github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
122,180 Commits 1 Branch 31 Tags
a2fb1b51aca61d03a2081bc226ab01a641271ce6
Commit Graph

447 Commits

Author SHA1 Message Date
Dan Winship
a9cd57fa40 proxy/ipvs: add filter table support to ipsetWithIptablesChain 2022-06-22 12:53:18 -04:00
Dan Winship
400d474bac proxy/ipvs: fix some identifiers 
kubeLoadbalancerFWSet was the only LoadBalancer-related identifier
with a lowercase "b", so fix that.

rename TestLoadBalanceSourceRanges to TestLoadBalancerSourceRanges to
match the field name (and the iptables proxier test).
 2022-06-13 09:13:15 -04:00
Dan Winship
0b1e364814 proxy/ipvs: fix a few comments 2022-06-12 20:30:47 -04:00
gkarthiks
1fd959e256 refactor: serviceNameString to svcptNameString 
Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>

refactor: svc port name variable #108806

Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>

refactor: rename struct for service port information to servicePortInfo and fields for more redability

Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>

fix: drop chain rule

Signed-off-by: gkarthiks <github.gkarthiks@gmail.com>
 2022-05-22 03:31:00 -07:00
Dan Winship
b0d9c063a8 unexport mistakenly-exported constants 2022-05-06 07:33:29 -04:00
Dan Winship
84ad54f0e5 Don't increment "no local endpoints" metric when there are no remote endpoints 
A service having no _local_ endpoints when it does have remote
endpoints is different from a service having no endpoints at all.
 2022-05-04 12:38:17 -04:00
Johannes Scheerer
a3b7f219a1 Cleanup KUBE-NODE-PORT chain in filter table. 
When cleaning up iptables rules and ipsets used by kube-proxy in IPVS mode
iptables chain KUBE-NODE-PORT needs to be deleted before ipset
KUBE-HEALTH-CHECK-NODE-PORT can be removed. Therefore, deletion of
iptables chain KUBE-NODE-PORT is added in this change.
 2022-04-04 16:10:06 +02:00
Max Renaud
6454248b6b Moved counting logic to accommodate rebase 2022-04-01 15:52:21 +00:00
Max Renaud
61b7e6c49c Changed usage of NodeLocal* to *PolicyLocal 2022-03-31 18:55:47 +00:00
Max Renaud
198367a486 Added test where both policies are set 2022-03-31 18:54:28 +00:00
Max Renaud
ba4f5c4e7b use sets.String for tracking IPVS no local endpoint metric 2022-03-31 18:54:27 +00:00
Max Renaud
f0dfac5d07 Add sync_proxy_rules_no_local_endpoints_total metric 2022-03-31 18:54:23 +00:00
Kubernetes Prow Robot
f2e5c16545 Merge pull request #109060 from thockin/kube-proxy-rule-cleanups-after-106497 
Kube proxy rule reorg XLB->EXT
 2022-03-31 00:11:01 -07:00
Tim Hockin
30c1523708 kube-proxy: Renames for readability 2022-03-30 09:55:32 -07:00
Lars Ekman
61085a7589 Ipvs: non-local access to externalTrafficPolicy:Local 
Allow access to externalTrafficPolicy:Local services from PODs
not on a node where a server executes. Problem described in #93456
 2022-03-29 21:42:39 +02:00
Dan Winship
548cf9d5de proxy/iptables: fix internal-vs-external traffic policy handling 
Fix internal and external traffic policy to be handled separately (so
that, in particular, services with Local internal traffic policy and
Cluster external traffic policy do not behave as though they had Local
external traffic policy as well.

