github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88,197 Commits 1 Branch 31 Tags 1,019 MiB
652f52b51c
Commit Graph

2256 Commits

Author SHA1 Message Date
Dan Winship
3948f16ff4 Add iptables.Monitor, use it from kubelet and kube-proxy 
Kubelet and kube-proxy both had loops to ensure that their iptables
rules didn't get deleted, by repeatedly recreating them. But on
systems with lots of iptables rules (ie, thousands of services), this
can be very slow (and thus might end up holding the iptables lock for
several seconds, blocking other operations, etc).

The specific threat that they need to worry about is
firewall-management commands that flush *all* dynamic iptables rules.
So add a new iptables.Monitor() function that handles this by creating
iptables-flush canaries and only triggering a full rule reload after
noticing that someone has deleted those chains.
 2019-09-17 10:19:26 -04:00
Dan Winship
b6c3d5416a Drop iptables firewalld monitoring support 
The firewalld monitoring code was not well tested (and not easily
testable), would never be triggered on most platforms, and was only
being taken advantage of from one place (kube-proxy), which didn't
need it anyway since it already has its own resync loop.

Since the firewalld monitoring was the only consumer of pkg/util/dbus,
we can also now delete that.
 2019-09-15 15:35:40 -04:00
Kubernetes Prow Robot
85827dc224
Merge pull request #82602 from danwinship/iptables-rhel-fix-2 
Fix iptables version detection code to handle RHEL 7 correctly
 2019-09-12 11:46:40 -07:00
Dan Winship
75888077d3 Fix iptables version detection code to handle RHEL 7 correctly 2019-09-11 18:47:58 -04:00
Tim Allclair
ef6cba0b36 Always set content-type & nosniff 2019-09-11 15:01:43 -07:00
Kubernetes Prow Robot
10979d4c75
Merge pull request #82032 from logicalhan/owners 
add myself to util metrics owners
 2019-09-11 14:04:33 -07:00
Kubernetes Prow Robot
3f4e30a80e
Merge pull request #82113 from kebe7jun/fix/log-format-and-typo 
Fix sync pod log format
 2019-09-11 10:39:14 -07:00
Kubernetes Prow Robot
d5da17e58e
Merge pull request #81432 from logicalhan/clean-shared-metrics 
delete shared metrics (post metrics-stability migration)
 2019-09-10 14:30:32 -07:00
Kubernetes Prow Robot
542f3c65a0
Merge pull request #78547 from MikeSpreitzer/fix-76699 
Make iptables and ipvs modes of kube-proxy MASQUERADE --random-fully if possible
 2019-09-03 14:34:58 -07:00
Mike Spreitzer
d86d1defa1 Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible 
Work around Linux kernel bug that sometimes causes multiple flows to
get mapped to the same IP:PORT and consequently some suffer packet
drops.

Also made the same update in kubelet.

Also added cross-pointers between the two bodies of code, in comments.

Some day we should eliminate the duplicate code.  But today is not
that day.
 2019-09-01 22:07:30 -04:00
Han Kang
d301e9c3a5 clean-up shared metrics code and remaining references (component-base's copy is a drop in replacement) 2019-08-30 10:41:52 -07:00
Travis Rhoden
935c23f2ad
Move HostUtil to pkg/volume/util/hostutil 
This patch moves the HostUtil functionality from the util/mount package
to the volume/util/hostutil package.

All `*NewHostUtil*` calls are changed to return concrete types instead
of interfaces.

