Commit Graph

655 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
71f8a2405d
Merge pull request #119333 from liggitt/flushfrequencystring
Conditionally serialize flushFrequency as int
2023-07-16 07:09:06 -07:00
Jordan Liggitt
6c0ea702d4
Conditionally serialize flushFrequency as int 2023-07-16 08:37:37 -04:00
Kubernetes Prow Robot
f34365789d
Merge pull request #116470 from alexanderConstantinescu/kep-3836-impl
[Kube-proxy]: Implement KEP-3836
2023-07-15 05:43:04 -07:00
Kubernetes Prow Robot
d37c62dcbf
Merge pull request #117800 from cyclinder/loggin_format
Add '--logging-format' flag to kube-proxy
2023-07-13 08:40:37 -07:00
cyclinder
71ef0dafa7 add flag 'logging-format' to kube-proxy 2023-07-13 14:33:33 +08:00
Alexander Constantinescu
9b1c4c7b57 Implement KEP-3836
TL;DR: we want to start failing the LB HC if a node is tainted with ToBeDeletedByClusterAutoscaler.
This field might need refinement, but currently is deemed our best way of understanding if
a node is about to get deleted. We want to do this only for eTP:Cluster services.

The goal is to connection draining terminating nodes
2023-07-10 10:30:54 +02:00
Dan Winship
e2900da46a Remove unnecessary utiliptables.Interface arg from local detectors
getLocalDetector() used to pass a utiliptables.Interface to
NewDetectLocalByCIDR() so that NewDetectLocalByCIDR() could verify
that the passed-in CIDR was of the same family as the iptables
interface. It would make more sense for getLocalDetector() to verify
this itself and just *not call NewDetectLocalByCIDR* if the families
don't match, and that's what the code does now. So there's no longer
any need to pass the utiliptables.Interface to the local detector.
2023-07-05 09:11:23 -04:00
Dan Winship
7690c6e812 Simplify getDualStackLocalDetectorTuple
Since the single-stack and dual-stack local-detector-getters now have
the same behavior in terms of error-checking and dual-stack config, we
can just replace the contents of getDualStackLocalDetectorTuple() with
a pair of calls to getLocalDetector().
2023-07-05 09:09:54 -04:00
Dan Winship
cefd50a753 Improve the single-stack LocalDetector behavior
1. When bringing up a single-stack kube-proxy in a dual-stack cluster,
allow using either the primary or secondary IP family.

2. Since the earlier config-checking code will already have bailed out
if the single-stack configuration is unusably broken, we don't need to
do that here. Instead, just return a no-op local detector if there are
no usable CIDRs of the expected IP family.
2023-07-05 09:06:25 -04:00
Dan Winship
bfccfa7016 Add names to the getLocalDetector unit tests, use t.Run 2023-07-05 09:06:25 -04:00
Dan Winship
a966d18608 Double-check the proxy configuration vs the available IP families 2023-07-03 08:34:06 -04:00
Dan Winship
1f2bf32e95 Figure out single-stack/dual-stack support before creating the proxier
Rather than having this as part of createProxier(), explicitly figure
out what IP families the proxier can support beforehand, and bail out
if this conflicts with the detected IP family.
2023-06-30 17:43:04 -04:00
Dan Winship
8abfa89e82 Move proxy platformSetup call, and do LocalDetector setup from there 2023-06-30 17:39:36 -04:00
Dan Winship
ebb0fdd4f6 Don't explicitly filter config.NodePortAddresses by IP family
There's no need to do this any more: proxyutil.NodePortAddresses does
it itself.
2023-06-30 12:32:59 -04:00
Dan Winship
a74b9fde3a Don't pass around full node in proxy constructor, just pass PodCIDRs 2023-06-30 11:30:17 -04:00
Kubernetes Prow Robot
b2042d6ce4
Merge pull request #118338 from aroradaman/mv-ipset
move pkg/util/ipset inside pkg/proxy/ipvs
2023-06-09 08:14:24 -07:00
Kubernetes Prow Robot
577d524f08
Merge pull request #118513 from danwinship/proxy-node-ip
kube-proxy startup node IP detection
2023-06-08 17:30:12 -07:00
Kubernetes Prow Robot
de7360d9bc
Merge pull request #118115 from TommyStarK/gh_118090
kube-proxy: remove log warning about not using config file
2023-06-08 15:40:24 -07:00
Dan Winship
4962e6eacb Squash detectNodeIP and nodeIPTuple together 2023-06-06 20:48:00 -04:00
Dan Winship
b69b34bec6 Move a kube-proxy unit test to the correct file 2023-06-06 16:01:03 -04:00
Antonio Ojea
26801d6541 kube-proxy avoid race condition using LocalModeNodeCIDR
Since kube-proxy in LocalModeNodeCIDR needs to obtain the PodCIDR
assigned to the node it watches for the Node object.

