github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120,541 Commits 1 Branch 31 Tags
66ea02684b49dfb2cb647040ecc27008d9a9f203
Commit Graph

49010 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
29bf09136e Merge pull request #122732 from ahutsunshine/typo 
fix version typo of pod namespace indexer
 2024-01-15 16:23:28 +01:00
Kubernetes Prow Robot
f38ff3feea Merge pull request #121716 from kerthcet/cleanup/add-log 
Add more logs to scheduler event handler
 2024-01-15 16:23:19 +01:00
Kubernetes Prow Robot
be77b0b82b Merge pull request #118389 from amewayne/support_nodeannotationschanged 
support nodeAnnotationsChanged event to trigger rescheduling
 2024-01-15 10:50:41 +01:00
Kubernetes Prow Robot
908a958bb1 Merge pull request #122771 from thockin/make_verify-fieldname-docs_actually_error 
Make verify-fieldname-docs actually error
 2024-01-14 23:57:44 +01:00
Tim Hockin
8b8f0a70cd Make verify-fieldname-docs actually error 
Sadly, cmd/fieldnamedocscheck did not exit non-zero when it needed to.

Fix the one thing it flagged.
Add it to verify-quick
 2024-01-14 10:32:08 -08:00
Kubernetes Prow Robot
12fc215656 Merge pull request #122663 from aroradaman/drop-ct-state-invalid-rule 
pkg/proxy/nftables: drop conntrack state invalid rule
 2024-01-13 19:01:16 +01:00
ahutsunshine
6cd25f43a6 fix version typo of namespace indexer 2024-01-12 20:50:00 +08:00
Kubernetes Prow Robot
4b94168c0f Merge pull request #122687 from danwinship/nftables-packet-flow 
Document the nftables kube-proxy packet flow
 2024-01-12 02:52:24 +01:00
Dan Winship
5ca73197b3 Document the nftables kube-proxy packet flow 2024-01-11 12:59:21 -05:00
Paco Xu
56321a7779 Revert "Graduate Evented PLEG to Beta" 
This reverts commit d971809b49.
 2024-01-11 15:27:23 +08:00
Kubernetes Prow Robot
c9158e9a19 Merge pull request #122595 from dims/support-building-with-and-without-cloud-providers 
KUBE_PROVIDERLESS - Support building with and without cloud providers
 2024-01-11 05:42:23 +01:00
Daman Arora
4ffa12b9d9 pkg/proxy/nftables: drop ct-state-invalid rule 
Signed-off-by: Daman Arora <aroradaman@gmail.com>
 2024-01-10 22:53:09 +05:30
amewayne
71c3593f85 support nodeAnnotationsChanged event to trigger rescheduling 2024-01-10 22:38:54 +08:00
Kubernetes Prow Robot
fc691e8ffd Merge pull request #122476 from kerthcet/feat/support-annotation 
Support annotation in nodewrapper
 2024-01-10 14:05:58 +01:00
Kubernetes Prow Robot
c74cd5fec4 Merge pull request #122524 from AxeZhan/testPQupdate 
[Scheduler] refactor TestPriorityQueue_Update
 2024-01-10 02:46:59 +01:00
Kubernetes Prow Robot
95a159299b Merge pull request #122614 from tnqn/nftables-firewall 
kube-proxy: fix LoadBalancerSourceRanges not working for nftables mode
 2024-01-09 22:27:16 +01:00
Kubernetes Prow Robot
13fad117aa Merge pull request #122630 from uablrek/kube-proxy-ip-types 
Kube-proxy: use type net.IP for addresses
 2024-01-09 21:18:25 +01:00
Kubernetes Prow Robot
ccb1d08162 Merge pull request #121834 from vaibhav2107/eviction-update 
Added Imagefs inodes in default Eviction Hard
 2024-01-09 21:18:16 +01:00
Quan Tian
f21f8d9984 kube-proxy: fix LoadBalancerSourceRanges not working for nftables mode 
Previously, the firewall-check chain was run in input, forward, and
output hook but not prerouting hook. When the LoadBalancer traffic
arrived at input or forward hook, it had been DNATed to endpoint IP and
port, so the firewall-check chain didn't take effect, traffic from out
of LoadBalancerSourceRanges was not dropped.

It was not detected by unit test because the chains were sorted by
priority only, while hook should be taken into consideration.

