github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,884 Commits 1 Branch 31 Tags
68108c70e29a74bb455ab63adeb5725a37e94e4f
Commit Graph

1421 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
5c7ee30eaa Merge pull request #94902 from cmluciano/cml/proxyvaltesting 
proxy: Restructure config validation tests to check errors
 2021-01-13 10:18:36 -08:00
Kubernetes Prow Robot
eb08f36c7d Merge pull request #96371 from andrewsykim/kube-proxy-terminating 
kube-proxy: track serving/terminating conditions in endpoints cache
 2021-01-11 18:38:25 -08:00
Kubernetes Prow Robot
5e22f7fead Merge pull request #92938 from DataDog/lbernail/CVE-2020-8558 
Do not set sysctlRouteLocalnet (CVE-2020-8558)
 2021-01-11 17:38:24 -08:00
Andrew Sy Kim
a11abb5475 kube-proxy: ipvs proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
9c096292cc kube-proxy: iptables proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
1acdfb4e7c kube-proxyy: update winkernel proxier to read 'ready', 'serving' and 'terminating' conditions 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
a7333e1a3e kube-proxy: add endpointslice cache unit tests for terminating endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
e5f9b80023 kube-proxy: health check server should only check ready endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
55cb453a3c kube-proxy: update internal endpoints map with 'serving' and 'terminating' condition from EndpointSlice 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Laurent Bernaille
15439148da Do not set sysctlRouteLocalnet (CVE-2020-8558) 
Signed-off-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>
 2021-01-11 11:41:32 +01:00
jornshen
5af5a2ac7d migrate proxy.UpdateServiceMap to be a method of ServiceMap 2021-01-11 11:07:30 +08:00
Kubernetes Prow Robot
5150d2f839 Merge pull request #97716 from chengzhycn/syncEndpoint-error-return 
proxy/ipvs: return non-nil error when there is no matched IPVS servic…
 2021-01-07 12:44:54 -08:00
Kubernetes Prow Robot
466e2e3751 Merge pull request #97678 from JornShen/proxier_iptables_structured_logging 
migrate proxy/iptables/proxier.go logs to structured logging
 2021-01-07 11:51:05 -08:00
chengzhycn
c6c74f2a5d proxy/ipvs: return non-nil error when there is no matched IPVS service in syncEndpoint 
Signed-off-by: chengzhycn <chengzhycn@gmail.com>
 2021-01-07 10:49:04 +08:00
jornshen
07990e44bf migrate proxy/iptables/proxier.go logs to structured logging 2021-01-07 10:48:01 +08:00
Kubernetes Prow Robot
77abaabf3a Merge pull request #97677 from chengzhycn/proxy-error-log 
fix incorrect dev name in log when finding link by name returns error
 2021-01-04 19:33:57 -08:00
chengzhycn
5bd2b6877d fix incorrect dev name in log when finding link by name returns error 
Signed-off-by: chengzhycn <chengzhycn@gmail.com>
 2021-01-04 16:34:02 +08:00
maao
d001b9b72a remove --cleanup-ipvs flag of kube-proxy 
Signed-off-by: maao <maao420691301@gmail.com>
 2020-12-31 11:29:38 +08:00
Kubernetes Prow Robot
6aae473318 Merge pull request #96830 from tnqn/ipvs-restore-commands 
Fix duplicate chains in iptables-restore input
 2020-12-08 20:03:34 -08:00
Kubernetes Prow Robot
c9dfd5829b Merge pull request #96728 from jeremyje/dontpanic 
Fail instead of panic when HNS network cannot be created in test.
 2020-12-08 18:36:14 -08:00
Kubernetes Prow Robot
d2662b9842 Merge pull request #96488 from basantsa1989/kproxy_cleanup 
Kube-proxy cleanup: Changing FilterIncorrectIP/CIDR functions to MapIPsToIPFamily that returns a map
 2020-12-08 17:28:52 -08:00
Jeremy Edwards
7f972840ca Fail instead of panic when HNS network cannot be created in test. 2020-12-02 07:01:27 +00:00
Quan Tian
9bf96b84c4 Fix duplicate chains in iptables-restore input 
When running in ipvs mode, kube-proxy generated wrong iptables-restore
input because the chain names are hardcoded.

It also fixed a typo in method name.
 2020-11-24 15:13:23 +08:00
Antonio Ojea
120472032c kube-proxy: treat ExternalIPs as ClusterIP 
Currently kube-proxy treat ExternalIPs differently depending on:
- the traffic origin
- if the ExternalIP is present or not in the system.

