kubernetes

Author	SHA1	Message	Date
jornshen	b1c6e70255	cleanup parseExcludedCIDRs	2021-03-23 17:15:43 +08:00
JunYang	923306b1ba	Fix TestGetNodeAddresses function error. Signed-off-by: JunYang <yang.jun22@zte.com.cn>	2021-03-10 23:33:57 +08:00
Kubernetes Prow Robot	b014610de3	Merge pull request #99958 from sbangari/winkubeproxylbservicefix For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP	2021-03-10 00:35:35 -08:00
Rob Scott	f07be06a19	Adding support for TopologyAwareHints to kube-proxy	2021-03-08 15:37:47 -08:00
Fangyuan Li	0621e90d31	Rename fields and methods for BaseServiceInfo Fields: 1. rename onlyNodeLocalEndpoints to nodeLocalExternal; 2. rename onlyNodeLocalEndpointsForInternal to nodeLocalInternal; Methods: 1. rename OnlyNodeLocalEndpoints to NodeLocalExternal; 2. rename OnlyNodeLocalEndpointsForInternal to NodeLocalInternal;	2021-03-07 16:52:59 -08:00
Fangyuan Li	7ed2f1d94d	Implements Service Internal Traffic Policy 1. Add API definitions; 2. Add feature gate and drops the field when feature gate is not on; 3. Set default values for the field; 4. Add API Validation 5. add kube-proxy iptables and ipvs implementations 6. add tests	2021-03-07 16:52:59 -08:00
Swetha Repakula	108fd44f7c	Graduate EndpointSlice feature gate to GA	2021-03-06 15:58:47 -08:00
Kubernetes Prow Robot	269d62d895	Merge pull request #97837 from JornShen/proxier_userspace_structured_logging migrate proxy/userspace/proxier.go logs to structured logging	2021-03-05 13:25:42 -08:00
Kubernetes Prow Robot	70d732c7e7	Merge pull request #99653 from aojea/kproxymetrics new kube-proxy iptables metric to expose then number of iptables rules	2021-03-05 10:00:34 -08:00
Antonio Ojea	654be57022	kube-proxy iptables expose number of rules metrics add a new metric to kube-proxy iptables, so it exposes the number of rules programmed in each iteration.	2021-03-05 10:00:38 +01:00
Swetha Repakula	6f5329d4c0	Remove EndpointSliceNodeName feature gate logic - feature gate has graduated to GA and will always be enabled, so no longer need to check if enabled	2021-03-04 09:57:15 -08:00
Kubernetes Prow Robot	7c9841d586	Merge pull request #98985 from timyinshi/proxy delete the extra word	2021-03-03 01:53:32 -08:00
Benjamin Elder	56e092e382	hack/update-bazel.sh	2021-02-28 15:17:29 -08:00
JunYang	53056e88b6	Fix incorrect use of klog.ErrorS Signed-off-by: JunYang <yang.jun22@zte.com.cn>	2021-02-21 14:55:23 +08:00
Kubernetes Prow Robot	4ef5d1402d	Merge pull request #99102 from justinsb/avoid_multiple_calls_to_done proxy/config tests: avoid multiple calls to done	2021-02-18 20:28:24 -08:00
Kubernetes Prow Robot	6dc317a107	Merge pull request #98130 from JornShen/optimze_redundant_listenPortOpener migrate to use k8s.io/util/net/port in kube-proxy	2021-02-18 10:02:51 -08:00
Justin SB	6ac76e184e	proxy/config tests: avoid multiple calls to done If the callback is called multiple times the wait group will be over-decremented.	2021-02-15 15:23:21 -05:00
jornshen	dbe89a5683	migrate kube canary chain as const	2021-02-15 16:50:48 +08:00
jornshen	00e26e9785	clear pkg/proxy/port.go port_test.go file	2021-02-15 16:36:09 +08:00
jornshen	d8d6a0223b	clear no use LocalPort in winkernel	2021-02-15 16:36:08 +08:00
jornshen	97a5a3d4d5	migrate to use k8s.io/util LocalPort and ListenPortOpener in ipvs.proxier	2021-02-15 16:36:08 +08:00
jornshen	e68e105102	migrate to use k8s.io/util LocalPort and ListenPortOpener in iptables.proxier	2021-02-15 16:36:06 +08:00
timyinshi	5242af9d2d	delete the extra word Signed-off-by: timyinshi <shiguangyin@inspur.com>	2021-02-11 16:35:48 +08:00
Kubernetes Prow Robot	659b4dc4a8	Merge pull request #98305 from aojea/holdports kube-proxy has to clear NodePort stale UDP entries	2021-02-10 23:36:16 -08:00
Antonio Ojea	ed21a0e16c	kube-proxy: clear conntrack entries after rules are in place Clear conntrack entries for UDP NodePorts, this has to be done AFTER the iptables rules are programmed. It can happen that traffic to the NodePort hits the host before the iptables rules are programmed this will create an stale entry in conntrack that will blackhole the traffic, so we need to clear it ONLY when the service has endpoints.	2021-02-10 16:22:03 +01:00
Kubernetes Prow Robot	6b9379eae4	Merge pull request #98001 from JornShen/proxier_winkernel_structured_logging migrate proxy/winkernel/proxier.go logs to structured logging	2021-02-09 23:47:12 -08:00
Kubernetes Prow Robot	c1b3797f4b	Merge pull request #97824 from hanlins/fix/97225/hc-rules Explicitly add iptables rule to allow healthcheck nodeport	2021-02-04 15:54:52 -08:00
Hanlin Shi	4cd1eacbc1	Add rule to allow healthcheck nodeport traffic in filter table 1. For iptables mode, add KUBE-NODEPORTS chain in filter table. Add rules to allow healthcheck node port traffic. 2. For ipvs mode, add KUBE-NODE-PORT chain in filter table. Add KUBE-HEALTH-CHECK-NODE-PORT ipset to allow traffic to healthcheck node port.	2021-02-03 15:20:10 +00:00
Sravanth Bangari	04eced5c67	For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP	2021-01-31 11:56:30 -08:00
jornshen	e3d068870d	migrate proxy/userspace/proxier.go logs to structured logging	2021-01-30 10:21:51 +08:00
Kubernetes Prow Robot	e89e7b4ed1	Merge pull request #98083 from JornShen/optimize_proxier_duplicate_localaddrset optimize proxier duplicate localaddrset	2021-01-29 01:21:40 -08:00
jornshen	3f506cadb0	optimize proxier duplicate localaddrset	2021-01-29 10:52:01 +08:00
Kubernetes Prow Robot	97076f6647	Merge pull request #98297 from JornShen/replace_ipvs_proxier_protocal_str use exist const to replace ipvs/proxier.go tcp,udp,sctp str	2021-01-28 14:41:52 -08:00
Jordan Liggitt	ce553e1b68	Resolve IP addresses of host-only in filtered dialer	2021-01-26 12:00:53 -05:00
Kubernetes Prow Robot	b557633c3f	Merge pull request #98249 from JornShen/optimize_writeline_writeBytesLine Optimize writeline and writeBytesLine in proxier.go	2021-01-22 23:45:39 -08:00
jornshen	249996e62f	use exist const to replace ipvs/proxier.go tcp,udp,sctp	2021-01-22 14:52:00 +08:00
jornshen	761473cd44	add ut for utils WriteLine WriteBytesLine	2021-01-21 10:51:54 +08:00
jornshen	3783821553	move the redundant writeline writeBytesLine to proxy/util/util.go	2021-01-21 10:51:39 +08:00
Kubernetes Prow Robot	0c91285ea6	Merge pull request #97941 from JornShen/proxier_winuserspace_structured_logging migrate proxy/winuserspace/proxier.go logs to structured logging	2021-01-20 17:51:00 -08:00
jornshen	f3b9e8b105	migrate proxy/winkernel/proxier.go logs to structured logging	2021-01-18 09:35:51 +08:00
Kubernetes Prow Robot	857c06eb49	Merge pull request #98043 from JornShen/migrate_string_overlay_as_const migrate winkernel network type string "overlay" as const	2021-01-14 20:43:51 -08:00
jornshen	dff2da8cbc	migrate winkernel network type string overlay as const	2021-01-14 16:38:02 +08:00
Kubernetes Prow Robot	5c7ee30eaa	Merge pull request #94902 from cmluciano/cml/proxyvaltesting proxy: Restructure config validation tests to check errors	2021-01-13 10:18:36 -08:00
Kubernetes Prow Robot	eb08f36c7d	Merge pull request #96371 from andrewsykim/kube-proxy-terminating kube-proxy: track serving/terminating conditions in endpoints cache	2021-01-11 18:38:25 -08:00
jornshen	a5a5fef039	migrate proxy/winuserspace/proxier.go logs to structured logging	2021-01-12 10:31:31 +08:00
Kubernetes Prow Robot	5e22f7fead	Merge pull request #92938 from DataDog/lbernail/CVE-2020-8558 Do not set sysctlRouteLocalnet (CVE-2020-8558)	2021-01-11 17:38:24 -08:00
Andrew Sy Kim	a11abb5475	kube-proxy: ipvs proxy should ignore endpoints with condition ready=false Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:27:38 -05:00
Andrew Sy Kim	9c096292cc	kube-proxy: iptables proxy should ignore endpoints with condition ready=false Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:27:38 -05:00
Andrew Sy Kim	1acdfb4e7c	kube-proxyy: update winkernel proxier to read 'ready', 'serving' and 'terminating' conditions Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:17:58 -05:00
Andrew Sy Kim	a7333e1a3e	kube-proxy: add endpointslice cache unit tests for terminating endpoints Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:17:58 -05:00
Andrew Sy Kim	e5f9b80023	kube-proxy: health check server should only check ready endpoints Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:17:58 -05:00
Andrew Sy Kim	55cb453a3c	kube-proxy: update internal endpoints map with 'serving' and 'terminating' condition from EndpointSlice Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2021-01-11 16:17:58 -05:00
Laurent Bernaille	15439148da	Do not set sysctlRouteLocalnet (CVE-2020-8558) Signed-off-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>	2021-01-11 11:41:32 +01:00
jornshen	5af5a2ac7d	migrate proxy.UpdateServiceMap to be a method of ServiceMap	2021-01-11 11:07:30 +08:00
