github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
41,136 Commits 1 Branch 31 Tags 1,019 MiB
84d0a5d1d9
Commit Graph

358 Commits

Author SHA1 Message Date
Minhan Xia
b31874fe82 bug fixes and nits 2016-08-18 10:19:59 -07:00
Minhan Xia
1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith
2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia
643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
Girish Kalele
5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Lucas Käldström
c88a07ce1a Run goimports 2016-08-02 15:12:39 +03:00
Michal Rostecki
59ca5986dd Print/log pointers of structs with %#v instead of %+v 
There are many places in k8s where %+v is used to format a pointer
to struct, which isn't working as expected.

Fixes #26591
 2016-08-01 22:27:56 +02:00
Davanum Srinivas
2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
k8s-merge-robot
04602bb9e5 Merge pull request #28655 from freehan/kubeproxyfix 
Automatic merge from submit-queue

Don't delete affinity when endpoints are empty

closes: #25316
 2016-07-08 11:28:43 -07:00
Minhan Xia
e1df5c8b30 fix proxy unit tests 2016-07-07 17:43:22 -07:00
k8s-merge-robot
3895cede49 Merge pull request #28434 from thockin/br-netfilter-warning 
Automatic merge from submit-queue

Remove br_netfilter warning in kube-proxy

Many distros have this module linked in, generating a spurious error.

Fixes #23385
 2016-07-07 10:27:20 -07:00
bin liu
426fdc431a Merge branch 'master' into fix-typos 2016-07-04 11:20:47 +08:00
Tim Hockin
04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
Minhan Xia
51dcff40e6 Merge remote-tracking branch 'thockin/userspace-proxy-affinity-25314' into kubeproxyfix 2016-07-01 11:48:02 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
bin liu
fd27cd47f7 fix some typos 
Signed-off-by: bin liu <liubin0329@gmail.com>
 2016-06-22 18:14:26 +08:00
Minhan Xia
6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
k8s-merge-robot
f9b8fd0c96 Merge pull request #25011 from zhouhaibing089/addclose 
Automatic merge from submit-queue

followup to add http server close method

Fixes #25009, a follow up of https://github.com/kubernetes/kubernetes/pull/24595.
 2016-05-09 22:32:02 -07:00
Tim Hockin
9052eddaf6 Don't delete affinity when endpoints are empty 
This only affects the userspace kube-proxy.
 2016-05-07 21:23:50 -07:00
zhouhaibing089
5923fd352e followup to add http server close method 2016-05-05 12:04:41 +08:00
Gao Zheng
c75cb94be6 Squashed commit of the following: 
commit 7bf1a05f61b78196c8d272e0d55980ba2254e81d
Author: gaozheng <gaozheng0123@163.com>
Date:   Thu Apr 28 01:23:42 2016 +0000

    fix gofmt

commit 54f6fa6ca76ee0fc5c4f8609fb2f875111ce2141
Author: Gao Zheng <gaozheng0123@163.com>
Date:   Sat Apr 23 13:09:41 2016 +0000

    reset session affinity if endpoint is unconnected
 2016-05-03 01:36:32 +00:00
Clayton Coleman
fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia
0d36dc7000 added test for revertPorts 2016-04-26 14:23:06 -07:00
Minhan Xia
56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann
dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
k8s-merge-robot
767fa6913d Merge pull request #24118 from smarterclayton/proxy_args 
Automatic merge from submit-queue

Allow Proxy to be initialized with store
 2016-04-21 04:42:43 -07:00
goltermann
3fa6c6f6d9 Enable vet 2016-04-20 09:48:24 -07:00
CJ Cullen
760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia
ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia
4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Clayton Coleman
a5152a4005 Allow Proxy to be initialized with store 
The proxy should be able to reuse a store on initialization.
Minor cleanup to make experimentation with the proxy easier.
 2016-04-11 23:30:58 -04:00
Eric Paris
5e5a823294 Move blunderbuss assignees into tree 2016-03-02 20:46:32 -05:00
Dan Williams
6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot
b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre
9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
Jan Chaloupka
4389b3f0d6 Rewritte util.* -> wait.* wherever reasonable 2016-02-07 12:02:20 +01:00
k8s-merge-robot
c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
k8s-merge-robot
0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin
1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin
107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin
41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough
c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian
589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian
f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian
e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin
11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin
f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot
26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby
a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry
1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang
936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer
8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot
5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski
960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin
ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski
b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski
b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin
970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot
36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah
5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal
e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski
d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali
06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah
7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah
d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot
18ad5f8cdf Merge pull request #15745 from ArtfulCoder/reduceTimeout 
Auto commit by PR queue bot
 2015-10-19 13:02:17 -07:00
k8s-merge-robot
75c977d200 Merge pull request #15596 from zhengguoyong/alias_util_errors_packagename 
Auto commit by PR queue bot
 2015-10-19 02:35:37 -07:00
Jordan Liggitt
55cd3f1030 Platform-specific setRLimit implementations 2015-10-18 21:26:39 -04:00
eulerzgy
f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Abhishek Shah
de214829f6 Update endpoint dialTimeouts to reasonable values 2015-10-16 14:57:43 -07:00
derekwaynecarr
970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson
b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
Alex Robinson
c1012d8c93 Merge pull request #14882 from ArtfulCoder/logformat 
fixed log format
 2015-10-05 10:50:30 -07:00
qiaolei
718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
k8s-merge-robot
fb4882620f Merge pull request #14611 from MikaelCluseau/wip-optional-sysctl 
Auto commit by PR queue bot
 2015-10-01 00:28:38 -07:00
Abhishek Shah
6278b5f648 fixed log format 2015-09-30 16:29:32 -07:00
Mikaël Cluseau
4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Tim Hockin
3c36439665 Don't log every connection by default 2015-09-25 14:02:24 -07:00
Tim Hockin
7509bf6318 Set UDP timeout to 1/4 second 2015-09-25 14:02:24 -07:00
Abhishek Shah
6945cb050c Set rlimit for openfile handles to 64k 2015-09-18 10:53:55 -07:00
Daniel Martí
586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot
bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Alex Mohr
2cf207ec60 Merge pull request #13992 from aveshagarwal/userspace-proxy-typo 
Fixes error message.
 2015-09-16 21:49:19 -07:00
Tim Hockin
84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Avesh Agarwal
a84e49aaab Fixes error message. 2015-09-15 14:37:56 -04:00
Dan Winship
30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship
8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith
b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith
15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
Daniel Smith
9fc8a79e37 Revert "Revert "Don't take the proxy mutex in the traffic path"" 2015-09-01 16:40:11 -07:00
Daniel Smith
46ae7e87c7 Increase timeout to fix flaky tests 2015-09-01 16:08:13 -07:00
Daniel Smith
a20d7ca481 Revert "Don't take the proxy mutex in the traffic path" 2015-09-01 13:33:05 -07:00
k8s-merge-robot
3d51f524b5 Merge pull request #13386 from danwinship/iptables-w 
Auto commit by PR queue bot
 2015-09-01 13:07:57 -07:00
Tim Hockin
f0a9badd2d Don't take the proxy mutex in the traffic path 
This should make throughput better on the userspace proxier.

Fixes #11977
 2015-08-31 17:01:52 -07:00
Dan Winship
a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin
8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Tim Hockin
5087ae6c93 Hold node-ports for publicIPs for local IPs 2015-08-24 16:32:44 -07:00
Tim Hockin
f5a9281a26 Actually hold NodePorts open in kube-proxy 2015-08-24 16:32:44 -07:00
Nikhil Jindal
9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin
16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00