Kubernetes Prow Robot
11348a38d7
Merge pull request #92871 from liggitt/kube-features
...
Move proxy features to kube_features
2020-07-11 20:57:22 -07:00
Kubernetes Prow Robot
76e3b255e1
Merge pull request #92836 from aojea/minsyncperiod
...
kube-proxy iptables min-sync-period default 1sec
2020-07-11 20:56:03 -07:00
Rob Scott
8039cf9bb1
Graduating EndpointSliceProxying to beta for Linux
2020-07-07 14:18:03 -07:00
Jordan Liggitt
8d03ace92b
Move proxy features to kube_features
2020-07-07 12:34:18 -04:00
Antonio Ojea
f8e64d31f9
kube-proxy iptables min-sync-period default 1sec
...
Currently kube-proxy defaults the min-sync-period for
iptables to 0. However, as explained by Dan Winship,
"With minSyncPeriod: 0, you run iptables-restore 100 times.
With minSyncPeriod: 1s , you run iptables-restore once.
With minSyncPeriod: 10s , you also run iptables-restore once,
but you might have to wait 10 seconds first"
2020-07-07 11:23:00 +02:00
Andrew Sy Kim
de2ecd7e2f
proxier/ipvs: check already binded addresses in the IPVS dummy interface
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Co-authored-by: Laurent Bernaille <laurent.bernaille@gmail.com>
2020-07-02 15:32:21 -04:00
Kubernetes Prow Robot
4d0ce2e708
Merge pull request #92584 from aojea/ipvsfix
...
IPVS: kubelet, kube-proxy: unmark packets before masquerading …
2020-07-01 23:13:57 -07:00
Kubernetes Prow Robot
8623c26150
Merge pull request #90909 from kumarvin123/feature/WindowsEpSlices
...
EndPointSlices implementation for Windows
2020-07-01 23:12:01 -07:00
Antonio Ojea
c40081b550
kube-proxy ipvs masquerade hairpin traffic
...
Masquerade de traffic that loops back to the originator
before they hit the kubernetes-specific postrouting rules
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-07-01 09:16:19 +02:00
Antonio Ojea
c7a29774c9
kube-proxy dual-stack infers IP family from ClusterIP
...
when dual-stack kube-proxy infers the service IP family from
the ClusterIP because ipFamily field is going to be deprecated.
Since kube-proxy skip headless and externalname services we
can safely obtain the IPFamily from the ClusterIP field
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-06-30 18:42:19 +02:00
Antonio Ojea
a46e1f0613
kube-proxy ShouldSkipService takes only one argument
...
instead of receiving the service name and namespace we
can obtain it from the service object directly.
Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>
2020-06-30 18:42:15 +02:00
Kubernetes Prow Robot
8a76c27b8d
Merge pull request #88573 from davidstack/master
...
the result value of functrion NodeIPS will contain the docker0 ip , update the comment
2020-06-30 00:01:59 -07:00
Vinod K L Swamy
bbd4a07dec
Changes to WinKernel to support EndpointSlices
2020-06-29 14:31:15 -07:00
Vinod K L Swamy
4505d5b182
Changes to Proxy common code
2020-06-29 14:29:46 -07:00
Damon Wang
b199dd8ee1
update the comment of NodeIPs function
2020-06-29 15:29:16 +08:00
Kubernetes Prow Robot
73fa63a86d
Merge pull request #92035 from danwinship/unmark-before-masq
...
kubelet, kube-proxy: unmark packets before masquerading them
2020-06-16 00:50:03 -07:00
Dan Winship
c12534d8b4
kubelet, kube-proxy: unmark packets before masquerading them
...
It seems that if you set the packet mark on a packet and then route
that packet through a kernel VXLAN interface, the VXLAN-encapsulated
packet will still have the mark from the original packet. Since our
NAT rules are based on the packet mark, this was causing us to
double-NAT some packets, which then triggered a kernel checksumming
bug. But even without the checksum bug, there are reasons to avoid
double-NATting, so fix the rules to unmark the packets before
masquerading them.
2020-06-15 18:45:38 -04:00
Kubernetes Prow Robot
35fc65dc2c
Merge pull request #89998 from Nordix/issue-89923
...
Filter nodePortAddresses to proxiers
2020-06-13 09:39:55 -07:00
Vinod K L Swamy
ac3f87346f
KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows
...
Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>
2020-06-10 15:36:48 -07:00
Kubernetes Prow Robot
6ac3ca4b17
Merge pull request #91886 from sbangari/fixsourcevip
...
Fix access to Kubernetes Service from inside Windows Pod when two ser…
2020-06-09 14:49:50 -07:00
Kubernetes Prow Robot
b731b2ebbc
Merge pull request #91905 from lo24/master
...
fix minor typos in ipvs readme.md
2020-06-09 03:13:18 -07:00
Kubernetes Prow Robot
86e14157d0
Merge pull request #91706 from sbangari/remoteendpointrefcount
...