Kubernetes Prow Robot	5150d2f839	Merge pull request #97716 from chengzhycn/syncEndpoint-error-return proxy/ipvs: return non-nil error when there is no matched IPVS servic…	2021-01-07 12:44:54 -08:00
Kubernetes Prow Robot	466e2e3751	Merge pull request #97678 from JornShen/proxier_iptables_structured_logging migrate proxy/iptables/proxier.go logs to structured logging	2021-01-07 11:51:05 -08:00
chengzhycn	c6c74f2a5d	proxy/ipvs: return non-nil error when there is no matched IPVS service in syncEndpoint Signed-off-by: chengzhycn <chengzhycn@gmail.com>	2021-01-07 10:49:04 +08:00
jornshen	07990e44bf	migrate proxy/iptables/proxier.go logs to structured logging	2021-01-07 10:48:01 +08:00
Zhou Peng	0ca17c62d2	[pkg/proxy/ipvs]: fix README.md typo Signed-off-by: Zhou Peng <p@ctriple.cn>	2021-01-05 14:04:10 +08:00
Kubernetes Prow Robot	77abaabf3a	Merge pull request #97677 from chengzhycn/proxy-error-log fix incorrect dev name in log when finding link by name returns error	2021-01-04 19:33:57 -08:00
chengzhycn	5bd2b6877d	fix incorrect dev name in log when finding link by name returns error Signed-off-by: chengzhycn <chengzhycn@gmail.com>	2021-01-04 16:34:02 +08:00
maao	d001b9b72a	remove --cleanup-ipvs flag of kube-proxy Signed-off-by: maao <maao420691301@gmail.com>	2020-12-31 11:29:38 +08:00
Kubernetes Prow Robot	6aae473318	Merge pull request #96830 from tnqn/ipvs-restore-commands Fix duplicate chains in iptables-restore input	2020-12-08 20:03:34 -08:00
Kubernetes Prow Robot	c9dfd5829b	Merge pull request #96728 from jeremyje/dontpanic Fail instead of panic when HNS network cannot be created in test.	2020-12-08 18:36:14 -08:00
Kubernetes Prow Robot	d2662b9842	Merge pull request #96488 from basantsa1989/kproxy_cleanup Kube-proxy cleanup: Changing FilterIncorrectIP/CIDR functions to MapIPsToIPFamily that returns a map	2020-12-08 17:28:52 -08:00
Jeremy Edwards	7f972840ca	Fail instead of panic when HNS network cannot be created in test.	2020-12-02 07:01:27 +00:00
Quan Tian	9bf96b84c4	Fix duplicate chains in iptables-restore input When running in ipvs mode, kube-proxy generated wrong iptables-restore input because the chain names are hardcoded. It also fixed a typo in method name.	2020-11-24 15:13:23 +08:00
Antonio Ojea	120472032c	kube-proxy: treat ExternalIPs as ClusterIP Currently kube-proxy treat ExternalIPs differently depending on: - the traffic origin - if the ExternalIP is present or not in the system. It also depends on the CNI implementation to discriminate between local and non-local traffic. Since the ExternalIP belongs to a Service, we can avoid the roundtrip of sending outside the traffic originated in the cluster. Also, we leverage the new LocalTrafficDetector to detect the local traffic and not rely on the CNI implementations for this.	2020-11-22 00:54:33 +01:00
Basant Amarkhed	293d4b7c48	Avoiding double parsing of ip/cidr strings and logging bad ips/cidrs	2020-11-20 22:22:55 +00:00
Basant Amarkhed	f11c4e9c8c	Testcases for MapCIDRsByIPFamily	2020-11-17 07:35:50 +00:00
Basant Amarkhed	707073d2f9	Fixup #1 addressing review comments	2020-11-17 07:13:51 +00:00
Basant Amarkhed	09d966c8cc	Adding service.go changes after merge	2020-11-14 01:09:46 +00:00
Basant Amarkhed	8fb895f3f1	Updating after merging with a conflicting commit	2020-11-14 01:09:46 +00:00
Kubernetes Prow Robot	94b17881fc	Merge pull request #96454 from Sh4d1/revert_92312 Revert "Merge pull request #92312 from Sh4d1/kep_1860"	2020-11-12 16:03:24 -08:00
Kubernetes Prow Robot	765d949bfc	Merge pull request #96440 from robscott/endpointslice-pre-ga Adding NodeName to EndpointSlice API, deprecation updates	2020-11-12 16:03:13 -08:00
Rob Scott	84e4b30a3e	Updates related to PR feedback - Remove feature gate consideration from EndpointSlice validation - Deprecate topology field, note that it will be removed in future release - Update kube-proxy to check for NodeName if feature gate is enabled - Add comments indicating the feature gates that can be used to enable alpha API fields - Add comments explaining use of deprecated address type in tests	2020-11-12 12:30:50 -08:00
Sravanth Bangari	6c68ca5a9e	Choosing the right source VIP for local endpoints	2020-11-11 23:29:07 -08:00
Rob Scott	506861c0a0	Removing "IP" from supported EndpointSlice address types in kube-proxy	2020-11-11 16:50:45 -08:00
Christopher M. Luciano	a036577e2c	proxy: Restructure config validation tests to check errors The tests for most functions have also been revised to check the errors explicitly upon validating. This will properly catch occasions where we should be returning multiple errors if more error occurs or if just one block is failing. Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-11-11 14:38:11 -05:00
Patrik Cyvoct	d29665cc17	Revert "Merge pull request #92312 from Sh4d1/kep_1860" This reverts commit `ef16faf409`, reversing changes made to `2343b8a68b`.	2020-11-11 10:26:53 +01:00
Kubernetes Prow Robot	ef16faf409	Merge pull request #92312 from Sh4d1/kep_1860 Make Kubernetes aware of the LoadBalancer behaviour	2020-11-08 23:34:24 -08:00
Kubernetes Prow Robot	2343b8a68b	Merge pull request #95872 from 22dm/kube-proxy-comment-fix Fix the kube-proxy document	2020-11-08 19:23:37 -08:00
Patrik Cyvoct	20fc86df25	fix defaulting Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:59 +01:00
Patrik Cyvoct	0768b45e7b	add nil case in proxy Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:58 +01:00
Patrik Cyvoct	11b97e9ef8	fix tests Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:55 +01:00
Patrik Cyvoct	540901779c	fix reviews Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:53 +01:00
Patrik Cyvoct	af7494e896	Update generated Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:52 +01:00
Patrik Cyvoct	7bdf2af648	fix review Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:51 +01:00
Patrik Cyvoct	88330eafef	fix typo Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:50 +01:00
Patrik Cyvoct	0153b96ab8	fix review Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 10:00:27 +01:00
Patrik Cyvoct	d562b6924a	Add tests Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 09:59:59 +01:00
Patrik Cyvoct	47ae7cbf52	Add route type field to loadbalancer status ingress Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>	2020-11-07 09:59:58 +01:00
Kubernetes Prow Robot	48a2bca893	Merge pull request #96251 from ravens/nodeport_udp_conntrack_fix Correctly fix clearing conntrack entry on endpoint changes (nodeport)	2020-11-06 14:25:37 -08:00
Kubernetes Prow Robot	f1a3e4dcce	Merge pull request #95036 from cmluciano/cml/validateproxycidrs proxy: validate each CIDR config seperately and check for errors	2020-11-05 13:12:52 -08:00
Kubernetes Prow Robot	0451848d64	Merge pull request #95787 from qingsenLi/k8s201022-format format incorrectAddresses in klog	2020-11-05 11:50:33 -08:00
Christopher M. Luciano	705ba7b4bc	proxy: validate each CIDR config seperately and check for errors This commit revises validateProxyNodePortAddress and validateExcludeCIDRS to report on the exact CIDR that is invalid within the array of strings. Previously we would just return the whole block of addresses and now we identify the exact address within the block to eliminate confusion. I also removed the break from validateProxyNodeAddress so that we can report on all addresses that may not be valid. The tests for each function have also been revised to check the errors explicitly upon validating. This also will properly catch occasions where we should be returning multiple errors if more than one CIDR is invalid. Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-11-05 13:56:39 -05:00
Yan Grunenberger	fdee7b2faa	Correctly fix clearing conntrack entry on endpoint changes (nodeport) A previous PR (#71573) intended to clear conntrack entry on endpoint changes when using nodeport by introducing a dedicated function to remove the stale conntrack entry on the node port and allow traffic to resume. By doing so, it has introduced a nodeport specific bug where the conntrack entries related to the ClusterIP does not get clean if endpoint is changed (issue #96174). We fix by doing ClusterIP cleanup in all cases.	2020-11-05 09:45:17 +01:00
elweb9858	1bcddb0747	Implementing ExternalTrafficPolicy: local in winkernel kube-proxy via DSR	2020-10-30 15:28:47 -07:00
