github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
37,227 Commits 1 Branch 31 Tags 1,019 MiB
901bbee2fd
Commit Graph

321 Commits

Author SHA1 Message Date
k8s-merge-robot
0cc0bd342f Merge pull request #20520 from thockin/iptables-test-nits 
Auto commit by PR queue bot
 2016-02-06 22:34:10 -08:00
Tim Hockin
1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin
107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin
41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough
c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian
589b7fdc92 Don't handshake with watch interrupt in proxy unittests. 2016-02-04 10:55:25 -08:00
Prashanth Balasubramanian
f9b96d2c71 Make sure at least one interrupt is buffered before dropping. 2016-02-03 19:23:17 -08:00
Prashanth Balasubramanian
e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin
11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin
f3de95ff41 test nits and a TODO for iptables tests 2016-02-02 14:19:16 -08:00
k8s-merge-robot
26202fc98a Merge pull request #18804 from marun/fix-nodeport-services 
Auto commit by PR queue bot
 2016-02-02 14:07:49 -08:00
Maru Newby
a5e00da867 Fix nodeport service compat with default-deny fw 2016-02-01 21:34:30 +00:00
harry
1032067ff9 Replace runtime reference by pkg 2016-02-01 21:06:44 +08:00
Harry Zhang
936a11e775 Use networking to hold network related pkgs 
Change names of unclear methods

Use net as pkg name for short
 2016-01-15 13:46:16 +08:00
David Oppenheimer
8ac484793d Comment out calls to httptest.Server.Close() to work around 
https://github.com/golang/go/issues/12262 . See #19254 for
more details. This change should be reverted when we upgrade
to Go 1.6.
 2016-01-11 23:02:11 -08:00
k8s-merge-robot
5b6a7c6012 Merge pull request #18524 from thockin/kube-proxy-close 
Auto commit by PR queue bot
 2015-12-17 01:33:12 -08:00
Wojciech Tyczynski
960808bf08 Switch to versioned ListOptions in client. 2015-12-14 14:26:09 +01:00
Tim Hockin
ad07709461 Fully close sockets in kube-proxy 
We were trying to be clever and respect TCP's notion of half-open sockets, but
it causes leaks when we can't unblock io.Copy().  This fixes those leaks and
seems to follow most expectations.  I think we were just be too clever.
 2015-12-10 11:34:13 -08:00
Wojciech Tyczynski
b0fcb5adef Pass ListOptions to List in ListWatch. 2015-12-07 11:53:53 +01:00
Wojciech Tyczynski
b6ef62af24 Use unversioned.ListOptions in clients. 2015-11-24 16:52:09 +01:00
Tim Hockin
970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot
36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah
5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal
e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
Wojciech Tyczynski
d47e21f19f Reuse TCP connections in Reflector between resync periods. 2015-10-26 19:35:25 +01:00
Saad Ali
06113d3b87 Merge pull request #16137 from ArtfulCoder/externalIPFix 
release NodePort correctly
 2015-10-23 12:03:38 -07:00
Abhishek Shah
7c64802f48 release NodePort correctly 2015-10-22 16:36:52 -07:00
Abhishek Shah
d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot
18ad5f8cdf Merge pull request #15745 from ArtfulCoder/reduceTimeout 
Auto commit by PR queue bot
 2015-10-19 13:02:17 -07:00
k8s-merge-robot
75c977d200 Merge pull request #15596 from zhengguoyong/alias_util_errors_packagename 
Auto commit by PR queue bot
 2015-10-19 02:35:37 -07:00
Jordan Liggitt
55cd3f1030 Platform-specific setRLimit implementations 2015-10-18 21:26:39 -04:00
eulerzgy
f8f9afb874 alias local packagename for pkg/util/errors 2015-10-18 09:37:46 +08:00
Abhishek Shah
de214829f6 Update endpoint dialTimeouts to reasonable values 2015-10-16 14:57:43 -07:00
derekwaynecarr
970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson
b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
Alex Robinson
c1012d8c93 Merge pull request #14882 from ArtfulCoder/logformat 
fixed log format
 2015-10-05 10:50:30 -07:00
qiaolei
718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
k8s-merge-robot
fb4882620f Merge pull request #14611 from MikaelCluseau/wip-optional-sysctl 
Auto commit by PR queue bot
 2015-10-01 00:28:38 -07:00
Abhishek Shah
6278b5f648 fixed log format 2015-09-30 16:29:32 -07:00
Mikaël Cluseau
4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
Tim Hockin
3c36439665 Don't log every connection by default 2015-09-25 14:02:24 -07:00
Tim Hockin
7509bf6318 Set UDP timeout to 1/4 second 2015-09-25 14:02:24 -07:00
Abhishek Shah
6945cb050c Set rlimit for openfile handles to 64k 2015-09-18 10:53:55 -07:00
Daniel Martí
586cb9126a Move pkg/util.Time to pkg/api/unversioned.Time 
Along with our time.Duration wrapper, as suggested by @lavalamp.
 2015-09-17 17:51:27 -07:00
k8s-merge-robot
bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Alex Mohr
2cf207ec60 Merge pull request #13992 from aveshagarwal/userspace-proxy-typo 
Fixes error message.
 2015-09-16 21:49:19 -07:00
Tim Hockin
84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Avesh Agarwal
a84e49aaab Fixes error message. 2015-09-15 14:37:56 -04:00
Dan Winship
30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship
8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith
b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith
15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
Daniel Smith
9fc8a79e37 Revert "Revert "Don't take the proxy mutex in the traffic path"" 2015-09-01 16:40:11 -07:00
Daniel Smith
46ae7e87c7 Increase timeout to fix flaky tests 2015-09-01 16:08:13 -07:00
Daniel Smith
a20d7ca481 Revert "Don't take the proxy mutex in the traffic path" 2015-09-01 13:33:05 -07:00
k8s-merge-robot
3d51f524b5 Merge pull request #13386 from danwinship/iptables-w 
Auto commit by PR queue bot
 2015-09-01 13:07:57 -07:00
Tim Hockin
f0a9badd2d Don't take the proxy mutex in the traffic path 
This should make throughput better on the userspace proxier.