Additionally, traffic to an `internalTrafficPolicy: Local` service on
a node with no endpoints is now dropped rather than being rejected
(which, as in the external case, may prevent traffic from being lost
when endpoints are in flux).
 2022-03-26 11:06:34 -04:00
Dan Winship
e3549646ec pkg/proxy: Simplify LocalTrafficDetector 
Now that we don't have to always append all of the iptables args into
a single array, there's no reason to have LocalTrafficDetector take in
a set of args to prepend to its own output, and also not much point in
having it write out the "-j CHAIN" by itself either.
 2022-03-18 16:09:04 -04:00
Khaled (Kal) Henidak
c4a00b7d90 ipvs: remove port opener 2022-03-04 21:10:55 +00:00
cyclinder
97bd6e977d kube-proxy should log the payload when iptables-restore fails 
Signed-off-by: cyclinder <qifeng.guo@daocloud.io>
 2021-12-23 09:50:56 +08:00
Kubernetes Prow Robot
67a352e85f Merge pull request #101429 from Nordix/issues-93858 
Kube-proxy/ipvs; Use go "net" lib to get nodeIPs
 2021-11-15 11:26:48 -08:00
Lars Ekman
9f37096c38 Kube-proxy/ipvs; Use go "net" lib to get nodeIPs 
The nodeIPs to be used for nodePorts were collected using
netlink which was unnecessary complex and caused se #93858
 2021-11-13 15:07:47 +01:00
Neha Lohia
fa1b6765d5 move pkg/util/node to component-helpers/node/util (#105347) 
Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>
 2021-11-12 07:52:27 -08:00
Quan Tian
95a706ba7c Remove redundant forwarding rule in filter table 2021-11-11 10:27:53 +08:00
Dan Winship
ab67a942ca proxy/iptables, proxy/ipvs: Remove an unnecessary check 
The iptables and ipvs proxiers both had a check that none of the
elements of svcInfo.LoadBalancerIPStrings() were "", but that was
already guaranteed by the svcInfo code. Drop the unnecessary checks
and remove a level of indentation.
 2021-11-09 09:32:50 -05:00
Tim Hockin
731dc8cf74 Fix regression in kube-proxy (#106214) 
* Fix regression in kube-proxy

Don't use a prepend() - that allocates.  Instead, make Write() take
either strings or slices (I wish we could express that better).

* WIP: switch to intf

* WIP: less appends

* tests and ipvs
 2021-11-08 15:14:49 -08:00
Tim Hockin
f662170ff7 kube-proxy: make iptables buffer-writing cleaner 2021-11-05 12:28:19 -07:00
Shivanshu Raj Shrivastava
86aed49a18 Migrated ipvs/proxier.go(remaining) to structured logging (#105770) 
* fixed improperly migrated logs

* fixed improperly migrated logs

* add
 2021-10-21 08:41:57 -07:00
Shivanshu Raj Shrivastava
d3f81a1be6 Migrated server.go, ipvs/proxier.go(partial) to structured logging (#105769) 
* fixed improperly migrated logs

* fixed improperly migrated logs

* fixed improperly migrated logs

* fixed improperly migrated logs

* Update cmd/kube-proxy/app/server.go

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

* Update pkg/proxy/ipvs/proxier.go

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

* Update pkg/proxy/ipvs/proxier.go

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

* Update pkg/proxy/ipvs/proxier.go

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

* Update pkg/proxy/ipvs/proxier.go

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>

Co-authored-by: Marek Siarkowicz <marek.siarkowicz@protonmail.com>
 2021-10-20 02:54:11 -07:00
Lars Ekman
4d6db6f1fc Clear initial UDP conntrack entries for loadBalancerIPs 2021-09-25 16:03:56 +02:00
Ricardo Pchevuzinske Katz
37d11bcdaf Move node and networking related helpers from pkg/util to component helpers 
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
 2021-09-16 17:00:19 -03:00
Kubernetes Prow Robot
648559b63e Merge pull request #104742 from khenidak/health-check-port 
change health-check port to listen to node port addresses
 2021-09-13 15:43:52 -07:00
Kubernetes Prow Robot
31befb684c Merge pull request #104801 from danwinship/drop-endpoints-handler 
Drop broken/no-op proxyconfig.EndpointsHandler implementations
 2021-09-13 12:16:02 -07:00
Khaled (Kal) Henidak
acdf50fbed change proxiers to pass nodePortAddresses 2021-09-13 18:27:07 +00:00
Dan Winship
7f6fbc4482 Drop broken/no-op proxyconfig.EndpointsHandler implementations 
Because the proxy.Provider interface included
proxyconfig.EndpointsHandler, all the backends needed to
implement its methods. But iptables, ipvs, and winkernel implemented
them as no-ops, and metaproxier had an implementation that wouldn't
actually work (because it couldn't handle Services with no active
Endpoints).