All callers are changed to use the `*NewHostUtil*` methods instead of
directly instantiating the concrete types.
 2019-08-30 10:14:42 -06:00
Kubernetes Prow Robot
96439cc97f
Merge pull request #82028 from codenrhoden/rename-isbind 
Rename mount.IsBind to mount.MakeBindOpts
 2019-08-30 00:43:32 -07:00
Kubernetes Prow Robot
d6bc4eb853
Merge pull request #81624 from logicalhan/cm-migration 
migrate controller-manager metrics to stability framework
 2019-08-29 05:30:09 -07:00
KEBE
8dc401d141 Fix sync pod log format and a func typo. 2019-08-29 14:39:43 +08:00
Han Kang
59db3ac27e migrate controller-manager metrics to stability framework 2019-08-28 12:26:57 -07:00
Clayton Coleman
a49a554211
Move the IsMasterNode function to tests and mark it Deprecated 
A future change will stop using this signal and instead use a
label selector passed on creation.
 2019-08-28 11:17:27 -04:00
Han Kang
17c6414135 add myself to util metrics owners 2019-08-27 15:19:25 -07:00
Travis Rhoden
ef855c7c08
Rename mount.IsBind to mount.MakeBindOpts 2019-08-27 11:34:42 -06:00
Kubernetes Prow Robot
0eb1bfc9b5
Merge pull request #81732 from tallclair/merge-tolerations 
Fix toleration comparison & merging logic
 2019-08-27 09:25:09 -07:00
Kubernetes Prow Robot
bc46e8fc53
Merge pull request #81739 from codenrhoden/clarify-mkdir-mkfile-behavior 
Move MakeFile/Dir from HostUtil to host_path vol
 2019-08-27 00:53:24 -07:00
Tim Allclair
2e08288144 Remove conflict logic from PodTolerationRestriction 2019-08-26 15:31:15 -07:00
Tim Allclair
5a50b3f4a2 Fix toleration comparison & merging logic 2019-08-26 15:25:49 -07:00
Travis Rhoden
107039a265
Move MakeFile/Dir from HostUtil to host_path vol 
The MakeFile and MakeDir methods in the HostUtil interface only had one
caller -- the Host Path volume plugin. This patch relocates MakeFile and
MakeDir to the Host Path plugin itself.
 2019-08-26 10:46:08 -06:00
Travis Rhoden
a30ba6197d
Internalize mount.Interface.IsMountPointMatch 
IsMountPointMatch() had no callers outside of the mount package, and has
internal implementation details. This patch makes it no longer be
public.
 2019-08-26 09:47:07 -06:00
Kubernetes Prow Robot
7ebbe34d9c
Merge pull request #81794 from codenrhoden/split-host-utils2 
Split HostUtil functionality into its own files
 2019-08-24 22:28:21 -07:00
Mike Spreitzer
3bb3db1d36 Bumped the number of times a node tries to lookup itself 
Increased the number of tries in pkg/util/node/node.go::GetNodeIP by
1, because the kube-proxy was giving up too early.

This is meant to address #81879
 2019-08-23 22:04:41 -04:00
Kubernetes Prow Robot
f1453953b7
Merge pull request #81745 from codenrhoden/mv-hasmountrefs 
mv HasMountRefs from mount pkg to vol/util
 2019-08-23 00:52:13 -07:00
Kubernetes Prow Robot
37651f1cef
Merge pull request #80368 from danwinship/iptables-checks 
iptables feature detection improvements
 2019-08-22 13:31:20 -07:00
Travis Rhoden
b94ee6bcb1
Split HostUtil functionality into its own files 
This patch takes all the HostUtil functionality currently found in
mount*.go files and copies it into hostutil*.go files. Care was taken to
preserve git history to the fullest extent.