Fixes #11977
 2015-08-31 17:01:52 -07:00
Dan Winship
a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin
8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Tim Hockin
5087ae6c93 Hold node-ports for publicIPs for local IPs 2015-08-24 16:32:44 -07:00
Tim Hockin
f5a9281a26 Actually hold NodePorts open in kube-proxy 2015-08-24 16:32:44 -07:00
Nikhil Jindal
9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin
16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00
BenTheElder
81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00
Jerzy Szczepkowski
3df1b9e151 Merge pull request #12986 from BenTheElder/masquerade_all_flag 
Add flag to masquerade all in kube-proxy when using iptables proxier
 2015-08-21 10:28:07 +02:00
BenTheElder
1f2076ce64 Add flag to masquerade all in kube-proxy when using iptables proxier 2015-08-20 20:12:32 -04:00
Abhishek Shah
b6b8e99393 External IPs support. 2015-08-20 16:10:01 -07:00
jiangyaoguo
5a95eb7326 Test UDP timeout 2015-08-19 21:50:43 +08:00
Kris Rousey
ae6c64d9bb Moving everyone to unversioned client 2015-08-18 10:23:03 -07:00
Tim Hockin
6f34be30a3 Limit float precision to 5 points 2015-08-17 20:57:44 -07:00
Tim Hockin
7e9c685ba6 Require same min iptables version as -C 2015-08-17 20:57:44 -07:00
Tim Hockin
3a5c23d727 test for and set bridge-nf-call-iptables sysctl 2015-08-17 20:57:44 -07:00
Tim Hockin
9cf33772b4 test for and set route_localnet sysctl 2015-08-17 20:52:06 -07:00
Tim Hockin
f1a48574a6 Clean up logging, make initial sync faster 2015-08-17 20:52:06 -07:00
Tim Hockin
d72892d0b0 Include protocol in the hash for chain names 2015-08-17 20:52:06 -07:00
Tim Hockin
731d5e5191 Clean up iptables rules, add nodeport support 2015-08-17 20:52:06 -07:00
Tim Hockin
d14c98f6cc Add nodepoprt chain and link it in, add unused MASQ rule 2015-08-17 20:52:06 -07:00
Robert Bailey
6fcdcec25d Merge pull request #12658 from sdminonne/bug_fix2 
to fix govet issue
 2015-08-17 10:58:10 -07:00
Tim Hockin
776132e1ae Make kube-proxy iptables sync period configurable 2015-08-13 09:53:32 -07:00
Salvatore Dario Minonne
48018c402c to fix govet issue 2015-08-13 17:26:43 +02:00
BenTheElder
8006a39cc3 Fix #12596 
Fix for https://github.com/kubernetes/kubernetes/issues/12596
Disconnect the pure-iptables proxy’s services chain when starting the
userspace proxy.
 2015-08-12 20:06:09 -04:00
BenTheElder
ae569e20b5 Partially Implement #3760 2015-08-12 02:39:15 -04:00
Piotr Szczesniak
1df0267f4a Merge pull request #12551 from eparis/underscore-to-dash 
Update code and docs to use - in flag names instead of _
 2015-08-12 07:16:31 +02:00
Kris Rousey
565189f5b8 Correcting all go vet errors 2015-08-11 13:55:37 -07:00
Eric Paris
5aa495cdad Update code to use - in flag names instead of _ 2015-08-11 16:31:52 -04:00
Alex Robinson
c5e221dca7 Merge pull request #12440 from BenTheElder/proxy_config_handler_refactor 
Refactor `pkg/proxy/config`'s ServiceConfigHandler and EndpointsConfigHandler.
 2015-08-10 09:44:38 -07:00
Veres Lajos
9f77e49109 typofix - https://github.com/vlajos/misspell_fixer 2015-08-08 22:31:48 +01:00
BenTheElder
6bbf2aaab7 Refactor pkg/proxy/config's ServiceConfigHandler and EndpointsConfigHandler to have different update methods. 
Refactor `pkg/proxy/config`’s ServiceConfigHandler.OnUpdate and
EndpointsConfigHandler.OnUpdate to different method names as they have
different signatures.