Khaled Henidak (Kal)	6675eba3ef	dual stack services (#91824 ) * api: structure change * api: defaulting, conversion, and validation * [FIX] validation: auto remove second ip/family when service changes to SingleStack * [FIX] api: defaulting, conversion, and validation * api-server: clusterIPs alloc, printers, storage and strategy * [FIX] clusterIPs default on read * alloc: auto remove second ip/family when service changes to SingleStack * api-server: repair loop handling for clusterIPs * api-server: force kubernetes default service into single stack * api-server: tie dualstack feature flag with endpoint feature flag * controller-manager: feature flag, endpoint, and endpointSlice controllers handling multi family service * [FIX] controller-manager: feature flag, endpoint, and endpointSlicecontrollers handling multi family service * kube-proxy: feature-flag, utils, proxier, and meta proxier * [FIX] kubeproxy: call both proxier at the same time * kubenet: remove forced pod IP sorting * kubectl: modify describe to include ClusterIPs, IPFamilies, and IPFamilyPolicy * e2e: fix tests that depends on IPFamily field AND add dual stack tests * e2e: fix expected error message for ClusterIP immutability * add integration tests for dualstack the third phase of dual stack is a very complex change in the API, basically it introduces Dual Stack services. Main changes are: - It pluralizes the Service IPFamily field to IPFamilies, and removes the singular field. - It introduces a new field IPFamilyPolicyType that can take 3 values to express the "dual-stack(mad)ness" of the cluster: SingleStack, PreferDualStack and RequireDualStack - It pluralizes ClusterIP to ClusterIPs. The goal is to add coverage to the services API operations, taking into account the 6 different modes a cluster can have: - single stack: IP4 or IPv6 (as of today) - dual stack: IPv4 only, IPv6 only, IPv4 - IPv6, IPv6 - IPv4 * [FIX] add integration tests for dualstack * generated data * generated files Co-authored-by: Antonio Ojea <aojea@redhat.com>	2020-10-26 13:15:59 -07:00
Kubernetes Prow Robot	bdde4fb8f5	Merge pull request #93040 from cmluciano/cml/ipvsschedmodules ipvs: ensure selected scheduler kernel modules are loaded	2020-10-26 10:25:17 -07:00
liuhongyu	d1525ec808	Fix the kube-proxy comment so that the document can be generated correctly	2020-10-26 23:13:50 +08:00
Christopher M. Luciano	51ed242194	ipvs: check for existence of scheduler module and fail if not found Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-10-23 17:17:44 -04:00
Kubernetes Prow Robot	766ae2b81b	Merge pull request #95252 from tssurya/shrink-input-chain Kube-proxy: Perf-fix: Shrink INPUT chain	2020-10-22 22:16:02 -07:00
qingsenLi	9ad39c9eda	format incorrectAddresses in klog	2020-10-22 17:26:29 +08:00
Surya Seetharaman	477b14b3c4	Kube-proxy: Perf-fix: Shrink INPUT chain In #56164, we had split the reject rules for non-ep existing services into KUBE-EXTERNAL-SERVICES chain in order to avoid calling KUBE-SERVICES from INPUT. However in #74394 KUBE-SERVICES was re-added into INPUT. As noted in #56164, kernel is sensitive to the size of INPUT chain. This patch refrains from calling the KUBE-SERVICES chain from INPUT and FORWARD, instead adds the lb reject rule to the KUBE-EXTERNAL-SERVICES chain which will be called from INPUT and FORWARD.	2020-10-19 11:26:04 +02:00
Antonio Ojea	880baa9f6f	kube-proxy: log stale services operations	2020-10-19 09:35:34 +02:00
Lion-Wei	1f7ea16560	kube-proxy ensure KUBE-MARK-DROP exist but not modify their rules	2020-10-16 14:52:07 +08:00
wojtekt	6e4aa0f27d	Fix reporting network_programming_latency metrics in kube-proxy	2020-10-07 20:57:14 +02:00
John Howard	b898266cb1	Fix documentation on EndpointSliceCache map This is not storing by slice name, it is IP. This can be seen from the code and tests.	2020-10-06 10:24:09 -07:00
Christopher M. Luciano	601c5150ca	proxy: Add tests for kube-proxy config defaulting Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-10-02 12:39:46 -04:00
Matthew Cary	299a296c7a	update-bazel Change-Id: Iebc99ee13587f0cd4c43ab85c7295d458d679d1e	2020-09-18 00:44:39 +00:00
Matthew Cary	f2e23afcf1	Adds filtering of hosts to DialContexts. The provided DialContext wraps existing clients' DialContext in an attempt to preserve any existing timeout configuration. In some cases, we may replace infinite timeouts with golang defaults. - scaleio: tcp connect/keepalive values changed from 0/15 to 30/30 - storageos: no change	2020-09-18 00:07:32 +00:00
Matthew Cary	74dbf274d9	update storageos vendor for FilteredDial change	2020-09-18 00:07:32 +00:00
Amim Knabben	a18e5de51a	LockToDefault the ExternalPolicyForExternalIP feature gate	2020-09-16 13:16:33 -04:00
tangwz	a143803066	remove feature gate SupportIPVSProxyMode.	2020-09-10 09:03:00 +08:00
elweb9858	b29379687f	Updating winkernel kube-proxy OWNERS file	2020-09-03 14:55:09 -07:00
Kubernetes Prow Robot	b2cba08217	Merge pull request #93979 from dcbw/userspace-proxy-test-waitgroups proxy/userspace: use waitgroups instead of sketchy atomic ops in testcases	2020-09-02 17:05:40 -07:00
Dan Williams	0cb5e55409	proxy/userspace: clean up and consolidate testcase setup	2020-09-02 16:20:13 -05:00
Dan Williams	1372bd94fe	proxy/userspace: use waitgroups instead of sketchy atomic ops in testcases Instead of relying on atomic ops to increment/decrement at the right time just use waitgroups to provide hard synchronization points.	2020-09-02 16:20:13 -05:00
Daniel Smith	a86afc12df	update scripts	2020-09-02 10:49:40 -07:00
Daniel Smith	75f835aa08	move port definitions to a common location	2020-09-02 10:48:25 -07:00
Kubernetes Prow Robot	163504e9ae	Merge pull request #94107 from robscott/kube-proxy-source-ranges-fix Updating kube-proxy to trim space from loadBalancerSourceRanges	2020-09-01 18:43:51 -07:00
Kubernetes Prow Robot	6e7086d7ca	Merge pull request #93638 from sbangari/refcountfix3 Avoid dereferencing same endpoint twice on the deletion or update of a service	2020-09-01 16:35:06 -07:00
Kubernetes Prow Robot	1364a6028d	Merge pull request #92759 from kumarvin123/master Updating the Reviewers / Approvers for WinKernel Proxier	2020-08-27 00:07:16 -07:00
Rob Scott	c382c79f60	Updating kube-proxy to trim space from loadBalancerSourceRanges Before this fix, a Service with a loadBalancerSourceRange value that included a space would cause kube-proxy to crashloop. This updates kube-proxy to trim any space from that field.	2020-08-20 18:19:52 -07:00
Vinod K L Swamy	e9719ebc46	Updating the Reviewers / Approvers for WinKernel Proxier	2020-08-03 17:16:22 -07:00
Sravanth Bangari	b96cebf222	fix the remote endpoint cleanup logic	2020-08-03 14:57:44 -07:00
Jordan Liggitt	f33dc28094	generated: hack/update-hack-tools.sh && hack/update-vendor.sh	2020-07-25 16:45:02 -04:00
Christopher M. Luciano	65ff4e8227	ipvs: log error if scheduler does not exist and fallback to rr Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-07-23 13:58:02 -04:00
Christopher M. Luciano	e2a0eddaf0	ipvs: ensure selected scheduler kernel modules are loaded Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-07-16 13:21:54 -04:00
Kubernetes Prow Robot	11348a38d7	Merge pull request #92871 from liggitt/kube-features Move proxy features to kube_features	2020-07-11 20:57:22 -07:00
Kubernetes Prow Robot	76e3b255e1	Merge pull request #92836 from aojea/minsyncperiod kube-proxy iptables min-sync-period default 1sec	2020-07-11 20:56:03 -07:00
Rob Scott	8039cf9bb1	Graduating EndpointSliceProxying to beta for Linux	2020-07-07 14:18:03 -07:00
Jordan Liggitt	8d03ace92b	Move proxy features to kube_features	2020-07-07 12:34:18 -04:00
Antonio Ojea	f8e64d31f9	kube-proxy iptables min-sync-period default 1sec Currently kube-proxy defaults the min-sync-period for iptables to 0. However, as explained by Dan Winship, "With minSyncPeriod: 0, you run iptables-restore 100 times. With minSyncPeriod: 1s , you run iptables-restore once. With minSyncPeriod: 10s , you also run iptables-restore once, but you might have to wait 10 seconds first"	2020-07-07 11:23:00 +02:00
Andrew Sy Kim	de2ecd7e2f	proxier/ipvs: check already binded addresses in the IPVS dummy interface Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com> Co-authored-by: Laurent Bernaille <laurent.bernaille@gmail.com>	2020-07-02 15:32:21 -04:00
Kubernetes Prow Robot	4d0ce2e708	Merge pull request #92584 from aojea/ipvsfix IPVS: kubelet, kube-proxy: unmark packets before masquerading …	2020-07-01 23:13:57 -07:00
Kubernetes Prow Robot	8623c26150	Merge pull request #90909 from kumarvin123/feature/WindowsEpSlices EndPointSlices implementation for Windows	2020-07-01 23:12:01 -07:00
Antonio Ojea	c40081b550	kube-proxy ipvs masquerade hairpin traffic Masquerade de traffic that loops back to the originator before they hit the kubernetes-specific postrouting rules Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>	2020-07-01 09:16:19 +02:00
Antonio Ojea	c7a29774c9	kube-proxy dual-stack infers IP family from ClusterIP when dual-stack kube-proxy infers the service IP family from the ClusterIP because ipFamily field is going to be deprecated. Since kube-proxy skip headless and externalname services we can safely obtain the IPFamily from the ClusterIP field Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>	2020-06-30 18:42:19 +02:00
Antonio Ojea	a46e1f0613	kube-proxy ShouldSkipService takes only one argument instead of receiving the service name and namespace we can obtain it from the service object directly. Signed-off-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>	2020-06-30 18:42:15 +02:00
