Commit Graph

1965 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
ff90c1cc73
Merge pull request #119374 from danwinship/kep-3178-ga
move KEP-3178 IPTablesOwnershipCleanup to GA
2023-07-17 15:53:47 -07:00
Dan Winship
d486736dd3 Remove IPTablesOwnershipCleanup checks and dead code 2023-07-17 16:51:47 -04:00
Kubernetes Prow Robot
56f6030125
Merge pull request #119353 from aojea/proxy_metrics
aggregate kube-proxy metrics
2023-07-17 11:41:21 -07:00
Aohan Yang
7eab0d7a0d Proxy changes for IP mode field 2023-07-17 16:02:36 +08:00
Kubernetes Prow Robot
71f8a2405d
Merge pull request #119333 from liggitt/flushfrequencystring
Conditionally serialize flushFrequency as int
2023-07-16 07:09:06 -07:00
Jordan Liggitt
6c0ea702d4
Conditionally serialize flushFrequency as int 2023-07-16 08:37:37 -04:00
Antonio Ojea
19f61caabe aggregate kube-proxy metrics
Instead of using two metrics use just one metrics with multiple labels,
since the labels can only get 2 values, 200 or 503 there is no risk of
carindality explosion and are simple to represent in graphs.

Change-Id: I0e9cbd6ec2051de44d277d673dc20f02b96aa4d1
2023-07-16 11:47:19 +00:00
Kubernetes Prow Robot
f34365789d
Merge pull request #116470 from alexanderConstantinescu/kep-3836-impl
[Kube-proxy]: Implement KEP-3836
2023-07-15 05:43:04 -07:00
Kubernetes Prow Robot
ffa4c26321
Merge pull request #119140 from danwinship/iptables-metrics
fix sync_proxy_rules_iptables_total metric
2023-07-14 07:36:01 -07:00
Dan Winship
883d0c3b71 Add a dummy implementation of proxyutil.LineBuffer
Rather than actually assembling all of the rules we aren't going to
use, just count them and throw them away.
2023-07-14 08:38:25 -04:00
Kubernetes Prow Robot
adbc309123
Merge pull request #119288 from danwinship/proxy-testing-cleanup
minor proxy unit testing cleanups
2023-07-13 13:42:05 -07:00
Kubernetes Prow Robot
d37c62dcbf
Merge pull request #117800 from cyclinder/loggin_format
Add '--logging-format' flag to kube-proxy
2023-07-13 08:40:37 -07:00
Dan Winship
9914909f5a Define tcpProtocol in one place in the unit tests rather than many 2023-07-13 10:26:33 -04:00
Dan Winship
967ef29378 Remove/clarify two FIXME comments in the proxier unit test
When I first wrote TestInternalExternalMasquerade, I put "FIXME"
comments in all of the cases that seemed wrong to me, most of which
got removed as we fixed the corner cases. But there were two cases
where we decided that the implemented behavior, though odd, was
correct, and those FIXMEs never got removed.
2023-07-13 10:26:29 -04:00
Dan Winship
1437594786 Remove some stray references to the ProxyTerminatingEndpoints feature gate
All the code to deal with enabling/disabling the feature gate is gone,
but some of the tests were still specifying "this test case assumes
PTE is enabled".
2023-07-13 10:26:25 -04:00
Dan Winship
4835d9e137 Belatedly clean up some "Endpoints" vs "EndpointSlice" distinctions in the unit tests
Remove "EndpointSlice" from some unit test names, because they don't
need to clarify that they use EndpointSlices now, because all of the
tests use EndpointSlices now.

Likewise, remove TestEndpointSliceE2E entirely; it was originally an
EndpointSlice version of one of the other tests, but the other test
uses EndpointSlices now too.
2023-07-13 09:41:32 -04:00
cyclinder
71ef0dafa7 add flag 'logging-format' to kube-proxy 2023-07-13 14:33:33 +08:00
Kubernetes Prow Robot
5130dad2cf
Merge pull request #118408 from danwinship/local-detector
kube-proxy local traffic detector single-vs-dual-stack cleanup
2023-07-11 21:19:11 -07:00
Alexander Constantinescu
08dd657a71 Implement metrics agreed on the KEP 2023-07-10 10:32:02 +02:00
Alexander Constantinescu
9b1c4c7b57 Implement KEP-3836
TL;DR: we want to start failing the LB HC if a node is tainted with ToBeDeletedByClusterAutoscaler.
This field might need refinement, but currently is deemed our best way of understanding if
a node is about to get deleted. We want to do this only for eTP:Cluster services.