As part of doing this, some common functionality was moved into
mount_helper files in preperation for HostUtils to stay in k/k and Mount
to move out. THe tests for each relevant function were moved to test
files to match the appropriate location.
 2019-08-22 11:19:52 -06:00
Travis Rhoden
e0050ebc94
move testfiles back 2019-08-22 10:42:34 -06:00
Travis Rhoden
c55b19bc0a
copy testfiles to hostutil dir 2019-08-22 10:42:02 -06:00
Travis Rhoden
8bac909287
move files back to mount 2019-08-22 10:39:18 -06:00
Travis Rhoden
6a21076039
copy mount files to hostutils 2019-08-22 10:37:37 -06:00
Travis Rhoden
a7830a2c6e
mv HasMountRefs from mount pkg to vol/util 
HasMountRefs is only used internal to K8s and should not be moved out
with the mount package. move it to pkg/volume/util instead.
 2019-08-21 14:53:34 -06:00
Yassine TIJANI
4d9e4f0b45 move ShuffleStrings to pkg/proxy 
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
 2019-08-21 20:03:53 +01:00
Kubernetes Prow Robot
76e19a1619
Merge pull request #81204 from codenrhoden/rename-hu-pathexists 
Rename HostUtils.ExistsPath to PathExists
 2019-08-12 20:12:12 -07:00
Kubernetes Prow Robot
1d812991b6
Merge pull request #81230 from codenrhoden/rename-GetFSGroup 
Rename HostUtils.GetFSGroup to HostUtils.GetOwner
 2019-08-09 23:57:26 -07:00
Kubernetes Prow Robot
d816998bd8
Merge pull request #81187 from codenrhoden/rename-newosexec 
Rename mount.NewOsExec to mount.NewOSExec
 2019-08-09 22:17:13 -07:00
Kubernetes Prow Robot
c8c9d2e21c
Merge pull request #77167 from paulsubrata55/spaul-kube-proxy-fix 
Fix for kube-proxy to wait for some duration for the node to be defined.
 2019-08-09 19:47:14 -07:00
Travis Rhoden
0e73131ca6
Rename HostUtils.GetFSGroup to HostUtils.GetOwner 
This patch renames GetFSGroup (a process property) to GetOwner (a file
property), returning both the uid and gid of the given pathname. This
method is only used in one place in the k/k codebase, but having
"GetOwner" instead of "GetGroup" seems to have more utility.
 2019-08-09 13:20:35 -06:00
Travis Rhoden
14e25b7c04
Rename HostUtils.ExistsPath to PathExists 2019-08-09 12:40:19 -06:00
Travis Rhoden
4574473753
Rename mount.NewOsExec to mount.NewOSExec 2019-08-09 12:30:56 -06:00
Travis Rhoden
b47184e954
Fix most linting issues in pkg/util/mount 
This patch adds comments to exported items that were missing them in
order to make the linter happy. Only code changes that were limited to
the scope of this package were made. There are other linting issues that
will effect callers, and that will be done a seperate patch.
 2019-08-08 12:42:21 -06:00
Kubernetes Prow Robot
46e6fd12bf
Merge pull request #80526 from rosti/remove-normalizer 
Remove unused package //pkg/util/normalizer
 2019-08-08 10:03:58 -07:00
Kubernetes Prow Robot
19e85a9092
Merge pull request #80502 from xigang/master 
Update CleanupAndExit and OnServiceSynced field comment and bugfix panic params in the construct method
 2019-08-07 20:10:06 -07:00
Dan Winship
81cd27a51e iptables: simplify version handling 2019-08-01 12:05:31 -04:00
Dan Winship
8bced9b130 iptables: don't do feature detection on the iptables-restore binary 
The iptables code was doing version detection on the iptables binary
but feature detection on the iptables-restore binary, to try to
support the version of iptables in RHEL 7, which claims to be 1.4.21
but has certain features from iptables 1.6.

The problem is that this particular set of versions and checks
resulted in the code passing "-w" ("wait forever for the lock") to
iptables, but "-w 5" ("wait at most 5 seconds for the lock") to
iptables-restore. On systems with very very many iptables rules, this
could result in the kubelet periodic resyncs (which use "iptables")
blocking kube-proxy (which uses "iptables-restore") and causing it to
time out.

We already have code to grab the lock file by hand when using a
version of iptables-restore that doesn't support "-w", and it works
fine. So just use that instead, and only pass "-w 5" to
iptables-restore when iptables reports a version that actually
supports it.
 2019-08-01 11:49:50 -04:00
Emrecan BATI
90ce2d50d3 Add GetKernelVersion to ipvs.KernelHandler interface 
ipvs `getProxyMode` test fails on mac as `utilipvs.GetRequiredIPVSMods`
try to reach `/proc/sys/kernel/osrelease` to find version of the running
linux kernel. Linux kernel version is used to determine the list of required
kernel modules for ipvs.

Logic to determine kernel version is moved to GetKernelVersion
method in LinuxKernelHandler which implements ipvs.KernelHandler.
Mock KernelHandler is used in the test cases.

