Commit Graph

25 Commits

Author SHA1 Message Date
gkarthiks
c38e79e76d refactor: incorporated the review comments
Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>
2019-11-24 11:46:57 -08:00
gkarthiks
a4abc1dd4d refactor(golint): lint fixes for iptables test file
Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>
2019-11-22 19:58:56 -08:00
Dan Winship
3948f16ff4 Add iptables.Monitor, use it from kubelet and kube-proxy
Kubelet and kube-proxy both had loops to ensure that their iptables
rules didn't get deleted, by repeatedly recreating them. But on
systems with lots of iptables rules (ie, thousands of services), this
can be very slow (and thus might end up holding the iptables lock for
several seconds, blocking other operations, etc).

The specific threat that they need to worry about is
firewall-management commands that flush *all* dynamic iptables rules.
So add a new iptables.Monitor() function that handles this by creating
iptables-flush canaries and only triggering a full rule reload after
noticing that someone has deleted those chains.
2019-09-17 10:19:26 -04:00
Dan Winship
b6c3d5416a Drop iptables firewalld monitoring support
The firewalld monitoring code was not well tested (and not easily
testable), would never be triggered on most platforms, and was only
being taken advantage of from one place (kube-proxy), which didn't
need it anyway since it already has its own resync loop.

Since the firewalld monitoring was the only consumer of pkg/util/dbus,
we can also now delete that.
2019-09-15 15:35:40 -04:00
Mike Spreitzer
d86d1defa1 Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible
Work around Linux kernel bug that sometimes causes multiple flows to
get mapped to the same IP:PORT and consequently some suffer packet
drops.

Also made the same update in kubelet.

Also added cross-pointers between the two bodies of code, in comments.

Some day we should eliminate the duplicate code.  But today is not
that day.
2019-09-01 22:07:30 -04:00
Dan Winship
81cd27a51e iptables: simplify version handling 2019-08-01 12:05:31 -04:00
Andrew Sy Kim
8dfd4def99 add unit tests for -src-type=LOCAL from LB chain
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
2019-05-07 15:22:46 -04:00
Lion-Wei
c8fae0ee4d add lb source test 2018-03-27 11:31:37 +08:00
Di Xu
48388fec7e fix all the typos across the project 2018-02-11 11:04:14 +08:00
Zihong Zheng
f7ed9cf09a [kube-proxy] Fix session affinity with local endpoints traffic 2017-11-10 18:42:07 -08:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Wojciech Tyczynski
bcfae7e1ed Extend Iptables interface with SaveInto 2017-05-19 20:44:25 +02:00
Wojciech Tyczynski
028ac8034b Remove SaveAll from iptables interface 2017-05-19 20:44:25 +02:00
Shyam Jeedigunta
da924fc337 Make fake iptables' Save operation more realistic 2017-05-16 11:58:44 +02:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
m1093782566
315c8359cf fix proxier_test.go hasJump() 2016-11-17 10:31:48 +08:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
bprashanth
06cbb36a1f Proxier unittests 2016-09-29 17:35:43 -07:00
joe2far
5ead89b5bb Fixed several typos 2016-07-13 15:06:24 +01:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Tim Hockin
970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
gmarek
5a4e4d4d57 Add a HollowProxy to the HollowNode. 2015-10-27 18:23:29 +01:00