The goal is to connection draining terminating nodes
2023-07-10 10:30:54 +02:00
Kubernetes Prow Robot
2d42274ac7
Merge pull request #118999 from cezarygerard/health-service
kube-proxy service health: add new  header with number of local endpoints
2023-07-07 15:49:05 -07:00
Dan Winship
68ed020b2a Split IptablesRulesTotal metric into two different metrics
Historically, IptablesRulesTotal could have been intepreted as either
"the total number of iptables rules kube-proxy is responsible for" or
"the number of iptables rules kube-proxy rewrote on the last sync".
Post-MinimizeIPTablesRestore, these are very different things (and
IptablesRulesTotal unintentionally became the latter).

Fix IptablesRulesTotal (sync_proxy_rules_iptables_total) to be "the
total number of iptables rules kube-proxy is responsible for" and add
IptablesRulesLastSync (sync_proxy_rules_iptables_last) to be "the
number of iptables rules kube-proxy rewrote on the last sync".
2023-07-07 09:04:04 -04:00
Dan Winship
02c59710ea Test the IptablesRulesTotal metric in TestSyncProxyRulesRepeated
This required fixing a small bug in the metric, where it had
previously been counting the "-X" lines that had been passed to
iptables-restore to delete stale chains, rather than only counting the
actual rules.
2023-07-06 15:48:48 -04:00
Dan Winship
e2900da46a Remove unnecessary utiliptables.Interface arg from local detectors
getLocalDetector() used to pass a utiliptables.Interface to
NewDetectLocalByCIDR() so that NewDetectLocalByCIDR() could verify
that the passed-in CIDR was of the same family as the iptables
interface. It would make more sense for getLocalDetector() to verify
this itself and just *not call NewDetectLocalByCIDR* if the families
don't match, and that's what the code does now. So there's no longer
any need to pass the utiliptables.Interface to the local detector.
2023-07-05 09:11:23 -04:00
Dan Winship
bb0c3a0818 Remove proxyutil.IsProxyableIP / IsProxyableHostname
These don't belong in pkg/proxy/util; they involve a completely
unrelated definition of proxying.

Since each is only used from one place, just inline them at the
callers.
2023-07-01 08:49:38 -04:00
Cezary Zawadka
4e6aa5fb86 kube-proxy service health: add new return header with number of local endpoints
- add new header "X-Load-Balancing-Endpoint-Weight" returned from service health. Value of the header is number of local endpoints. Header can be used in weighted load balancing. Parsing header for number of endpoints is faster than unmarshalling json from the content body.

- add missing unit test for new and old headers returned from service health
2023-06-30 11:25:48 +02:00
Dan Winship
5bde9404a0 Remove unused error return value from internal function 2023-06-15 05:22:11 -04:00
carlory
5e048041e4 remove helper function for unused storage feature in pkg/proxy/util 2023-06-13 09:22:59 +08:00
Kubernetes Prow Robot
b2042d6ce4
Merge pull request #118338 from aroradaman/mv-ipset
move pkg/util/ipset inside pkg/proxy/ipvs
2023-06-09 08:14:24 -07:00
Dan Winship
4962e6eacb Squash detectNodeIP and nodeIPTuple together 2023-06-06 20:48:00 -04:00
Daman Arora
4bee9b2b35 structured logging in proxy/ipvs/ipset
Signed-off-by: Daman Arora <aroradaman@gmail.com>
2023-06-07 01:21:03 +05:30
Kubernetes Prow Robot
5a5ebfd88b
Merge pull request #118499 from aojea/kproxy_podcidr_alt
kube-proxy avoid race condition using LocalModeNodeCIDR
2023-06-06 12:18:11 -07:00
Antonio Ojea
26801d6541 kube-proxy avoid race condition using LocalModeNodeCIDR
Since kube-proxy in LocalModeNodeCIDR needs to obtain the PodCIDR
assigned to the node it watches for the Node object.

However, kube-proxy startup process requires to have these watches in
different places, that opens the possibility of having a race condition
if the same node is recreated and a different PodCIDR is assigned.

Initializing the second watch with the value obtained in the first one
allows us to detect this situation.