The commit links the firewall-check chain to prerouting hook and unlinks
it from input and forward hook to ensure the traffic is filtered before
DNAT. The priorities of filter chains are updated from "DNATPriority-1"
to "DNATPriority-10" to allow third parties to insert something else
between them.

Signed-off-by: Quan Tian <qtian@vmware.com>
 2024-01-09 17:34:16 +08:00
Lars Ekman
50b3ffc71f kube-proxy: LoadBalancerSourceRanges as *net.IPNet 2024-01-09 09:17:56 +01:00
Lars Ekman
9eac24c656 kube-proxy: store ExternalIPs as net.IP 
They were stored as strings which could be non-canonical
and cause problems
 2024-01-09 09:17:50 +01:00
Lars Ekman
d2294007b0 kube-proxy: store LoadBalancerVIPs as net.IP 
They were stored as strings which could be non-canonical
and cause problems
 2024-01-09 09:17:43 +01:00
Lars Ekman
564b80b1e1 kube-proxy: don't use invalid cidrs in unit test 
CIDRs like 192.168.200.3/24 and fd00:20::1/64 replaced with
192.168.200.0/24 and fd00:20::/64
 2024-01-09 09:17:31 +01:00
Lars Ekman
41ba76d23e kube-proxy: don't use invalid cidrs in unit test 
CIDRs like 192.168.200.3/24 and fd00:20::1/64 replaced with
192.168.200.0/24 and fd00:20::/64
 2024-01-09 09:14:20 +01:00
Akihiro Suda
2e999fff02 Fix compiling e2e.test on macOS 
Fix issue 122650 (regression in PR 122552)

```
$ make WHAT=test/e2e/e2e.test
+++ [0109 10:06:53] Building go targets for darwin/amd64
    k8s.io/kubernetes/test/e2e/e2e.test (test)
package k8s.io/kubernetes/test/e2e
        imports k8s.io/kubernetes/test/e2e/common
        imports k8s.io/kubernetes/test/e2e/common/node
        imports k8s.io/kubernetes/pkg/kubelet
        imports github.com/opencontainers/runc/libcontainer/userns: C source files not allowed when not using cgo or SWIG: userns_maps.c
!!! [0109 10:06:54] Call tree:
!!! [0109 10:06:54]  1: /Users/suda/gopath/src/k8s.io/kubernetes/hack/lib/golang.sh:948 kube::golang::build_binaries_for_platform(...)
!!! [0109 10:06:54]  2: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
!!! [0109 10:06:54] Call tree:
!!! [0109 10:06:54]  1: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
!!! [0109 10:06:54] Call tree:
!!! [0109 10:06:54]  1: hack/make-rules/build.sh:27 kube::golang::build_binaries(...)
make: *** [all] Error 1
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-09 10:42:20 +09:00
Kubernetes Prow Robot
2cf7465755 Merge pull request #122605 from tnqn/stale-chain-cleanup 
kube-proxy: do not delete previously stale but currently active chains
 2024-01-08 17:30:53 +01:00
Kubernetes Prow Robot
919d4624a0 Merge pull request #122503 from sunbinnnnn/scheduler-extender-support-ignore-bind 
Support ignore scheduler extender error when binding
 2024-01-08 17:30:44 +01:00
Kubernetes Prow Robot
5b979a3a53 Merge pull request #122498 from Gekko0114/close 
Allow framework plugins to be closed
 2024-01-08 17:30:36 +01:00
Kubernetes Prow Robot
f538feed8c Merge pull request #122296 from tnqn/nftables-kernel-requirement 
kube-proxy: change implementation of LoadBalancerSourceRanges for wider kernel support
 2024-01-08 17:30:27 +01:00
Kubernetes Prow Robot
000abc279e Merge pull request #122645 from aojea/cleanup_ipma 
remove dead code
 2024-01-08 16:26:37 +01:00
Antonio Ojea
e46778a246 remove dead code 
Change-Id: I8e1fd101ecb32436d82363c76fa84c476b171d52
 2024-01-08 13:15:28 +00:00
Neil Sun
87816ffb2c Support ignore scheduler extender error when binding 
Signed-off-by: sunbinnnnn <sunbinnnnn@hotmail.com>
 2024-01-08 21:06:25 +08:00
Davanum Srinivas
b7012da2ad Remove providerless tag in controller_test.go 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-01-08 07:03:49 -05:00
Quan Tian
377f521038 kube-proxy: change implementation of LoadBalancerSourceRanges for wider kernel support 
