github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
98,002 Commits 1 Branch 31 Tags 1,019 MiB
6c9e83669e
Commit Graph

1447 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
4ef5d1402d
Merge pull request #99102 from justinsb/avoid_multiple_calls_to_done 
proxy/config tests: avoid multiple calls to done
 2021-02-18 20:28:24 -08:00
Kubernetes Prow Robot
6dc317a107
Merge pull request #98130 from JornShen/optimze_redundant_listenPortOpener 
migrate to use k8s.io/util/net/port in kube-proxy
 2021-02-18 10:02:51 -08:00
Justin SB
6ac76e184e proxy/config tests: avoid multiple calls to done 
If the callback is called multiple times the wait group will be
over-decremented.
 2021-02-15 15:23:21 -05:00
jornshen
dbe89a5683 migrate kube canary chain as const 2021-02-15 16:50:48 +08:00
jornshen
00e26e9785 clear pkg/proxy/port.go port_test.go file 2021-02-15 16:36:09 +08:00
jornshen
d8d6a0223b clear no use LocalPort in winkernel 2021-02-15 16:36:08 +08:00
jornshen
97a5a3d4d5 migrate to use k8s.io/util LocalPort and ListenPortOpener in ipvs.proxier 2021-02-15 16:36:08 +08:00
jornshen
e68e105102 migrate to use k8s.io/util LocalPort and ListenPortOpener in iptables.proxier 2021-02-15 16:36:06 +08:00
Kubernetes Prow Robot
659b4dc4a8
Merge pull request #98305 from aojea/holdports 
kube-proxy has to clear NodePort stale UDP entries
 2021-02-10 23:36:16 -08:00
Antonio Ojea
ed21a0e16c kube-proxy: clear conntrack entries after rules are in place 
Clear conntrack entries for UDP NodePorts,
this has to be done AFTER the iptables rules are programmed.
It can happen that traffic to the NodePort hits the host before
the iptables rules are programmed this will create an stale entry
in conntrack that will blackhole the traffic, so we need to
clear it ONLY when the service has endpoints.
 2021-02-10 16:22:03 +01:00
Kubernetes Prow Robot
6b9379eae4
Merge pull request #98001 from JornShen/proxier_winkernel_structured_logging 
migrate proxy/winkernel/proxier.go logs to structured logging
 2021-02-09 23:47:12 -08:00
Kubernetes Prow Robot
c1b3797f4b
Merge pull request #97824 from hanlins/fix/97225/hc-rules 
Explicitly add iptables rule to allow healthcheck nodeport
 2021-02-04 15:54:52 -08:00
Hanlin Shi
4cd1eacbc1 Add rule to allow healthcheck nodeport traffic in filter table 
1. For iptables mode, add KUBE-NODEPORTS chain in filter table. Add
   rules to allow healthcheck node port traffic.
2. For ipvs mode, add KUBE-NODE-PORT chain in filter table. Add
   KUBE-HEALTH-CHECK-NODE-PORT ipset to allow traffic to healthcheck
   node port.
 2021-02-03 15:20:10 +00:00
Kubernetes Prow Robot
e89e7b4ed1
Merge pull request #98083 from JornShen/optimize_proxier_duplicate_localaddrset 
optimize proxier duplicate localaddrset
 2021-01-29 01:21:40 -08:00
jornshen
3f506cadb0 optimize proxier duplicate localaddrset 2021-01-29 10:52:01 +08:00
Kubernetes Prow Robot
97076f6647
Merge pull request #98297 from JornShen/replace_ipvs_proxier_protocal_str 
use exist const to replace ipvs/proxier.go tcp,udp,sctp str
 2021-01-28 14:41:52 -08:00
Jordan Liggitt
ce553e1b68 Resolve IP addresses of host-only in filtered dialer 2021-01-26 12:00:53 -05:00
Kubernetes Prow Robot
b557633c3f
Merge pull request #98249 from JornShen/optimize_writeline_writeBytesLine 
Optimize writeline and writeBytesLine in proxier.go
 2021-01-22 23:45:39 -08:00
jornshen
249996e62f use exist const to replace ipvs/proxier.go tcp,udp,sctp 2021-01-22 14:52:00 +08:00
jornshen
761473cd44 add ut for utils WriteLine WriteBytesLine 2021-01-21 10:51:54 +08:00
jornshen
3783821553 move the redundant writeline writeBytesLine to proxy/util/util.go 2021-01-21 10:51:39 +08:00
Kubernetes Prow Robot
0c91285ea6
Merge pull request #97941 from JornShen/proxier_winuserspace_structured_logging 
migrate proxy/winuserspace/proxier.go logs to structured logging
 2021-01-20 17:51:00 -08:00
jornshen
f3b9e8b105 migrate proxy/winkernel/proxier.go logs to structured logging 2021-01-18 09:35:51 +08:00
Kubernetes Prow Robot
857c06eb49
Merge pull request #98043 from JornShen/migrate_string_overlay_as_const 
migrate winkernel network type string "overlay" as const
 2021-01-14 20:43:51 -08:00
jornshen
dff2da8cbc migrate winkernel network type string overlay as const 2021-01-14 16:38:02 +08:00
Kubernetes Prow Robot
5c7ee30eaa
Merge pull request #94902 from cmluciano/cml/proxyvaltesting 