This will let the new proxy
(https://github.com/GoogleCloudPlatform/kubernetes/issues/3760)
implement both interfaces.

Since we won’t need a separate loadbalancer structure (load balancing
is handled in the proxy rules), we will simply handle both event types
from the same object.
 2015-08-08 15:16:55 -04:00
BenTheElder
f6d257c0f3 fix missing import in roundrobin_test.go 2015-08-08 00:02:35 -04:00
BenTheElder
962a7b492b in pkg/proxy, merge proxy_provider.go and service_port_name.go to types.go 2015-08-07 21:10:34 -04:00
BenTheElder
1f6baa6549 Move userspace code to sub-package in proxy. 
Moves the userspace code in proxy to a sub-package and adds the
ProxyProvider interface.

This is in preparation for landing an implementation of
https://github.com/GoogleCloudPlatform/kubernetes/issues/3760, which
will mostly be in another sub package for iptables.
 2015-08-07 20:07:15 -04:00
BenTheElder
5867fca8bf Fix iptables Interface mocking, move Restore/RestoreAll to shared impl 
also put TODO for unit tests, move defer file deletion until after file
creation error is checked.
 2015-08-07 19:08:21 -04:00
Mike Danese
17defc7383 run gofmt on everything we touched 2015-08-05 17:52:56 -07:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Abhishek Shah
4bbecea4e6 Changed udpIdleTimeout to 1 second from 10 seconds 2015-08-03 15:32:59 -07:00
jiangyaoguo
79ed954ec2 replace Reflector with client.cache.Reflector in kube-proxy 2015-06-29 11:21:50 +08:00
James DeFelice
4abcf7449c implementation of proxy port allocation 2015-06-02 12:28:25 +00:00
Tim Hockin
ac3cc3c518 Rename PORTAL_NET all over 2015-05-28 16:10:44 -07:00
Tim Hockin
4318ca5a8b Rename 'portal IP' to 'cluster IP' most everywhere 
This covers obvious transforms, but not --portal_net, $PORTAL_NET and
similar.
 2015-05-28 16:10:44 -07:00
Tim Hockin
bd2314fa78 Fix session affinity in kube-proxy 2015-05-26 17:19:29 -07:00