Read and parse file is converted to go function instead of execing cut.
 2019-07-31 22:10:44 +03:00
Rostislav M. Georgiev
8157c4c4a8 Remove unused package //pkg/util/normalizer 
Signed-off-by: Rostislav M. Georgiev <rostislavg@vmware.com>
 2019-07-25 15:36:00 +03:00
xigang
76aceca22f bugfix: panic log params in the construct method when maxInterval is less than minInterval 2019-07-24 09:42:13 +08:00
Kubernetes Prow Robot
5993ec5a5a
Merge pull request #80478 from silenceshell/patch-1 
fix grammar error
 2019-07-23 17:14:54 -07:00
Kubernetes Prow Robot
eb6bcfb345
Merge pull request #80096 from ZP-AlwaysWin/dev05 
Fix golint failure in pkg/util/netsh/testing/
 2019-07-23 17:14:41 -07:00
silenceshell
c9275c97aa
fix grammar err 
"be of interest to you"
 2019-07-23 19:18:29 +08:00
Kubernetes Prow Robot
f101466d2e
Merge pull request #77553 from s-urbaniak/fix-76956 
pkg/util/workqueue/prometheus: fix double registration
 2019-07-22 19:10:53 -07:00
ZP-AlwaysWin
a988719722 Fix golint failure in pkg/util/netsh/testing/ 2019-07-19 16:03:44 +08:00
Andrew Sy Kim
3629ed10fa add myself and lbernail as IPVS approvers 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-07-11 19:06:59 -04:00
Brian Goff
7077bbd783 Use O_CLOEXEC in util packages 
This prevents fd's from leaking to subprocesses.
 2019-07-09 10:04:00 -07:00
Kubernetes Prow Robot
c8cee54240
Merge pull request #79391 from danwinship/nodeaddresses-update-fix 
Don't use strategic merge patch on Node.Status.Addresses
 2019-07-02 21:08:29 -07:00
Dan Winship
05a9634fb3 Hack PatchNodeStatus() to override the patch type on Status.Addresses 2019-07-02 19:16:30 -04:00
Khaled Henidak(Kal)
dba434c4ba kubenet for ipv6 dualstack 2019-07-02 22:26:25 +00:00
Khaled Henidak(Kal)
584d7103e2 node ipam controller for ipv6 dualstack 2019-07-02 15:39:06 +00:00
Kubernetes Prow Robot
ca6113fb8b
Merge pull request #78495 from odinuge/cgroups-hugetlb 
Fix cgroup hugetlb size prefix for kB
 2019-06-28 16:09:29 -07:00
Kubernetes Prow Robot
2501a9083d
Merge pull request #68513 from codenrhoden/mount-refactor 
Refactor util/mount interface in prep for moving out of k/k
 2019-06-28 13:57:28 -07:00
Odin Ugedal
2bcdb944f0
Update dependency opencontainer/runc 2019-06-28 21:23:05 +02:00
Kubernetes Prow Robot
eee3e976d8
Merge pull request #78294 from vllry/kp-remove-resource-container 
Remove deprecated flag --resource-container from kube-proxy
 2019-06-22 00:38:12 -07:00
Kubernetes Prow Robot
efa043151c
Merge pull request #79094 from gaorong/fix-IsLikelyNotMountPoint 
fix kubelet can not delete orphaned pod directory when "/var/lib/kubelet/pods" directory symbolically links to another device's directory
 2019-06-18 19:02:31 -07:00
Kubernetes Prow Robot
d3bbe03b08
Merge pull request #79032 from yastij/move-initsystem 
move initsystem to kubeadm
 2019-06-17 09:42:15 -07:00
Kubernetes Prow Robot
3ee8ae2721
Merge pull request #78888 from tedyu/mount-ref 
Return early when mount ref is determined
 2019-06-17 04:36:50 -07:00
Yassine TIJANI
c3904bbce6 move initsystem to kubeadm 
Signed-off-by: Yassine TIJANI <ytijani@vmware.com>
 2019-06-17 12:21:01 +02:00
Rong Gao
595fcf68d1 fix kubelet can not delete orphaned pod directory when the kubelet's root directory symbolically links to another device's directory 2019-06-17 15:39:25 +08:00
Vallery Lancey
dc0f14312e Removed deprecated --resource-container flag from kube-proxy. 2019-06-16 08:36:42 -07:00
Travis Rhoden
be7da5052f Refactor pkg/util/mount to be more reusable 
This patch refactors pkg/util/mount to be more usable outside of
Kubernetes. This is done by refactoring mount.Interface to only contain
methods that are not K8s specific. Methods that are not relevant to
basic mount activities but still have OS-specific implementations are
now found in a mount.HostUtils interface.
 2019-06-14 09:35:18 -06:00
Kubernetes Prow Robot
d30fbab4b8