proxy: Restructure config validation tests to check errors
 2021-01-13 10:18:36 -08:00
Kubernetes Prow Robot
eb08f36c7d
Merge pull request #96371 from andrewsykim/kube-proxy-terminating 
kube-proxy: track serving/terminating conditions in endpoints cache
 2021-01-11 18:38:25 -08:00
jornshen
a5a5fef039 migrate proxy/winuserspace/proxier.go logs to structured logging 2021-01-12 10:31:31 +08:00
Kubernetes Prow Robot
5e22f7fead
Merge pull request #92938 from DataDog/lbernail/CVE-2020-8558 
Do not set sysctlRouteLocalnet (CVE-2020-8558)
 2021-01-11 17:38:24 -08:00
Andrew Sy Kim
a11abb5475 kube-proxy: ipvs proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
9c096292cc kube-proxy: iptables proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
1acdfb4e7c kube-proxyy: update winkernel proxier to read 'ready', 'serving' and 'terminating' conditions 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
a7333e1a3e kube-proxy: add endpointslice cache unit tests for terminating endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
e5f9b80023 kube-proxy: health check server should only check ready endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
55cb453a3c kube-proxy: update internal endpoints map with 'serving' and 'terminating' condition from EndpointSlice 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Laurent Bernaille
15439148da
Do not set sysctlRouteLocalnet (CVE-2020-8558) 
Signed-off-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>
 2021-01-11 11:41:32 +01:00
jornshen
5af5a2ac7d migrate proxy.UpdateServiceMap to be a method of ServiceMap 2021-01-11 11:07:30 +08:00
Kubernetes Prow Robot
5150d2f839
Merge pull request #97716 from chengzhycn/syncEndpoint-error-return 
proxy/ipvs: return non-nil error when there is no matched IPVS servic…
 2021-01-07 12:44:54 -08:00
Kubernetes Prow Robot
466e2e3751
Merge pull request #97678 from JornShen/proxier_iptables_structured_logging 
migrate proxy/iptables/proxier.go logs to structured logging
 2021-01-07 11:51:05 -08:00
chengzhycn
c6c74f2a5d proxy/ipvs: return non-nil error when there is no matched IPVS service in syncEndpoint 
Signed-off-by: chengzhycn <chengzhycn@gmail.com>
 2021-01-07 10:49:04 +08:00
jornshen
07990e44bf migrate proxy/iptables/proxier.go logs to structured logging 2021-01-07 10:48:01 +08:00
Kubernetes Prow Robot
77abaabf3a
Merge pull request #97677 from chengzhycn/proxy-error-log 
fix incorrect dev name in log when finding link by name returns error
 2021-01-04 19:33:57 -08:00
chengzhycn
5bd2b6877d fix incorrect dev name in log when finding link by name returns error 
Signed-off-by: chengzhycn <chengzhycn@gmail.com>
 2021-01-04 16:34:02 +08:00
maao
d001b9b72a remove --cleanup-ipvs flag of kube-proxy 
Signed-off-by: maao <maao420691301@gmail.com>
 2020-12-31 11:29:38 +08:00
Kubernetes Prow Robot
6aae473318
Merge pull request #96830 from tnqn/ipvs-restore-commands 
Fix duplicate chains in iptables-restore input
 2020-12-08 20:03:34 -08:00
Kubernetes Prow Robot
c9dfd5829b
Merge pull request #96728 from jeremyje/dontpanic 
Fail instead of panic when HNS network cannot be created in test.
 2020-12-08 18:36:14 -08:00
Kubernetes Prow Robot
d2662b9842
Merge pull request #96488 from basantsa1989/kproxy_cleanup 
Kube-proxy cleanup: Changing FilterIncorrectIP/CIDR functions to MapIPsToIPFamily that returns a map
 2020-12-08 17:28:52 -08:00
Jeremy Edwards
7f972840ca Fail instead of panic when HNS network cannot be created in test. 2020-12-02 07:01:27 +00:00
Quan Tian
9bf96b84c4 Fix duplicate chains in iptables-restore input 
When running in ipvs mode, kube-proxy generated wrong iptables-restore
input because the chain names are hardcoded.

It also fixed a typo in method name.
 2020-11-24 15:13:23 +08:00
Antonio Ojea
120472032c kube-proxy: treat ExternalIPs as ClusterIP 
Currently kube-proxy treat ExternalIPs differently depending on:
- the traffic origin
- if the ExternalIP is present or not in the system.

It also depends on the CNI implementation to
discriminate between local and non-local traffic.

Since the ExternalIP belongs to a Service, we can avoid the roundtrip
of sending outside the traffic originated in the cluster.

Also, we leverage the new LocalTrafficDetector to detect the local
traffic and not rely on the CNI implementations for this.
 2020-11-22 00:54:33 +01:00