It also depends on the CNI implementation to
discriminate between local and non-local traffic.

Since the ExternalIP belongs to a Service, we can avoid the roundtrip
of sending outside the traffic originated in the cluster.

Also, we leverage the new LocalTrafficDetector to detect the local
traffic and not rely on the CNI implementations for this.
 2020-11-22 00:54:33 +01:00
Basant Amarkhed
293d4b7c48 Avoiding double parsing of ip/cidr strings and logging bad ips/cidrs 2020-11-20 22:22:55 +00:00
Basant Amarkhed
f11c4e9c8c Testcases for MapCIDRsByIPFamily 2020-11-17 07:35:50 +00:00
Basant Amarkhed
707073d2f9 Fixup #1 addressing review comments 2020-11-17 07:13:51 +00:00
Basant Amarkhed
09d966c8cc Adding service.go changes after merge 2020-11-14 01:09:46 +00:00
Basant Amarkhed
8fb895f3f1 Updating after merging with a conflicting commit 2020-11-14 01:09:46 +00:00
Kubernetes Prow Robot
94b17881fc Merge pull request #96454 from Sh4d1/revert_92312 
Revert "Merge pull request #92312 from Sh4d1/kep_1860"
 2020-11-12 16:03:24 -08:00
Kubernetes Prow Robot
765d949bfc Merge pull request #96440 from robscott/endpointslice-pre-ga 
Adding NodeName to EndpointSlice API, deprecation updates
 2020-11-12 16:03:13 -08:00
Rob Scott
84e4b30a3e Updates related to PR feedback 
- Remove feature gate consideration from EndpointSlice validation
- Deprecate topology field, note that it will be removed in future
release
- Update kube-proxy to check for NodeName if feature gate is enabled
- Add comments indicating the feature gates that can be used to enable
alpha API fields
- Add comments explaining use of deprecated address type in tests
 2020-11-12 12:30:50 -08:00
Sravanth Bangari
6c68ca5a9e Choosing the right source VIP for local endpoints 2020-11-11 23:29:07 -08:00
Rob Scott
506861c0a0 Removing "IP" from supported EndpointSlice address types in kube-proxy 2020-11-11 16:50:45 -08:00
Christopher M. Luciano
a036577e2c proxy: Restructure config validation tests to check errors 
The tests for most functions have also been revised to check the errors
explicitly upon validating. This will properly catch occasions
where we should be returning multiple errors if more error occurs or
if just one block is failing.

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-11-11 14:38:11 -05:00
Patrik Cyvoct
d29665cc17 Revert "Merge pull request #92312 from Sh4d1/kep_1860" 
This reverts commit ef16faf409, reversing
changes made to 2343b8a68b.
 2020-11-11 10:26:53 +01:00
Kubernetes Prow Robot
ef16faf409 Merge pull request #92312 from Sh4d1/kep_1860 
Make Kubernetes aware of the LoadBalancer behaviour
 2020-11-08 23:34:24 -08:00
Kubernetes Prow Robot
2343b8a68b Merge pull request #95872 from 22dm/kube-proxy-comment-fix 
Fix the kube-proxy document
 2020-11-08 19:23:37 -08:00
Patrik Cyvoct
20fc86df25 fix defaulting 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:59 +01:00
Patrik Cyvoct
0768b45e7b add nil case in proxy 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:58 +01:00
Patrik Cyvoct
11b97e9ef8 fix tests 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:55 +01:00
Patrik Cyvoct
540901779c fix reviews 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:53 +01:00
Patrik Cyvoct
af7494e896 Update generated 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:52 +01:00
Patrik Cyvoct
7bdf2af648 fix review 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:51 +01:00
Patrik Cyvoct
88330eafef fix typo 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:50 +01:00
Patrik Cyvoct
0153b96ab8 fix review 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:27 +01:00
Patrik Cyvoct
d562b6924a Add tests 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 09:59:59 +01:00
Patrik Cyvoct
47ae7cbf52 Add route type field to loadbalancer status ingress 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 09:59:58 +01:00
Kubernetes Prow Robot
48a2bca893 Merge pull request #96251 from ravens/nodeport_udp_conntrack_fix 
Correctly fix clearing conntrack entry on endpoint changes (nodeport)
 2020-11-06 14:25:37 -08:00
Kubernetes Prow Robot
f1a3e4dcce Merge pull request #95036 from cmluciano/cml/validateproxycidrs 
proxy: validate each CIDR config seperately and check for errors
 2020-11-05 13:12:52 -08:00