The nftables implementation made use of concatenation of ranges when
creating the set "firewall-allow", but the support was not available
before kernel 5.6. Therefore, nftables mode couldn't run on earlier
kernels, while 5.4 is still widely used.

An alternative of concatenation of ranges is to create a separate
firewall chain for every service port that needs firewalling, and jump
to the service's firewall chain from the common firewall chain via a
rule with vmap.

Renaming from "firewall" to "firewall-ips" is required when changing the
set to the map to support existing clusters to upgrade, otherwise it
would fail to create the map. Besides, "firewall-ips" corresponds to the
"service-ips" map, later we can add use "firewall-nodeports" if it's
determined that NodePort traffic should be subject to
LoadBalancerSourceRanges.

Signed-off-by: Quan Tian <qtian@vmware.com>
 2024-01-08 19:26:38 +08:00
Quan Tian
ca8c27c480 kube-proxy: do not delete previously stale but currently active chains 
In some cases a chain could change from stale to active, but once it's
added to staleChains it would always be deleted once. When the proxier
tries to delete a previously stale but currently active chain, it would
fail and lead to errors, though it won't cause real problem thanks to
kernel's validation.

The commit removes a chain from staleChains if it becomes active.

Signed-off-by: Quan Tian <qtian@vmware.com>
 2024-01-08 17:53:52 +08:00
Nikola
5704a58810 add test for the registered feature gates 2024-01-07 18:10:25 +02:00
Davanum Srinivas
7a236bd7e0 Add providerless tags appropriately in test/ 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
 2024-01-07 08:16:05 -05:00
Kubernetes Prow Robot
b529e6ff1c Merge pull request #122622 from nayihz/cleanup_comment 
swap originalPod and modifiedPod to match the comments
 2024-01-06 14:20:50 +01:00
nayihz
edff1c3b2f swap originalPod and modifiedPod to match the comments. 2024-01-06 19:07:18 +08:00
AxeZhan
801afbf888 refactor TestPriorityQueue_Update 2024-01-06 16:53:05 +08:00
moriya
288c00c0c7 Allow framework plugins to be closed 2024-01-06 10:11:19 +09:00
Kubernetes Prow Robot
d4678c79e7 Merge pull request #122600 from lzhecheng/credentialprovider-plugin-use-error-is 
Use errors.Is() to handle err returned by LookPath()
 2024-01-05 20:22:48 +01:00
Kubernetes Prow Robot
d39f401767 Merge pull request #122090 from carlory/remove-intree-vsphere 
remove the deprecated in-tree vsphere volume's code
 2024-01-05 16:52:22 +01:00
Kubernetes Prow Robot
d250588077 Merge pull request #121825 from carlory/clean-113 
remove duplicated check in operator_generator.go
 2024-01-05 16:52:13 +01:00
Zhecheng Li
af6e653f17 Use errors.Is() to handle err returned by LookPath() 
Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>
 2024-01-05 05:07:28 +00:00
Kubernetes Prow Robot
09a5049ca7 Merge pull request #122570 from bzsuni/ut/networking/servicecidr 
KEP-1880 Add ut for pkg/registry/networking/servicecidr
 2024-01-04 22:03:32 +01:00
Kubernetes Prow Robot
6427e2c9c8 Merge pull request #122578 from carlory/lock-default-ConsistentHTTPGetHandlers 
lock GA feature-gate ConsistentHTTPGetHandlers to default
 2024-01-04 18:00:52 +01:00
Kubernetes Prow Robot
0babde6bac Merge pull request #122475 from pacoxu/patch-9 
fix nil pointer dereference when EventedPLEG is enabled
 2024-01-04 18:00:43 +01:00
Kubernetes Prow Robot
c0dc42073d Merge pull request #122373 from danwinship/linux-proxy 
Properly build-tag the Linux kube-proxy backend code
 2024-01-04 18:00:34 +01:00
Kubernetes Prow Robot
a21487f78b Merge pull request #122138 from ii2day/ga/remove_KubeletPodResourcesGetAllocatable 
Remove GA featuregate about KubeletPodResourcesGetAllocatable in 1.30
 2024-01-04 17:59:57 +01:00