Kubernetes Prow Robot	8a76c27b8d	Merge pull request #88573 from davidstack/master the result value of functrion NodeIPS will contain the docker0 ip , update the comment	2020-06-30 00:01:59 -07:00
Vinod K L Swamy	bbd4a07dec	Changes to WinKernel to support EndpointSlices	2020-06-29 14:31:15 -07:00
Vinod K L Swamy	4505d5b182	Changes to Proxy common code	2020-06-29 14:29:46 -07:00
Damon Wang	b199dd8ee1	update the comment of NodeIPs function	2020-06-29 15:29:16 +08:00
Kubernetes Prow Robot	73fa63a86d	Merge pull request #92035 from danwinship/unmark-before-masq kubelet, kube-proxy: unmark packets before masquerading them	2020-06-16 00:50:03 -07:00
Dan Winship	c12534d8b4	kubelet, kube-proxy: unmark packets before masquerading them It seems that if you set the packet mark on a packet and then route that packet through a kernel VXLAN interface, the VXLAN-encapsulated packet will still have the mark from the original packet. Since our NAT rules are based on the packet mark, this was causing us to double-NAT some packets, which then triggered a kernel checksumming bug. But even without the checksum bug, there are reasons to avoid double-NATting, so fix the rules to unmark the packets before masquerading them.	2020-06-15 18:45:38 -04:00
Kubernetes Prow Robot	35fc65dc2c	Merge pull request #89998 from Nordix/issue-89923 Filter nodePortAddresses to proxiers	2020-06-13 09:39:55 -07:00
Vinod K L Swamy	ac3f87346f	KubeProxy and DockerShim changes for Ipv6 dual stack support on Windows Signed-off-by: Vinod K L Swamy <vinodko@microsoft.com>	2020-06-10 15:36:48 -07:00
Kubernetes Prow Robot	6ac3ca4b17	Merge pull request #91886 from sbangari/fixsourcevip Fix access to Kubernetes Service from inside Windows Pod when two ser…	2020-06-09 14:49:50 -07:00
Kubernetes Prow Robot	b731b2ebbc	Merge pull request #91905 from lo24/master fix minor typos in ipvs readme.md	2020-06-09 03:13:18 -07:00
Kubernetes Prow Robot	86e14157d0	Merge pull request #91706 from sbangari/remoteendpointrefcount Fixing refcounting of remote endpoints used across services	2020-06-08 21:43:34 -07:00
Sravanth Bangari	c3eb69c1f1	Fix access to Kubernetes Service from inside Windows Pod when two services have same NodeIp as backend (Overlay)	2020-06-08 11:20:56 -07:00
lo24	491961e03c	fix minor typos in ipvs readme.md	2020-06-08 14:31:39 +00:00
Sravanth Bangari	cd43fc94f7	Fixing refcounting of remote endpoints used across services	2020-06-04 21:59:14 -07:00
Kubernetes Prow Robot	98de6bd142	Merge pull request #91701 from elweb9858/sessionaffinity Adding windows implementation for sessionaffinity	2020-06-03 17:44:43 -07:00
elweb9858	44096b8f71	Adding windows implementation for sessionaffinity	2020-06-03 13:41:59 -07:00
Kubernetes Prow Robot	8f5e8514b3	Merge pull request #90103 from SataQiu/refactor-proxy-20200413 kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation	2020-06-02 19:44:17 -07:00
Andrew Sy Kim	18741157ef	proxier/ipvs: remove redundant length check for node addresses Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2020-05-28 11:48:48 -04:00
Andrew Sy Kim	f96d35fc11	proxy utils: GetNodeAddresses should check if matching addresses were found Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2020-05-26 12:45:32 -04:00
Andrew Sy Kim	a99321c87c	proxy utils: check network interfaces only once Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2020-05-26 12:12:15 -04:00
SataQiu	b68312e688	kube-proxy: move GetNodeAddresses call out of internal loop to avoid repeated computation Signed-off-by: SataQiu <1527062125@qq.com>	2020-05-26 15:32:05 +08:00
Davanum Srinivas	07d88617e5	Run hack/update-vendor.sh Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2020-05-16 07:54:33 -04:00
Davanum Srinivas	442a69c3bd	switch over k/k to use klog v2 Signed-off-by: Davanum Srinivas <davanum@gmail.com>	2020-05-16 07:54:27 -04:00
Lars Ekman	f54b8f98b9	Filter nodePortAddresses to the proxiers. Log a warning for addresses of wrong family.	2020-05-15 09:54:33 +02:00
Casey Callendrello	042daa24ac	proxy: followup to last-queued-change metric Fixes two small issues with the metric added in #90175: 1. Bump the timestamp on initial informer sync. Otherwise it remains 0 if restarting kube-proxy in a quiescent cluster, which isn't quite right. 2. Bump the timestamp even if no healthz server is specified.	2020-05-11 18:48:47 +02:00
Casey Callendrello	2e1a884bf3	pkg/proxy: add last-queued-timestamp metric This adds a metric, kubeproxy_sync_proxy_rules_last_queued_timestamp, that captures the last time a change was queued to be applied to the proxy. This matches the healthz logic, which fails if a pending change is stale. This allows us to write alerts that mirror healthz. Signed-off-by: Casey Callendrello <cdc@redhat.com>	2020-04-21 15:19:32 +02:00
Tim Hockin	9551ecb7c3	Cleanup: Change "Ip" to "IP" in func and var names	2020-04-10 15:29:50 -07:00
Tim Hockin	efb24d44c6	Rename iptables IsIpv6 to IsIPv6	2020-04-10 15:29:50 -07:00
Tim Hockin	ef934a2c5e	Add Protocol() method to iptables Enables simpler printing of which IP family the iptables interface is managing.	2020-04-10 15:29:49 -07:00
Tim Hockin	b874f7c626	Encapsulate sysctl test and log	2020-04-10 15:29:49 -07:00
Tim Hockin	341022f8d1	kube-proxy: log service and endpoint updates	2020-04-10 15:29:44 -07:00
Tim Hockin	37da906db2	kube-proxy: more logging at startup	2020-04-10 15:17:46 -07:00
Kubernetes Prow Robot	4a63d95916	Merge pull request #89792 from andrewsykim/remove-redundant-len-check proxy: remove redundant length check on local address sets	2020-04-10 00:31:47 -07:00
Kubernetes Prow Robot	cabf5d1cdc	Merge pull request #89350 from SataQiu/fix-kube-proxy-20200323 kube-proxy: treat failure to bind to a port as fatal	2020-04-06 17:47:20 -07:00
louisgong	619f657b15	add loaded module	2020-04-04 08:49:19 +08:00
Andrew Sy Kim	5169ef5fb5	proxy: remove redundant length check on local address set Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>	2020-04-02 16:06:51 -04:00
Kubernetes Prow Robot	bbe5594409	Merge pull request #89296 from danwinship/random-emptily Don't log whether we're using iptables --random-fully	2020-04-02 12:42:24 -07:00
Kubernetes Prow Robot	c2ae0bd763	Merge pull request #74073 from Nordix/issue-70020 Issue #70020; Flush Conntrack entities for SCTP	2020-04-01 22:14:24 -07:00
SataQiu	871b90ba23	kube-proxy: add '--bind-address-hard-fail' flag to treat failure to bind to a port as fatal Signed-off-by: SataQiu <1527062125@qq.com>	2020-04-02 13:13:10 +08:00
Tim Hockin	15632b10cb	Clean up kube-proxy metrics startup	2020-03-30 10:29:14 -07:00
Tim Hockin	8747ba9370	Clean up kube-proxy healthz startup Make the healthz package simpler, move retries back to caller.	2020-03-30 10:29:14 -07:00
Dan Winship	945d5f8d7d	Make userspace proxy logging quieter	2020-03-20 08:24:02 -04:00
Dan Winship	8edd656238	Don't log whether we're using iptables --random-fully	2020-03-20 08:06:27 -04:00
Kubernetes Prow Robot	1b3c94b034	Merge pull request #89146 from SataQiu/fix-kube-proxy-20200316 comment cleanup for kube-proxy	2020-03-18 22:25:05 -07:00
Kubernetes Prow Robot	42c94f35a7	Merge pull request #88541 from cmluciano/cml/41ipvsfix ipvs: only attempt setting of sysctlconnreuse on supported kernels	2020-03-17 16:21:28 -07:00
SataQiu	64a496e645	kube-proxy: some code cleanup	2020-03-17 21:46:54 +08:00
Minhan Xia	068963fc06	add testing	2020-03-13 14:59:40 -07:00
Minhan Xia	d527a09192	add ExternalTrafficPolicy support for External IPs in ipvs kubeproxy	2020-03-13 14:59:39 -07:00
Minhan Xia	efc4b12186	add ExternalTrafficPolicy support for External IPs in iptables kubeproxy	2020-03-13 14:59:39 -07:00
Christopher M. Luciano	d22e18ad4f	ipvs: only attempt setting of sysctlconnreuse on supported kernels This builds on previous work but only sets the sysctlConnReuse value if the kernel is known to be above 4.19. To avoid calling GetKernelVersion twice, I store the value from the CanUseIPVS method and then check the version constraint at time of expected sysctl call. Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>	2020-03-12 13:16:00 -04:00
Lars Ekman	aa8521df66	Issue #70020 ; Flush Conntrack entities for SCTP Signed-off-by: Lars Ekman <lars.g.ekman@est.tech>	2020-03-11 09:56:54 +01:00
Kubernetes Prow Robot	0ec85a1467	Merge pull request #88934 from aojea/endpointnolog Stop flooding the kube-proxy logs on dual-stack because of IPFamily	2020-03-10 12:43:37 -07:00
Satyadeep Musuvathy	e053fdd08a	Add NodeCIDR for detect-local-mode	2020-03-09 13:44:34 -07:00
Antonio Ojea	df58c042a8	metaproxier logging for endpoints ipfamily The kube-proxy metaproxier implementations tries to get the IPFamily from the endpoints, but if the endpoints doesn't contains an IP address it logs a Warning. This causes that services without endpoints keep flooding the logs with warnings. We log this errors with a level of Verbosity of 4 instead of a Warning	2020-03-07 11:42:02 +01:00