Fixing refcounting of remote endpoints used across services
2020-06-08 21:43:34 -07:00
Sravanth Bangari
c3eb69c1f1
Fix access to Kubernetes Service from inside Windows Pod when two services have same NodeIp as backend (Overlay)
2020-06-08 11:20:56 -07:00
lo24
491961e03c
fix minor typos in ipvs readme.md
2020-06-08 14:31:39 +00:00
Sravanth Bangari
cd43fc94f7
Fixing refcounting of remote endpoints used across services
2020-06-04 21:59:14 -07:00
Kubernetes Prow Robot
98de6bd142
Merge pull request #91701 from elweb9858/sessionaffinity
...
Adding windows implementation for sessionaffinity
2020-06-03 17:44:43 -07:00
elweb9858
44096b8f71
Adding windows implementation for sessionaffinity
2020-06-03 13:41:59 -07:00
Kubernetes Prow Robot
8f5e8514b3
Merge pull request #90103 from SataQiu/refactor-proxy-20200413
...
kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation
2020-06-02 19:44:17 -07:00
Andrew Sy Kim
18741157ef
proxier/ipvs: remove redundant length check for node addresses
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-28 11:48:48 -04:00
Andrew Sy Kim
f96d35fc11
proxy utils: GetNodeAddresses should check if matching addresses were found
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-26 12:45:32 -04:00
Andrew Sy Kim
a99321c87c
proxy utils: check network interfaces only once
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-05-26 12:12:15 -04:00
SataQiu
b68312e688
kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation
...
Signed-off-by: SataQiu <1527062125@qq.com>
2020-05-26 15:32:05 +08:00
Davanum Srinivas
07d88617e5
Run hack/update-vendor.sh
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:33 -04:00
Davanum Srinivas
442a69c3bd
switch over k/k to use klog v2
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
2020-05-16 07:54:27 -04:00
Lars Ekman
f54b8f98b9
Filter nodePortAddresses to the proxiers.
...
Log a warning for addresses of wrong family.
2020-05-15 09:54:33 +02:00
Casey Callendrello
042daa24ac
proxy: followup to last-queued-change metric
...
Fixes two small issues with the metric added in #90175 :
1. Bump the timestamp on initial informer sync. Otherwise it remains 0 if
restarting kube-proxy in a quiescent cluster, which isn't quite right.
2. Bump the timestamp even if no healthz server is specified.
2020-05-11 18:48:47 +02:00
Casey Callendrello
2e1a884bf3
pkg/proxy: add last-queued-timestamp metric
...
This adds a metric, kubeproxy_sync_proxy_rules_last_queued_timestamp,
that captures the last time a change was queued to be applied to the
proxy. This matches the healthz logic, which fails if a pending change
is stale.
This allows us to write alerts that mirror healthz.
Signed-off-by: Casey Callendrello <cdc@redhat.com>
2020-04-21 15:19:32 +02:00
Tim Hockin
9551ecb7c3
Cleanup: Change "Ip" to "IP" in func and var names
2020-04-10 15:29:50 -07:00
Tim Hockin
efb24d44c6
Rename iptables IsIpv6 to IsIPv6
2020-04-10 15:29:50 -07:00
Tim Hockin
ef934a2c5e
Add Protocol() method to iptables
...
Enables simpler printing of which IP family the iptables interface is
managing.
2020-04-10 15:29:49 -07:00
Tim Hockin
b874f7c626
Encapsulate sysctl test and log
2020-04-10 15:29:49 -07:00
Tim Hockin
341022f8d1
kube-proxy: log service and endpoint updates
2020-04-10 15:29:44 -07:00
Tim Hockin
37da906db2
kube-proxy: more logging at startup
2020-04-10 15:17:46 -07:00
Kubernetes Prow Robot
4a63d95916
Merge pull request #89792 from andrewsykim/remove-redundant-len-check
...
proxy: remove redundant length check on local address sets
2020-04-10 00:31:47 -07:00
Kubernetes Prow Robot
cabf5d1cdc
Merge pull request #89350 from SataQiu/fix-kube-proxy-20200323
...
kube-proxy: treat failure to bind to a port as fatal
2020-04-06 17:47:20 -07:00
louisgong
619f657b15
add loaded module
2020-04-04 08:49:19 +08:00
Andrew Sy Kim
5169ef5fb5
proxy: remove redundant length check on local address set
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-04-02 16:06:51 -04:00
Kubernetes Prow Robot
bbe5594409
Merge pull request #89296 from danwinship/random-emptily
...
Don't log whether we're using iptables --random-fully
2020-04-02 12:42:24 -07:00
Kubernetes Prow Robot
c2ae0bd763
Merge pull request #74073 from Nordix/issue-70020
...
Issue #70020 ; Flush Conntrack entities for SCTP
2020-04-01 22:14:24 -07:00
SataQiu
871b90ba23
kube-proxy: add '--bind-address-hard-fail' flag to treat failure to bind to a port as fatal
...
Signed-off-by: SataQiu <1527062125@qq.com>
2020-04-02 13:13:10 +08:00