Merge pull request #77915 from SataQiu/fix-golint-util-20190515 
Fix golint failures of pkg/util/parsers pkg/util/sysctl pkg/util/system
 2019-06-14 00:29:00 -07:00
Ted Yu
320dc6c54c Return early when mount ref is determined 2019-06-10 20:40:40 -07:00
Kubernetes Prow Robot
9b14c22375
Merge pull request #78428 from luksa/iptables-save-panic 
Fix panic in kube-proxy when iptables-save prints to stderr
 2019-05-31 23:23:00 -07:00
Kubernetes Prow Robot
5d1409a4bf
Merge pull request #78189 from ksubrmnn/initsystem 
Use Service Control Manager as the Windows Initsystem
 2019-05-31 22:02:34 -07:00
Kubernetes Prow Robot
bdf3d248eb
Merge pull request #77523 from andrewsykim/fix-xlb-from-local 
iptables proxier: route local traffic to LB IPs to service chain
 2019-05-31 12:22:53 -07:00
Kubernetes Prow Robot
46a3d82240
Merge pull request #78464 from andrewsykim/ipvs-reviewer 
add myself and Laurent as ipvs proxy reviewers
 2019-05-30 04:54:35 -07:00
ksubrmnn
4d7ee1cd5a Use system calls to manage Windows services 2019-05-29 17:33:47 -07:00
Kubernetes Prow Robot
e4c3540621
Merge pull request #78269 from jpbetz/reinvoke-intree 
Reinvocation testing of in-tree admission plugins and fix podpreset to be idempotent
 2019-05-29 03:11:03 -07:00
Kubernetes Prow Robot
1eba04822e
Merge pull request #78251 from byteor/master 
[pkg/util/coverage]: group imports for readability
 2019-05-29 03:10:38 -07:00
Andrew Sy Kim
f6d9a45643 add myself and Laurent as ipvs proxy reviewers 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-29 01:43:50 -04:00
Joe Betz
a6e1db97f0 Merge tolerations in a consistent order 2019-05-28 15:10:16 -07:00
Marko Lukša
93a549679f Capture stderr output and write it to buffer on error 2019-05-28 17:09:29 +02:00
Kubernetes Prow Robot
a57fbaf635
Merge pull request #78088 from andrewsykim/ipvs-unit-test-graceful-termination 
ipvs: add graceful termination unit tests
 2019-05-28 07:18:11 -07:00
Marko Lukša
00e7505618 Discard stderr output when calling iptables-save 2019-05-28 14:43:28 +02:00
Marko Lukša
df23697ae7 Better error message if panic occurs during iptables-save output parsing 2019-05-28 11:38:27 +02:00
Subrata Paul
2862f3ec94 Updated node.go using update-gofmt.sh 2019-05-25 00:46:50 +05:30
Zhou Peng
31daeed3b2 [pkg/util/coverage]: group imports for readability 
Signed-off-by: Zhou Peng <p@ctriple.cn>
 2019-05-23 21:38:12 +08:00
Kubernetes Prow Robot
d8c3348520
Merge pull request #74880 from smileusd/fix-IsLikelyNotMountPoint-function 
distinguish between mountpoints and symbolic link in IsNotMountPoint
 2019-05-22 04:00:12 -07:00
Kalya Subramanian
e0fec1dc28 Include golang.org/x/sys/windows/svc/mgr to manage Windows services 2019-05-20 23:28:56 +00:00
Kubernetes Prow Robot
e476a60ccb
Merge pull request #73241 from vikaschoudhary16/selinux-label 
Add correct selinux label at plugin socket directory
 2019-05-20 11:07:17 -07:00
smileusd
a81f770472 add annotation about IsLikelyNotMountPoint can't to distinguish mounts and symbolic link 2019-05-20 11:35:24 +08:00
Andrew Sy Kim
15682dfc2a export serviceKey and realServerKey in fake ipvs for easier test fixtures 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-19 23:09:42 +02:00
vikaschoudhary16
58d1b4d564 Add correct selinux label at plugin socket directory 2019-05-18 12:35:17 +05:30
Kubernetes Prow Robot
37281a400d
Merge pull request #76442 from viegasdom/fix-golint-utils-bandwith 
Fix golint failures of util/bandwith/*.go
 2019-05-15 22:56:08 -07:00
SataQiu
b36d8d431f fix golint failures of pkg/util/parsers pkg/util/sysctl pkg/util/system 2019-05-15 23:19:47 +08:00
Sergiusz Urbaniak
4532cfd85c
pkg/util/workqueue: delete deprecated metrics 
This deletes deprecated metrics and simplifies registration.
 2019-05-15 12:27:34 +02:00
Kubernetes Prow Robot
aa84b99fa0
Merge pull request #73101 from oz123/kubeadm_openrc_support 
Add initial support for OpenRC
 2019-05-10 10:37:59 -07:00