Antonio Ojea	23d9ffd4c8	Add metaproxier unit tests	2020-03-07 00:33:55 +01:00
Kubernetes Prow Robot	0773f108c7	Merge pull request #88710 from SataQiu/ipvs-readme-20200302 kube-proxy: small cleanup for ipvs readme	2020-03-03 12:18:22 -08:00
SataQiu	b60c0b5c24	small cleanup for ipvs readme	2020-03-02 10:56:29 +08:00
chendotjs	e79f49ebba	validate configuration of kube-proxy IPVS tcp,tcpfin,udp timeout	2020-03-02 10:28:52 +08:00
Satyadeep Musuvathy	8c6956e5bb	Refactor handling of local traffic detection.	2020-02-21 17:57:34 -08:00
Kubernetes Prow Robot	09d78529db	Merge pull request #87792 from ksubrmnn/nodeip Allow access to default Kubernetes Service from inside Windows Pod (Overlay)	2020-02-20 03:07:04 -08:00
Kubernetes Prow Robot	ea5cef1c65	Merge pull request #87870 from tedyu/restore-proxier-updater Use ProxierHealthUpdater directly to avoid panic	2020-02-17 10:13:29 -08:00
Kubernetes Prow Robot	ad68c4a8b5	Merge pull request #87699 from michaelbeaumont/fix_66766 kube-proxy: Only open ipv4 sockets for ipv4 clusters	2020-02-13 23:54:18 -08:00
Kubernetes Prow Robot	48434c3677	Merge pull request #87117 from aojea/proxyv6LB kube-proxy crash when load balancers use a different IP family	2020-02-13 22:44:17 -08:00
Kubernetes Prow Robot	b9c57a1aa2	Merge pull request #87353 from aojea/kproxy_dual kube-proxy: validate dual-stack cidrs	2020-02-12 17:54:35 -08:00
Andrew Sy Kim	1653476e3f	proxier: use IPSet from k8s.io/utils/net to store local addresses This allows the proxier to cache local addresses instead of fetching all local addresses every time in IsLocalIP. Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2020-02-11 16:44:34 -05:00
Andrew Sy Kim	77feb1126e	userspace proxy: get local addresses only once per sync loop This avoids fetching all local network interfaces everytime we sync an external IP. For clusters with many external IPs this gets really expensive. This change caches all local addresses once per sync. Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2020-02-11 16:35:49 -05:00
Andrew Sy Kim	126bf5a231	ipvs proxier: use util proxy methods for getting local addresses Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2020-02-11 16:35:49 -05:00
Andrew Sy Kim	313c3b81e3	iptables proxier: get local addresses only once per sync loop This avoids fetching all local network interfaces everytime we sync an external IP. For clusters with many external IPs this gets really expensive. This change caches all local addresses once per sync. Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2020-02-11 16:35:49 -05:00
Antonio Ojea	11263bb57f	kube-proxy filter Load Balancer Status ingress kube-proxy, if is configured with an IP family, filters out the incorrect IP version of the services. This commit fix a bug caused by not filtering out the IPs in the LoadBalancer Status Ingress field.	2020-02-11 10:25:59 +01:00
Ted Yu	7a0690cd59	Use ProxierHealthUpdater directly to avoid panic	2020-02-10 09:41:09 -08:00
ksubrmnn	378fcc809a	Check for node IP	2020-02-05 11:44:26 -08:00
Kubernetes Prow Robot	5caeec8023	Merge pull request #87710 from alena1108/jan30proxy Ineffassign fixes for pkg/proxy	2020-02-02 19:09:20 -08:00
Antonio Ojea	4844b382dc	kube-proxy: validate dual-stack cidrs kube-proxy was not validating correctly the clusterCIDRs, if dual-stack it MAY have 1 or more clusterCIDRs. If it has 2 cidrs and at least one of each IP family. It also fixes a bug where validation was not taking into account the feature gates global state.	2020-01-31 16:00:17 +01:00
Kubernetes Prow Robot	8be2f8c626	Merge pull request #86144 from tahsinrahman/dont-serialize-internal Do not serialize internal types in ComponentConfig tests	2020-01-30 15:02:19 -08:00
Alena Prokharchyk	43ce2eb1ff	Ineffassign fixes for pkg/proxy	2020-01-30 14:34:33 -08:00
Michael Beaumont	3eea0d1405	kube-proxy: Only open ipv4 sockets for ipv4 clusters	2020-01-30 18:54:16 +01:00
Md Tahsin Rahman	a85815823e	Do not serialize internal type, fix roundtrip	2020-01-23 23:45:35 +06:00
SataQiu	c4f7308e11	kube-proxy: fix incorrect log information	2020-01-22 16:35:58 +08:00
Rob Scott	47b2593d59	Creating new EndpointSliceProxying feature gate for kube-proxy This creates a new EndpointSliceProxying feature gate to cover EndpointSlice consumption (kube-proxy) and allow the existing EndpointSlice feature gate to focus on EndpointSlice production only. Along with that addition, this enables the EndpointSlice feature gate by default, now only affecting the controller. The rationale here is that it's really difficult to guarantee all EndpointSlices are created in a cluster upgrade process before kube-proxy attempts to consume them. Although masters are generally upgraded before nodes, and in most cases, the controller would have enough time to create EndpointSlices before a new node with kube-proxy spun up, there are plenty of edge cases where that might not be the case. The primary limitation on EndpointSlice creation is the API rate limit of 20QPS. In clusters with a lot of endpoints and/or with a lot of other API requests, it could be difficult to create all the EndpointSlices before a new node with kube-proxy targeting EndpointSlices spun up. Separating this into 2 feature gates allows for a more gradual rollout with the EndpointSlice controller being enabled by default in 1.18, and EndpointSlices for kube-proxy being enabled by default in the next release.	2020-01-17 16:17:40 -08:00
Kubernetes Prow Robot	6278df2a97	Merge pull request #82223 from rikatz/issue77493 Check first if ipvs module is builtin	2020-01-17 03:52:56 -08:00
Kubernetes Prow Robot	97d68d014c	Merge pull request #86172 from liggitt/intstr Clarify intstr.IntValue() behavior	2020-01-15 08:25:35 -08:00
Kubernetes Prow Robot	f4db8212be	Merge pull request #76496 from danielqsj/metrics-2 Clean deprecated metrics	2020-01-13 20:53:09 -08:00
Antonio Ojea	de15774e10	kube-proxy unit test FilterIncorrectIPVersion Add an unit test to the kube-proxy FilterIncorrectIPVersion function	2020-01-13 22:44:22 +01:00
danielqsj	ab182552b4	clean SinceInMicroseconds, convert to SinceInSeconds	2020-01-10 17:05:38 +08:00
danielqsj	a8f2feaeb5	remove deprecated metrics of proxy	2020-01-10 17:05:38 +08:00
chenyaqi01	f893486191	ipvs proxier README: fix typo	2020-01-09 15:12:05 +08:00
Kubernetes Prow Robot	5373fa3f59	Merge pull request #82462 from vllry/dualstack-iptables Dualstack support for kube-proxy iptables mode	2020-01-07 04:38:20 -08:00
Kubernetes Prow Robot	30090d0809	Merge pull request #86665 from SataQiu/clean-proxy-20191227 kube-proxy: add some interface type assertions	2020-01-02 22:25:40 -08:00
SataQiu	134c545b96	proxy: add some interface type assertions	2019-12-27 18:30:25 +08:00
libnux	f0e01bcfde	Change log level to 3 when --random-fully is not supported	2019-12-24 17:47:27 +08:00
Mark Janssen	a54e5cec54	Fix staticcheck failures for pkg/proxy/... Errors from staticcheck: pkg/proxy/healthcheck/proxier_health.go:55:2: field port is unused (U1000) pkg/proxy/healthcheck/proxier_health.go:162:20: printf-style function with dynamic format string and no further arguments should use print-style function instead (SA1006) pkg/proxy/healthcheck/service_health.go:166:20: printf-style function with dynamic format string and no further arguments should use print-style function instead (SA1006) pkg/proxy/iptables/proxier.go:737:2: this value of args is never used (SA4006) pkg/proxy/iptables/proxier.go:737:15: this result of append is never used, except maybe in other appends (SA4010) pkg/proxy/iptables/proxier.go:1287:28: this result of append is never used, except maybe in other appends (SA4010) pkg/proxy/userspace/proxysocket.go:293:3: this value of n is never used (SA4006) pkg/proxy/winkernel/metrics.go:74:6: func sinceInMicroseconds is unused (U1000) pkg/proxy/winkernel/metrics.go:79:6: func sinceInSeconds is unused (U1000) pkg/proxy/winuserspace/proxier.go:94:2: field portMapMutex is unused (U1000) pkg/proxy/winuserspace/proxier.go:118:2: field owner is unused (U1000) pkg/proxy/winuserspace/proxier.go:119:2: field socket is unused (U1000) pkg/proxy/winuserspace/proxysocket.go:620:4: this value of n is never used (SA4006)	2019-12-22 21:32:06 +01:00
SataQiu	2497a1209b	bump k8s.io/utils version	2019-12-21 14:54:44 +08:00
Kubernetes Prow Robot	2796ff8538	Merge pull request #85279 from RainbowMango/pr_add_metrics_flag_to_proxy Allow show hidden metrics in kube-proxy	2019-12-18 00:57:57 -08:00
RainbowMango	6b33a77068	Adopt kubeadm and kubeproxy unit test after new config field added. Fix proxy unit test	2019-12-18 11:09:26 +08:00
RainbowMango	4eb61e3f93	Deal with auto-generated files: - Update bazel by hack/update-bazel.sh - make update	2019-12-17 21:46:41 +08:00
RainbowMango	9b7d8712cf	Add show hidden flag to kube-proxy	2019-12-17 21:46:41 +08:00
Andrew Sy Kim	db2c048db9	support configuration of kube-proxy IPVS tcp,tcpfin,udp timeout Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-12-17 04:35:08 -05:00