However, kube-proxy startup process requires to have these watches in
different places, that opens the possibility of having a race condition
if the same node is recreated and a different PodCIDR is assigned.

Initializing the second watch with the value obtained in the first one
allows us to detect this situation.

Change-Id: I6adeedb6914ad2afd3e0694dcab619c2a66135f8
Signed-off-by: Antonio Ojea <aojea@google.com>
2023-06-06 15:03:22 +00:00
TommyStarK
db2389ba9c kube-proxy: remove log warning about not using config file
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
2023-06-01 11:48:16 +02:00
Daman Arora
2d8c820741 move pkg/util/ipset inside pkg/proxy/ipvs
Signed-off-by: Daman Arora <aroradaman@gmail.com>
2023-05-31 00:30:20 +05:30
Lars Ekman
4aa5441de2 Move pkg/util/ipvs inside pkg/proxy/ipvs
Ipvs will never be used by any other component within K8s than
the proxy/ipvs

Signed-off-by: Lars Ekman <uablrek@gmail.com>
2023-05-27 18:37:50 +02:00
Dan Winship
6232ac734a Merge duplicated Linux/Windows kube-proxy setup code 2023-05-23 16:17:07 -04:00
Dan Winship
08ce580576 Add ProxyServer.platformSetup
Move the Linux-specific conntrack setup code into a new
"platformSetup" rather than trying to fit it into the generic setup
code.

Also move metrics registration there.
2023-05-23 16:17:04 -04:00
Kubernetes Prow Robot
64af2d93e5
Merge pull request #117295 from aojea/transport_cache_metrics
add new metric for the internal client-go cache size
2023-05-11 08:59:02 -07:00
Dan Winship
0c9f55588c Simplify creation of default KubeProxyConfiguration 2023-05-04 11:39:40 -04:00
Dan Winship
10a869fc75 Remove duplicated config fields from ProxyServer
Rather than duplicating some of the KubeProxyConfiguration into
ProxyServer, just store the KubeProxyConfiguration itself so later
code can reference it directly.

For the fields that get platform-specific defaults (Mode,
DetectLocalMode), fill the defaults directly into the
KubeProxyConfiguration rather than keeping the original there and the
defaulted version in the ProxyServer.
2023-05-03 10:15:37 -04:00
Dan Winship
c4575c3438 Fix up detect-local-mode validation
Validate the --detect-local-mode value in the API object validation
rather than doing it separately later. Also, remove runtime checks and
unit tests for cases that would be blocked by validation
2023-05-03 08:22:49 -04:00
Dan Winship
3734fe7ab1 Remove some useless error checks
Don't return errors in the event of programmer errors, and don't
double-check things that were already validated.
2023-05-03 08:22:45 -04:00
Paco Xu
e28f3de656
Revert "proxy startup-time config handling cleanup" 2023-04-30 09:05:42 +08:00
Dan Winship
258c4c4251 Remove duplicated config fields from ProxyServer
Rather than duplicating some of the KubeProxyConfiguration into
ProxyServer, just store the KubeProxyConfiguration itself so later
code can reference it directly.