Since Endpoints processing in kube-proxy is deprecated (and can't be
re-enabled unless you're using a backend that doesn't support
EndpointSlice), remove proxyconfig.EndpointsHandler from the
definition of proxy.Provider and drop all the useless implementations.
 2021-09-13 09:32:38 -04:00
Kubernetes Prow Robot
a402f1753c Merge pull request #104756 from tnqn/ipvs-sctp-masquerade 
Fix client IP preservation for NodePort service with protocol SCTP
 2021-09-09 15:34:56 -07:00
Quan Tian
9ee3ae748b Fix client IP preservation for NodePort service with protocol SCTP 
The iptables rule that matches kubeNodePortLocalSetSCTP must be inserted
before the one matches kubeNodePortSetSCTP, otherwise all SCTP traffic
would be masqueraded regardless of whether its ExternalTrafficPolicy is
Local or not.

To cover the case in tests, the patch adds rule order validation to
checkIptables.
 2021-09-06 18:54:35 +08:00
Kubernetes Prow Robot
d3621ae008 Merge pull request #101303 from wangyx1992/capatial-log-proxy 
cleanup: fix errors in wrapped format and log capitalization in proxy
 2021-09-03 10:01:50 -07:00
Kubernetes Prow Robot
571a3f6f2f Merge pull request #103896 from july2993/read 
Remove wrong comment
 2021-09-02 21:27:49 -07:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Jiahao Huang
ee1bec1e6a Remove wrong comment 
It does not assume proxier.mu is held because it locks it at the first
line.
 2021-07-25 14:19:11 +08:00
Lars Ekman
b6b3a69284 Don't set sysctl net.ipv4.vs.conn_reuse_mode for kernels >=5.9 2021-07-08 09:41:12 +02:00
Swetha Repakula
0a42f7b989 Graduate EndpointSliceProxying and WindowsEndpointSliceProxying Gates 2021-07-07 13:33:30 -07:00
Kubernetes Prow Robot
96dff7d0c7 Merge pull request #102832 from Yuan-Junliang/migrateProxyEventAPI 
Migrate kube-proxy event to use v1 Event API
 2021-07-05 17:44:17 -07:00
Swetha Repakula
03b7a699c2 Kubeproxy uses V1 EndpointSlice 2021-06-30 18:41:57 -07:00
Kubernetes Prow Robot
db3a216fbb Merge pull request #97238 from andrewsykim/kube-proxy-handle-terminating 
kube-proxy handle terminating endpoints
 2021-06-28 20:46:40 -07:00
wangyx1992
c85e567a3d cleanup: fix errors in wrapped format and log capitalization in proxy 
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
 2021-06-28 04:39:15 +08:00
Yuan-Junliang
2e06066bab Migrate kube-proxy to use v1 Event API 2021-06-13 18:57:52 +08:00
Andrew Sy Kim
9d4e24aa32 proxier/ipvs: fall back to ready terminating if no ready endpoint exists 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-06-04 15:15:40 -04:00
Shiming Zhang
506fabc9ab Close the used modules file 2021-06-03 15:50:21 +08:00
Kubernetes Prow Robot
1d38084930 Merge pull request #97796 from JornShen/proxier_ipvs_structured_logging 
migrate proxy/ipvs/proxier.go logs to structured logging
 2021-05-16 20:05:59 -07:00