Vallery Lancey	23957a6b28	Allow kube-proxy iptables mode to support dual-stack, with the meta-proxier.	2019-12-16 22:50:25 -08:00
Jordan Liggitt	cdf2e794a5	Clarify intstr.IntValue() behavior	2019-12-11 12:14:26 -05:00
Rob Scott	49e4bd137b	Ensuring kube-proxy does not mutate shared EndpointSlices	2019-12-10 13:18:04 -08:00
Kubernetes Prow Robot	0ea756ff0a	Merge pull request #84688 from tahsinrahman/kubeproxyconfig-test Increase test coverage for ComponentConfigs and add tests for kubeproxyconfiguration	2019-12-05 17:15:04 -08:00
Kubernetes Prow Robot	1c5b6cb66e	Merge pull request #85611 from ksubrmnn/routing_mesh Fix HTTP readiness/liveness probes using NodePort	2019-11-25 16:43:19 -08:00
Kalya Subramanian	e87e4bea0f	Fix HTTP readiness/liveness probes for local node	2019-11-25 10:50:46 -08:00
Kubernetes Prow Robot	459b1d76bf	Merge pull request #85527 from aojea/fix#85414 Revert "kube-proxy: check KUBE-MARK-DROP"	2019-11-23 13:19:49 -08:00
Antonio Ojea	98be7831e4	Revert "kube-proxy: check KUBE-MARK-DROP" This reverts commit `1ca0ffeaf2`. kube-proxy is not recreating the rules associated to the KUBE-MARK-DROP chain, that is created by the kubelet. Is preferrable avoid the dependency between the kubelet and kube-proxy and that each of them handle their own rules.	2019-11-22 06:37:42 +01:00
Md Tahsin Rahman	ce5cbe8b13	Add tests for kubeproxyconfig	2019-11-16 23:34:39 +06:00
Andrew Sy Kim	884582d892	proxier: improve node topology event handler logic Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-11-15 08:53:56 -05:00
Roc Chan	31d623b4d7	Autogenerated files	2019-11-15 14:37:44 +08:00
Roc Chan	80c6524cd0	kube-proxy: sync rules when current node labels change detected	2019-11-15 13:36:43 +08:00
Roc Chan	c9cf3f5b72	Service Topology implementation * Implement Service Topology for ipvs and iptables proxier * Add test files * API validation	2019-11-15 13:36:43 +08:00
Kubernetes Prow Robot	27067540ff	Merge pull request #85246 from robscott/endpointslice-dualstack-proxy Updating kube-proxy to support new EndpointSlice address types	2019-11-14 13:31:58 -08:00
Kubernetes Prow Robot	1ae9713f7f	Merge pull request #83839 from RainbowMango/pr_hide_proxy_deprecated_metrics Turn off proxy metrics that have been deprecated	2019-11-13 21:46:11 -08:00
Rob Scott	2a021d02c9	Updating kube-proxy to support new EndpointSlice address types This includes IPv4 and IPv6 address types and IPVS dual stack support. Importantly this ensures that EndpointSlices with a FQDN address type are not processed by kube-proxy.	2019-11-13 19:50:41 -08:00
Rob Scott	a7e589a8c6	Promoting EndpointSlices to beta	2019-11-13 14:20:19 -08:00
Kubernetes Prow Robot	c5609071d8	Merge pull request #84971 from robscott/endpointslice-iptypes Splitting IP address type into IPv4 and IPv6 for EndpointSlices	2019-11-13 09:26:36 -08:00
RainbowMango	9f013cb34f	Hide proxy metrics that have been deprecated in 1.14	2019-11-13 19:31:14 +08:00
Rob Scott	0fa9981e01	Splitting IP address type into IPv4 and IPv6 for EndpointSlices	2019-11-12 09:03:53 -08:00
Gao Zheng	6b36a60c75	kube-proxy/ipvs get local addr just once per sync	2019-11-12 19:40:21 +08:00
Jordan Liggitt	297570e06a	hack/update-vendor.sh	2019-11-06 17:42:34 -05:00
yuxiaobo	81e9f21f83	Correct spelling mistakes Signed-off-by: yuxiaobo <yuxiaobogo@163.com>	2019-11-06 20:25:19 +08:00
Kubernetes Prow Robot	2b3540068b	Merge pull request #84422 from aojea/kubemarkdrop kube-proxy: ensure KUBE-MARK-DROP exists	2019-11-03 13:41:39 -08:00
Kubernetes Prow Robot	1da7210180	Merge pull request #84440 from lsytj0413/fix-gosimple refactor(*): fix comparison to bool constant, return redundant	2019-11-01 18:08:10 -07:00
Kubernetes Prow Robot	85575e929b	Merge pull request #83387 from danwinship/proxy-error-retry If an iptables proxier sync fails, retry after iptablesSyncPeriod	2019-10-31 21:53:23 -07:00
Dan Winship	2fd42dee95	If an iptables proxier sync fails, retry after iptablesSyncPeriod	2019-10-29 07:36:00 -04:00
lsytj0413	948a578179	refactor(*): fix comparison to bool constant, return redundant	2019-10-28 16:41:08 +08:00
Antonio Ojea	1ca0ffeaf2	kube-proxy: check KUBE-MARK-DROP	2019-10-27 18:46:51 +01:00
zouyee	a3e0ac2951	set config.BindAddress to IPv4 address "127.0.0.1" if not specified Signed-off-by: Zou Nengren <zouyee1989@gmail.com>	2019-10-25 21:46:41 +08:00
Ricardo Pchevuzinske Katz	6aaae7d646	Add support for builtin modules in kube-proxy Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>	2019-10-23 13:59:44 -03:00
Kubernetes Prow Robot	bbe71214a6	Merge pull request #83677 from HotelsDotCom/kube-proxy-README Bugfix kube-proxy README file to list ipvs modules, closes #83676	2019-10-21 21:11:51 -07:00
preisinger	d6431fbdfa	Bugfix kube-proxy README file to list ipvs modules	2019-10-18 09:25:28 +01:00
Kubernetes Prow Robot	6a5f0e6eda	Merge pull request #81348 from yastij/code-org-service-controller move service helpers to k8s.io/cloud-provider	2019-10-17 00:20:38 -07:00
Yassine TIJANI	d796baea27	move service helpers to k8s.io/cloud-provider Signed-off-by: Yassine TIJANI <ytijani@vmware.com>	2019-10-16 14:12:11 +02:00
Kubernetes Prow Robot	bb6166419a	Merge pull request #83644 from danwinship/userspace-proxy-logging Don't log about deleting non-existent affinity entries in userspace OnEndpointsAdd	2019-10-15 23:05:38 -07:00
Kubernetes Prow Robot	a7b3114c88	Merge pull request #83553 from rikatz/issue77493-part1 Improve IPVS Module loader logic	2019-10-15 23:05:13 -07:00
Kubernetes Prow Robot	af6f302e46	Merge pull request #83498 from danwinship/proxy-health Fix kube-proxy healthz server for proxier sync loop changes	2019-10-15 23:04:58 -07:00
Rob Scott	8e7de45034	Reworking kube-proxy to only compute endpointChanges on apply. Computing EndpointChanges is a relatively expensive operation for kube-proxy when Endpoint Slices are used. This had been computed on every EndpointSlice update which became quite inefficient at high levels of scale when multiple EndpointSlice update events would be triggered before a syncProxyRules call. Profiling results showed that computing this on each update could consume ~80% of total kube-proxy CPU utilization at high levels of scale. This change reduced that to as little as 3% of total kube-proxy utilization at high levels of scale. It's worth noting that the difference is minimal when there is a 1:1 relationship between EndpointSlice updates and proxier syncs. This is primarily beneficial when there are many EndpointSlice updates between proxier sync loops.	2019-10-15 16:31:12 -07:00
Ricardo Pchevuzinske Katz	da8931560b	Improve IPVS Module loader logic Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>	2019-10-11 08:59:41 -03:00
Kubernetes Prow Robot	0ff761b14f	Merge pull request #82927 from obitech/kube_proxy_strict_serializer Enable strict serializer in kube-proxy	2019-10-09 11:05:50 -07:00
Dan Winship	ebe94f139a	Don't log about deleting non-existent affinity entries in userspace OnEndpointsAdd	2019-10-08 18:17:41 -04:00
Rob Scott	3924364585	Making iptables probability more granular in kube-proxy. Until now, iptables probabilities had 5 decimal places of granularity. That meant that probabilities would start to repeat once a Service had 319 or more endpoints. This doubles the granularity to 10 decimal places, ensuring that probabilities will not repeat until a Service reaches 100,223 endpoints.	2019-10-07 17:37:33 -07:00
Dan Winship	f83474916e	Fix kube-proxy healthz server for proxier sync loop changes The proxy healthz server assumed that kube-proxy would regularly call UpdateTimestamp() even when nothing changed, but that's no longer true. Fix it to only report unhealthiness when updates have been received from the apiserver but not promptly pushed out to iptables/ipvs.	2019-10-04 13:37:09 -04:00
Dan Winship	0f10102c16	Better distinguish the two kinds of proxy health check servers Kube-proxy runs two different health servers; one for monitoring the health of kube-proxy itself, and one for monitoring the health of specific services. Rename them to "ProxierHealthServer" and "ServiceHealthServer" to make this clearer, and do a bit of API cleanup too.	2019-10-04 10:37:58 -04:00
Kubernetes Prow Robot	35d68586db	Merge pull request #83208 from robscott/endpointslice-proxy-staleconn-perf Only detecting stale connections for UDP ports in kube-proxy	2019-10-02 23:40:08 -07:00
Kubernetes Prow Robot	74d2822662	Merge pull request #72535 from tallclair/content-type Always set content-type & nosniff	2019-09-27 18:43:39 -07:00
Rob Scott	af56f25797	Only detecting stale connections for UDP ports in kube-proxy. The detectStaleConnections function in kube-proxy is very expensive in terms of CPU utilization. The results of this function are only actually used for UDP ports. This adds a protocol attribute to ServicePortName to make it simple to only run this function for UDP connections. For clusters with primarily TCP connections this can improve kube-proxy performance by 2x.	2019-09-25 17:48:54 -07:00