For the fields that get platform-specific defaults (Mode,
DetectLocalMode), fill the defaults directly into the
KubeProxyConfiguration rather than keeping the original there and the
defaulted version in the ProxyServer.
2023-04-27 15:43:35 -04:00
Dan Winship
9d4f10f5d2 Fix up detect-local-mode validation
Validate the --detect-local-mode value in the API object validation
rather than doing it separately later. Also, remove runtime checks and
unit tests for cases that would be blocked by validation
2023-04-27 15:43:35 -04:00
Antonio Ojea
24e68b3c6a use client-go metrics not only rest_client
Change-Id: Id1a98fbaffd3e9db8dc719478ac1e7b4031ccbad
2023-04-25 20:06:05 +00:00
Dan Winship
a96358ac0f Remove some useless error checks
Don't return errors in the event of programmer errors, and don't
double-check things that were already validated.
2023-04-13 19:50:26 -04:00
Dan Winship
be101a748d Remove some unused winkernel arguments/fields/functions
The winkernel proxy was originally created by copying+pasting from the
iptables code, but some iptables-specific things were never removed
(and one function got left behind after its functionality was moved
into the shared proxy code).
2023-04-12 09:41:38 -04:00
Dan Winship
8a790ac2e1 Remove unused ProxyServer.EventClient field
The port to Events v1 left some cruft behind.
2023-04-12 09:41:38 -04:00
Dan Winship
9754386c76 Remove write-only ProxyServer fields 2023-04-12 09:41:37 -04:00
Dan Winship
fc8892d26d Add more labels (esp. area/kube-proxy) to sig-network OWNERS 2023-03-18 11:29:38 -04:00
Dan Winship
f994ae2521 Move GetHostname() from k/k/pkg/util/node to k/component-helpers/node/util
In fact, this actually uses pkg/util/node's GetHostname() but takes
the unit tests from cmd/kubeadm/app/util's private fork of that
function since they were more extensive. (Of course the fact that
kubeadm had a private fork of this function is a strong argument for
moving it to component-helpers.)
2023-01-27 18:24:38 -05:00
Patrick Ohly
bc6c7fa912 logging: fix names of keys
The stricter checking with the upcoming logcheck v0.4.1 pointed out these names
which don't comply with our recommendations in
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/migration-to-structured-logging.md#name-arguments.
2023-01-23 14:24:29 +01:00
Patrick Ohly
66dfac3b18 kube-proxy: support the logging feature gates
When trying to bring up a cluster via kubeadm with these feature gates enabled,
kube-proxy fails because it didn't know about them:

    kind: Cluster
    apiVersion: kind.x-k8s.io/v1alpha4
    nodes:
    - role: control-plane
    - role: worker
    - role: worker
    featureGates: {"DynamicResourceAllocation":true,"ContextualLogging":true}
    runtimeConfig: {"resource.k8s.io/v1alpha1":"true"}

    =>

    2023-01-20T07:07:54.474966617Z stderr F E0120 07:07:54.474846       1 run.go:74] "command failed" err="failed complete: unrecognized feature gate: ContextualLogging"

The effect of the logging feature gates is minor for kube-proxy, supporting
them is mostly useful for the sake of consistency and to support kubeadm.
2023-01-20 19:31:57 +01:00
Kubernetes Prow Robot
280473ebc4
Merge pull request #114773 from yangjunmyfm192085/fixsmallerrorlog
fix a small log error about proxy
2023-01-11 07:51:43 -08:00
Dan Winship
169604d906 Validate single-stack --nodeport-addresses sooner
In the dual-stack case, iptables.NewDualStackProxier and
ipvs.NewDualStackProxier filtered the nodeport addresses values by IP
family before creating the single-stack proxiers. But in the
single-stack case, the kube-proxy startup code just passed the value
to the single-stack proxiers without validation, so they had to
re-check it themselves. Fix that.
2023-01-03 09:01:45 -05:00
Dan Winship
e7ed7220eb Explicitly pass IP family to proxier
Rather than re-determining it from the iptables object in both proxies.
2023-01-03 09:01:45 -05:00
Dan Winship
fb84c4f0f0 Fix kube-proxy dual-stack-iptables-binary-presence check
Kube-proxy was checking that iptables supports both IPv4 and IPv6 and
falling back to single-stack if not. But it always fell back to the
primary IP family, regardless of which family iptables supported...
Fix it so that if the primary IP family isn't supported then it bails
out entirely.
2023-01-03 09:01:35 -05:00
JunYang
281a2bdd2f fix a small log error about proxy 2023-01-03 20:07:20 +08:00
JunYang
cc4126a010 use klog.InfoS instead of klog.V(0).Info-proxy part 2022-12-29 11:16:51 +08:00
Lars Ekman
cd15ca0548 proxy/ipvs: Check that a dummy virtual server can be added
This tests both ipvs and the configured scheduler
2022-12-22 20:36:53 +01:00