade de traffic that loops back to the originator
before they hit the kubernetes-specific postrouting rules

Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-07-01 09:16:19 +02:00
Antonio Ojea
c7a29774c9 kube-proxy dual-stack infers IP family from ClusterIP
when dual-stack kube-proxy infers the service IP family from
the ClusterIP because ipFamily field is going to be deprecated.

Since kube-proxy skip headless and externalname services we
can safely obtain the IPFamily from the ClusterIP field

Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-06-30 18:42:19 +02:00
Antonio Ojea
a46e1f0613 kube-proxy ShouldSkipService takes only one argument
instead of receiving the service name and namespace we
can obtain it from the service object directly.

Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-06-30 18:42:15 +02:00
Kubernetes Prow Robot
8a76c27b8d
Merge pull request #88573 from davidstack/master
the result value of functrion NodeIPS will contain the docker0 ip , update the comment
2020-06-30 00:01:59 -07:00
Vinod K L Swamy
bbd4a07dec
Changes to WinKernel to support EndpointSlices 2020-06-29 14:31:15 -07:00
Vinod K L Swamy
4505d5b182
Changes to Proxy common code 2020-06-29 14:29:46 -07:00
Damon Wang
b199dd8ee1 update the comment of NodeIPs function 2020-06-29 15:29:16 +08:00
Kubernetes Prow Robot
73fa63a86d
Merge pull request #92035 from danwinship/unmark-before-masq
kubelet, kube-proxy: unmark packets before masquerading them
2020-06-16 00:50:03 -07:00
Dan Winship
c12534d8b4 kubelet, kube-proxy: unmark packets before masquerading them
It seems that if you set the packet mark on a packet and then route
that packet through a kernel VXLAN interface, the VXLAN-encapsulated
packet will still have the mark from the original packet. Since our
NAT rules are based on the packet mark, this was causing us to
double-NAT some packets, which then triggered a kernel checksumming
bug. But even without the checksum bug, there are reasons to avoid
double-NATting, so fix the rules to unmark the packets before
masquerading them.
2020-06-15 18:45:38 -04:00
Kubernetes Prow Robot
35fc65dc2c
Merge pull request #89998 from Nordix/issue-89923
Filter nodePortAddresses to proxiers
2020-06-13 09:39:55 -07:00
Vinod K L Swamy
ac3f87346f
KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows
Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>
2020-06-10 15:36:48 -07:00
Kubernetes Prow Robot
6ac3ca4b17
Merge pull request #91886 from sbangari/fixsourcevip
Fix access to Kubernetes Service from inside Windows Pod when two ser…
2020-06-09 14:49:50 -07:00
Kubernetes Prow Robot
b731b2ebbc
Merge pull request #91905 from lo24/master
fix minor typos in ipvs readme.md
2020-06-09 03:13:18 -07:00
Kubernetes Prow Robot
86e14157d0
Merge pull request #91706 from sbangari/remoteendpointrefcount
Fixing refcounting of remote endpoints used across services
2020-06-08 21:43:34 -07:00
Sravanth Bangari
c3eb69c1f1 Fix access to Kubernetes Service from inside Windows Pod when two services have same NodeIp as backend (Overlay) 2020-06-08 11:20:56 -07:00
lo24
491961e03c fix minor typos in ipvs readme.md 2020-06-08 14:31:39 +00:00
Sravanth Bangari
cd43fc94f7 Fixing refcounting of remote endpoints used across services 2020-06-04 21:59:14 -07:00
Kubernetes Prow Robot
98de6bd142
Merge pull request #91701 from elweb9858/sessionaffinity
Adding windows implementation for sessionaffinity
2020-06-03 17:44:43 -07:00
elweb9858
44096b8f71 Adding windows implementation for sessionaffinity 2020-06-03 13:41:59 -07:00
Kubernetes Prow Robot
8f5e8514b3
Merge pull request #90103 from SataQiu/refactor-proxy-20200413
kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation
2020-06-02 19:44:17 -07:00
Andrew Sy Kim
18741157ef proxier/ipvs: remove redundant length check for node addresses
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-28 11:48:48 -04:00
Andrew Sy Kim
f96d35fc11 proxy utils: GetNodeAddresses should check if matching addresses were found
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-26 12:45:32 -04:00
Andrew Sy Kim
a99321c87c proxy utils: check network interfaces only once
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-26 12:12:15 -04:00
SataQiu
b68312e688 kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation
Signed-off-by: SataQiu <1527062125@qq.com>
2020-05-26 15:32:05 +08:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:27 -04:00
Lars Ekman
f54b8f98b9 Filter nodePortAddresses to the proxiers.
Log a warning for addresses of wrong family.
2020-05-15 09:54:33 +02:00
Casey Callendrello
042daa24ac proxy: followup to last-queued-change metric
Fixes two small issues with the metric added in #90175:

1. Bump the timestamp on initial informer sync. Otherwise it remains 0 if
   restarting kube-proxy in a quiescent cluster, which isn't quite right.
2. Bump the timestamp even if no healthz server is specified.
2020-05-11 18:48:47 +02:00
Casey Callendrello
2e1a884bf3 pkg/proxy: add last-queued-timestamp metric
This adds a metric, kubeproxy_sync_proxy_rules_last_queued_timestamp,
that captures the last time a change was queued to be applied to the
proxy. This matches the healthz logic, which fails if a pending change
is stale.

This allows us to write alerts that mirror healthz.

Signed-off-by: Casey Callendrello <cdc@redhat.com>
2020-04-21 15:19:32 +02:00
Tim Hockin
9551ecb7c3 Cleanup: Change "Ip" to "IP" in func and var names 2020-04-10 15:29:50 -07:00
Tim Hockin
efb24d44c6 Rename iptables IsIpv6 to IsIPv6 2020-04-10 15:29:50 -07:00
Tim Hockin
ef934a2c5e Add Protocol() method to iptables
Enables simpler printing of which IP family the iptables interface is
managing.
2020-04-10 15:29:49 -07:00
Tim Hockin
b874f7c626 Encapsulate sysctl test and log 2020-04-10 15:29:49 -07:00
Tim Hockin
341022f8d1 kube-proxy: log service and endpoint updates 2020-04-10 15:29:44 -07:00
Tim Hockin
37da906db2 kube-proxy: more logging at startup 2020-04-10 15:17:46 -07:00
Kubernetes Prow Robot
4a63d95916
Merge pull request #89792 from andrewsykim/remove-redundant-len-check
proxy: remove redundant length check on local address sets
2020-04-10 00:31:47 -07:00
Kubernetes Prow Robot
cabf5d1cdc
Merge pull request #89350 from SataQiu/fix-kube-proxy-20200323
kube-proxy: treat failure to bind to a port as fatal
2020-04-06 17:47:20 -07:00
louisgong
619f657b15 add loaded module 2020-04-04 08:49:19 +08:00
Andrew Sy Kim
5169ef5fb5 proxy: remove redundant length check on local address set
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-04-02 16:06:51 -04:00
Kubernetes Prow Robot
bbe5594409
Merge pull request #89296 from danwinship/random-emptily
Don't log whether we're using iptables --random-fully
2020-04-02 12:42:24 -07:00
Kubernetes Prow Robot
c2ae0bd763
Merge pull request #74073 from Nordix/issue-70020
Issue #70020; Flush Conntrack entities for SCTP
2020-04-01 22:14:24 -07:00
SataQiu
871b90ba23 kube-proxy: add '--bind-address-hard-fail' flag to treat failure to bind to a port as fatal
Signed-off-by: SataQiu <1527062125@qq.com>
2020-04-02 13:13:10 +08:00