Change-Id: I6adeedb6914ad2afd3e0694dcab619c2a66135f8
Signed-off-by: Antonio Ojea <aojea@google.com>
2023-06-06 15:03:22 +00:00
TommyStarK
1fcfd1d509 pkg/util/iptables: use buf.String() instead of string(buf.Bytes())
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
2023-06-05 19:47:47 +02:00
guoguangwu
fd92acba5a chore: should use buf.String() instead of string(buf.Bytes()) 2023-06-03 13:48:15 +08:00
Kubernetes Prow Robot
7d24586663
Merge pull request #118334 from danwinship/proxyutil
Consistently use proxyutil as the name for pkg/proxy/util
2023-05-30 12:49:46 -07:00
Daman Arora
2d8c820741 move pkg/util/ipset inside pkg/proxy/ipvs
Signed-off-by: Daman Arora <aroradaman@gmail.com>
2023-05-31 00:30:20 +05:30
Dan Winship
f3ba935336 Consistently use proxyutil as the name for pkg/proxy/util
Some places were using utilproxy, but that implies that it's
pkg/util/proxy...
2023-05-30 12:18:49 -04:00
Lars Ekman
4aa5441de2 Move pkg/util/ipvs inside pkg/proxy/ipvs
Ipvs will never be used by any other component within K8s than
the proxy/ipvs

Signed-off-by: Lars Ekman <uablrek@gmail.com>
2023-05-27 18:37:50 +02:00
Daman Arora
c68f858658 proxy/ipvs: github user name change: daman1807 -> aroradaman
Signed-off-by: Daman Arora <aroradaman@gmail.com>
2023-05-24 16:00:20 +05:30
Kubernetes Prow Robot
b2a1855f2c
Merge pull request #118088 from danwinship/kube-proxy-belated-cleanup
belated cleanup of some kube-proxy stuff for old versions
2023-05-18 13:18:34 -07:00
Dan Winship
80b9c85361 belated cleanup of some kube-proxy stuff for old versions 2023-05-17 18:34:27 -04:00
Dan Winship
0e456dcf86 Clarify localhost nodeport comments/errors 2023-05-16 09:14:11 -04:00
Dan Winship
a744a186b6 Rename GetNodeAddresses to GetNodeIPs, return net.IP 2023-05-16 09:14:09 -04:00
Dan Winship
2ca215fd99 Add NodePortAddresses.MatchAll()
Rather than having GetNodeAddresses() return a special magic value
indicating that it matches all IPs, add a separate method to check
that. (And have GetNodeAddresses() just return the IPs as expected
instead.)
2023-05-16 09:09:24 -04:00
Dan Winship
9ac657bb94 Make NodePortAddresses explicitly IP-family-specific
Both proxies handle IPv4 and IPv6 nodeport addresses separately, but
GetNodeAddresses went out of its way to make that difficult. Fix that.

This commit does not change any externally-visible semantics, but it
makes the existing weird semantics more obvious. Specifically, if you
say "--nodeport-addresses 10.0.0.0/8,192.168.0.0/16", then the
dual-stack proxy code would have split that into a list of IPv4 CIDRs
(["10.0.0.0/8", "192.168.0.0/16"]) to pass to the IPv4 proxier, and a
list of IPv6 CIDRs ([]) to pass to the IPv6 proxier, and then the IPv6
proxier would say "well since the list of nodeport addresses is empty,
I'll listen on all IPv6 addresses", which probably isn't what you
meant, but that's what it did.
2023-05-15 10:53:44 -04:00
Dan Winship
f7bb9a9a0a Remove a mostly-unused variable in the ipvs proxy
It probably was used for something else in the past but it's pointless
now.
2023-05-15 10:53:21 -04:00
Daman Arora
a0133b7cc4 proxy/ipvs: added daman1807 as reviewer
Signed-off-by: Daman Arora <aroradaman@gmail.com>
2023-05-14 16:29:43 +05:30
Kubernetes Prow Robot
fda4ca0d8a
Merge pull request #117965 from daman1807/fix/ipvs-ipv6-healthcheck
proxy/ipvs: use healthzServer for instantiating the IPVS IPv6 proxier
2023-05-13 12:29:37 -07:00
Kubernetes Prow Robot
8479db5876
Merge pull request #117946 from lavalamp/lavalamp-taking-a-break
lavalamp is taking a long break
2023-05-12 14:34:47 -07:00