Rob Scott	d4b694a497	Updating EndpointSliceCache sort function to be significantly faster. The .IP() call that was previously used for sorting resulted in a call to netutil to parse an IP out of an IP:Port string. This was very slow and resulted in this sort taking up ~50% of total CPU util for kube-proxy.	2019-09-23 17:12:54 -07:00
obitech	f9b152abb0	Add strict serializer to codec factory in kube-proxy	2019-09-23 19:39:00 +02:00
danielqsj	c2a4906152	Bump k8s.io/klog to v1.0.0	2019-09-23 16:51:43 +08:00
hwdef	4e7ef9ad36	delete unused var	2019-09-19 18:04:13 +08:00
Kubernetes Prow Robot	e7090e8f5e	Merge pull request #81517 from danwinship/iptables-monitor drop firewalld monitoring, add better iptables monitor	2019-09-17 10:58:02 -07:00
Dan Winship	3948f16ff4	Add iptables.Monitor, use it from kubelet and kube-proxy Kubelet and kube-proxy both had loops to ensure that their iptables rules didn't get deleted, by repeatedly recreating them. But on systems with lots of iptables rules (ie, thousands of services), this can be very slow (and thus might end up holding the iptables lock for several seconds, blocking other operations, etc). The specific threat that they need to worry about is firewall-management commands that flush all dynamic iptables rules. So add a new iptables.Monitor() function that handles this by creating iptables-flush canaries and only triggering a full rule reload after noticing that someone has deleted those chains.	2019-09-17 10:19:26 -04:00
Kubernetes Prow Robot	9da6c6fe98	Merge pull request #82736 from RainbowMango/pr_migrate_prom_bucket_for_proxy_metrics Migrate prometheus bucket functionality to kube-metrics for proxy metrics	2019-09-16 23:16:36 -07:00
RainbowMango	d36c27a106	Update bazel by hack/update-bazel.sh	2019-09-16 11:07:05 +08:00
RainbowMango	4ba8a9fee1	Migrate prometheus bucket functionality to metrics stability framework.	2019-09-16 11:05:38 +08:00
RainbowMango	e9c5b06b79	Update bazel by hack/update-bazel.sh	2019-09-16 10:36:20 +08:00
RainbowMango	fba9c76114	Migrate prometheus bucket functionality to metrics stability framework.	2019-09-16 10:34:58 +08:00
Kubernetes Prow Robot	fae7aa78a3	Merge pull request #82317 from viviyww/master11 Repaire incorrect ip version event	2019-09-11 15:25:39 -07:00
Kubernetes Prow Robot	2a749f1e88	Merge pull request #82307 from yutedz/rm-proxy-locked Remove unused func IsProxyLocked	2019-09-11 15:25:15 -07:00
Tim Allclair	ef6cba0b36	Always set content-type & nosniff	2019-09-11 15:01:43 -07:00
Rob Scott	a1e3afa28e	Adding a nil check in endpointslicecache	2019-09-05 17:32:44 -07:00
Kubernetes Prow Robot	61ecdba9ca	Merge pull request #82289 from robscott/endpointslice-fixes Fixing bugs related to Endpoint Slices	2019-09-05 09:03:10 -07:00
Rob Scott	8f9483d827	Fixing bugs related to Endpoint Slices This should fix a bug that could break masters when the EndpointSlice feature gate was enabled. This was all tied to how the apiserver creates and manages it's own services and endpoints (or in this case endpoint slices). Consumers of endpoint slices also need to know about the corresponding service. Previously we were trying to set an owner reference here for this purpose, but that came with potential downsides and increased complexity. This commit changes behavior of the apiserver endpointslice integration to set the service name label instead of owner references, and simplifies consumer logic to reference that (both are set by the EndpointSlice controller). Additionally, this should fix a bug with the EndpointSlice GenerateName value that had previously been set with a "." as a suffix.	2019-09-04 09:09:32 -07:00
yangweiwei	99430f51fd	Repaire incorrect ip version event When we config the wrong ip version and the endpoint updates the error event info. But the parameter call order is wrong. So we should fix it.	2019-09-04 15:15:59 +08:00
Ted Yu	6e0878fbcc	Remove unused func IsProxyLocked	2019-09-04 10:36:24 +08:00
Kubernetes Prow Robot	f71cfdf66d	Merge pull request #82214 from Nordix/issue-80462 Ensure the KUBE-MARK-DROP chain in kube-proxy mode=ipvs	2019-09-03 16:01:37 -07:00
Kubernetes Prow Robot	542f3c65a0	Merge pull request #78547 from MikeSpreitzer/fix-76699 Make iptables and ipvs modes of kube-proxy MASQUERADE --random-fully if possible	2019-09-03 14:34:58 -07:00
Lars Ekman	9e6a687352	Ensure the KUBE-MARK-DROP chain in kube-proxy mode=ipvs	2019-09-03 21:08:54 +02:00
Mike Spreitzer	d86d1defa1	Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible Work around Linux kernel bug that sometimes causes multiple flows to get mapped to the same IP:PORT and consequently some suffer packet drops. Also made the same update in kubelet. Also added cross-pointers between the two bodies of code, in comments. Some day we should eliminate the duplicate code. But today is not that day.	2019-09-01 22:07:30 -04:00
Khaled Henidak(Kal)	ef75723564	ipvs dualstack: generated items co-authored-by: Lars Ekman <lars.g.ekman@est.tech>	2019-08-29 23:38:25 +00:00
Khaled Henidak(Kal)	465255425e	create meta-proxy for proxy-mode=ipvs (dualstack) co-authored-by: Lars Ekman <lars.g.ekman@est.tech>	2019-08-29 23:37:37 +00:00
Kubernetes Prow Robot	4495d09282	Merge pull request #81430 from robscott/endpointslice-proxy Adding EndpointSlice support for kube-proxy ipvs and iptables proxiers	2019-08-29 15:36:44 -07:00
Kubernetes Prow Robot	7d241f0ec1	Merge pull request #81626 from logicalhan/proxy-migration migrate kube-proxy metrics to stability framework	2019-08-29 05:30:23 -07:00
Rob Scott	9665c590c7	Adding EndpointSlice support for kube-proxy ipvs and iptables proxiers	2019-08-29 01:06:52 -07:00
Kubernetes Prow Robot	454e8e6e92	Merge pull request #80514 from liuxu623/master don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier	2019-08-28 23:49:56 -07:00
Kubernetes Prow Robot	bd8a8db515	Merge pull request #81477 from paulsubrata55/kube-proxy-sctp-ipset-fix Fix in kube-proxy for sctp ipset entries	2019-08-28 18:26:09 -07:00
Kubernetes Prow Robot	af54eae69a	Merge pull request #81612 from rikatz/issue81060 Remove watching Endpoints of Headless Services	2019-08-28 14:44:25 -07:00
Han Kang	e1bf0b4918	group imports properly	2019-08-28 12:49:54 -07:00
Han Kang	0895ac212d	migrate kube-proxy metrics to stability framework	2019-08-28 12:49:54 -07:00
Kubernetes Prow Robot	927f45191e	Merge pull request #81527 from yastij/move-controller-util move WaitForCacheSync to the sharedInformer package	2019-08-27 00:52:54 -07:00
Kubernetes Prow Robot	0a486d97ed	Merge pull request #81415 from oxddr/asdf kube-proxy: improve logging around network programming latency SLI.	2019-08-23 15:48:39 -07:00
Janek Łukaszewicz	c33be173bf	kube-proxy: improve logging around network programming latency SLI.	2019-08-23 15:48:25 +02:00
Kubernetes Prow Robot	9c736445f5	Merge pull request #79846 from aramase/fix-golint-pkg/proxy Fix golint failures in pkg/proxy	2019-08-23 00:51:17 -07:00
Kubernetes Prow Robot	37651f1cef	Merge pull request #80368 from danwinship/iptables-checks iptables feature detection improvements	2019-08-22 13:31:20 -07:00
Yassine TIJANI	7e4c3096fe	move WaitForCacheSync to the sharedInformer package Signed-off-by: Yassine TIJANI <ytijani@vmware.com>	2019-08-22 16:13:41 +01:00
Ricardo Pchevuzinske Katz	e389237171	Remove watching Endpoints of Headless Services Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@serpro.gov.br>	2019-08-21 16:37:09 -03:00
Yassine TIJANI	4d9e4f0b45	move ShuffleStrings to pkg/proxy Signed-off-by: Yassine TIJANI <ytijani@vmware.com>	2019-08-21 20:03:53 +01:00
liuxu	c90b295ef1	don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier	2019-08-20 15:43:54 +08:00
Subrata Paul	138b8b8aaa	Fix in kube-proxy for sctp ipset entries Kube-proxy will add ipset entries for all node ips for an SCTP nodeport service. This will solve the problem 'SCTP nodeport service is not working for all IPs present in the node when ipvs is enabled. It is working only for node's InternalIP.'	2019-08-18 00:40:27 +05:30
Kubernetes Prow Robot	d21822a02a	Merge pull request #81538 from thockin/master Don't track syncProxyRules runtime if not running	2019-08-17 09:24:06 -07:00
Tim Hockin	5b14394f4e	Don't track syncProxyRules runtime if not running	2019-08-16 17:05:03 -07:00
Kubernetes Prow Robot	e6d4273395	Merge pull request #79033 from Nordix/kubeadm-ds-pod-network-cidr Dual-Stack Integration with Kubeadm	2019-08-16 05:06:31 -07:00
Kubernetes Prow Robot	47e78f3de5	Merge pull request #81378 from tedyu/ports-2-endpt buildPortsToEndpointsMap should use flattened value type	2019-08-15 19:17:01 -07:00
Ted Yu	2f671340c9	buildPortsToEndpointsMap should use flattened value type	2019-08-15 11:28:09 -07:00
Kubernetes Prow Robot	e552806753	Merge pull request #81361 from oxddr/kubeproxy-moar-logging kube-proxy: do not export network programming latency for deleted Endpoints	2019-08-14 16:52:49 -07:00
Kubernetes Prow Robot	4ac9701370	Merge pull request #81309 from andrewsykim/ipvs-test-delete-with-realserver proxy/ipvs: test cleanLegacyService with real servers	2019-08-14 12:46:24 -07:00
Janek Łukaszewicz	e52110edcd	kube-proxy: do not export network programming latency for deleted enpoints.	2019-08-14 14:00:07 +02:00
Kubernetes Prow Robot	8c7244ac12	Merge pull request #81312 from andrewsykim/ipvs-remove-const proxy/ipvs: remove unused constant rsGracefulDeletePeriod	2019-08-13 19:37:16 -07:00
Andrew Sy Kim	459bfb1ab7	proxy/ipvs: test cleanLegacyService with real servers Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-08-13 11:55:16 -04:00
Kubernetes Prow Robot	6d921c0eb5	Merge pull request #80779 from andrewsykim/ipvs-test-tables proxy/ipvs: refactor IPVS unit tests TestClusterIP and TestNodePort to use test tables	2019-08-13 07:55:42 -07:00
Kubernetes Prow Robot	12a085f917	Merge pull request #80942 from gongguan/fix_ipvs_svc_del fix ipvs_svc deletion	2019-08-13 02:27:54 -07:00
Andrew Sy Kim	e198eefa2b	proxy/ipvs: remove unused constant rsGracefulDeletePeriod Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-08-12 16:30:28 -04:00
ethan	94efd3fcdf	cleanup: proxier.go error message fix	2019-08-12 22:36:16 +08:00
louisssgong	97c4edaa4f	Fix a bug in the IPVS proxier where virtual servers are not cleaned up even though the corresponding Service object was deleted.	2019-08-10 06:32:38 +08:00
hui luo	a2ef00c1b1	Add iptables restore failure metrics As mentioned in issue #80061, in iptables lock contention case, we can see increasing rate of iptables restore failures because it need to grab iptables file lock. The failure metric can provide administrators more insight Metrics will be collected in kube-proxy iptables and ipvs modes Signed-off-by: Hui Luo <luoh@vmware.com>	2019-08-09 10:18:19 -07:00
Arvinderpal Wander	ec77598906	Update kubeproxy config validation to support list of comma separated pod CIDRs. Dual-stack feature must be enabled for the validation to be done.	2019-08-09 07:20:39 -07:00
Kubernetes Prow Robot	19e85a9092	Merge pull request #80502 from xigang/master Update CleanupAndExit and OnServiceSynced field comment and bugfix panic params in the construct method	2019-08-07 20:10:06 -07:00
Kubernetes Prow Robot	695190da6b	Merge pull request #80218 from oxddr/kubeproxy-buckets kube-proxy: change buckets used by NetworkProgrammingLatency	2019-08-04 08:33:49 -07:00
Dan Winship	a735c97356	kube-proxy: drop iptables version check Kube-proxy's iptables mode used to care whether utiliptables's EnsureRule was able to use "iptables -C" or if it had to implement it hackily using "iptables-save". But that became irrelevant when kube-proxy was reimplemented using "iptables-restore", and no one ever noticed. So remove that check.	2019-08-01 12:05:31 -04:00
Emrecan BATI	90ce2d50d3	Add GetKernelVersion to ipvs.KernelHandler interface ipvs `getProxyMode` test fails on mac as `utilipvs.GetRequiredIPVSMods` try to reach `/proc/sys/kernel/osrelease` to find version of the running linux kernel. Linux kernel version is used to determine the list of required kernel modules for ipvs. Logic to determine kernel version is moved to GetKernelVersion method in LinuxKernelHandler which implements ipvs.KernelHandler. Mock KernelHandler is used in the test cases. Read and parse file is converted to go function instead of execing cut.	2019-07-31 22:10:44 +03:00
Andrew Sy Kim	089e0cd9ef	proxy/ipvs: refactor TestNodePort to use test tables Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-07-30 22:04:52 -04:00
Andrew Sy Kim	9af797c51e	proxy/ipvs: refactor TestClusterIP to use test tables Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-07-30 21:30:52 -04:00
silenceshell	c31a2b7076	kube-proxy in ipvs mode use ipvs to redirect traffic fix the comment.	2019-07-28 21:36:02 +08:00
Janek Łukaszewicz	f9b683532a	second iteration	2019-07-26 14:44:55 +02:00
xigang	4ac81d7508	Update the CleanupAndExit field for the Options and the OnServiceSynced for the ServiceHandler comment	2019-07-24 09:40:29 +08:00
Cezar Sa Espinola	c25763e159	proxy/ipvs: Compute all node ips only once when a zero cidr is used Computing all node ips twice would always happen when no node port addresses were explicitly set. The GetNodeAddresses call would return two zero cidrs (ipv4 and ipv6) and we would then retrieve all node IPs twice because the loop wouldn't break after the first time. Also, it is possible for the user to set explicit node port addresses including both a zero and a non-zero cidr, but this wouldn't make sense for nodeIPs since the zero cidr would already cause nodeIPs to include all IPs on the node.	2019-07-23 13:35:37 -03:00
Cezar Sa Espinola	5c16940508	proxy/ipvs: Only compute node ip addresses once per sync Previously the same ip addresses would be computed for each nodePort service and this could be CPU intensive for a large number of nodePort services with a large number of ipaddresses on the node.	2019-07-23 13:35:27 -03:00
Janek Łukaszewicz	1dda3d8dfc	kube-proxy: change buckets used by NetworkProgrammingLatency refs https://github.com/kubernetes/perf-tests/issues/640 We have too fine buckets granularity for lower latencies, at cost of the higher latecies (7+ minutes). This is causing spikes in SLI calculated based on that metrics. I don't have strong opinion about actual values - those seemed to be better matching our need. But let's have discussion about them. Values: 0.015 s 0.030 s 0.060 s 0.120 s 0.240 s 0.480 s 0.960 s 1.920 s 3.840 s 7.680 s 15.360 s 30.720 s 61.440 s 122.880 s 245.760 s 491.520 s 983.040 s 1966.080 s 3932.160 s 7864.320 s	2019-07-16 16:43:19 +02:00
Andrew Sy Kim	7aa1700dba	proxy/ipvs: increase log level for graceful termination Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-07-12 15:17:42 -04:00
Andrew Sy Kim	3629ed10fa	add myself and lbernail as IPVS approvers Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-07-11 19:06:59 -04:00
Anish Ramasekar	2878270f5b	Fix golint failures in pkg/proxy Review feedback - remove alias from imports fix comments	2019-07-08 11:48:33 -07:00
Kubernetes Prow Robot	da0f51ffed	Merge pull request #78820 from haosdent/fix_typos Fix typos.	2019-07-01 15:09:20 -07:00
Andrew Sy Kim	ba19451020	iptables proxier: fix comments for LB IP traffic from local address Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-06-28 16:42:01 -04:00
Andrew Sy Kim	22832cfb78	ipvs proxy: add unit test for udp graceful termination Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-06-22 21:07:40 -04:00
Kubernetes Prow Robot	eee3e976d8	Merge pull request #78294 from vllry/kp-remove-resource-container Remove deprecated flag --resource-container from kube-proxy	2019-06-22 00:38:12 -07:00
Kubernetes Prow Robot	099878620f	Merge pull request #78874 from sbangari/kubeproxysvcfix Fix the creation of load balancer policy for the NodeIp when NodePort…	2019-06-21 12:16:14 -07:00
Sravanth Bangari	9cc828cbf0	Fix the creation of load balancer policy for the NodeIp when NodePort specified is same as service Port	2019-06-20 11:11:44 -07:00
Vallery Lancey	dc0f14312e	Removed deprecated --resource-container flag from kube-proxy.	2019-06-16 08:36:42 -07:00
Kubernetes Prow Robot	101f9ff703	Merge pull request #78999 from andrewsykim/ipvs-graceful-term-fix ipvs: fix string check for IPVS protocol during graceful termination	2019-06-15 08:52:38 -07:00
Kubernetes Prow Robot	0c9964fac3	Merge pull request #76160 from JacobTanenbaum/BaseServiceInfo-cleanup enforce the interface relationship between ServicePort and BaseServiceInfo	2019-06-13 20:37:13 -07:00
Andrew Sy Kim	bb95143369	ipvs: fix string check for IPVS protocol during graceful termination Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-06-13 19:03:58 -04:00
Haosdent Huang	7ce6e71891	Fix typos.	2019-06-11 01:52:14 +08:00
Jacob Tanenbaum	c0392d72e9	enforce the interface relationship between ServicePort and BaseServiceInfo Currently the BaseServiceInfo struct implements the ServicePort interface, but only uses that interface sometimes. All the elements of BaseServiceInfo are exported and sometimes the interface is used to access them and othertimes not I extended the ServicePort interface so that all relevent values can be accessed through it and unexported all the elements of BaseServiceInfo	2019-06-05 14:50:24 -04:00
Kubernetes Prow Robot	f532d5ca4b	Merge pull request #78612 from ksubrmnn/retry Kube-Proxy wait when HNS network not found	2019-06-03 01:10:20 -07:00
Ricardo Pchevuzinske Katz	82c42bb6ee	Remove deprecated flag --conntrack-max from kube-proxy	2019-06-01 18:10:28 -03:00
ksubrmnn	39aa6abf18	Wait when HNS network not found	2019-05-31 18:26:57 -07:00
Kubernetes Prow Robot	4d7e9052ea	Merge pull request #77582 from mrkm4ntr/clean-proxy-config Clean up code in proxy/config	2019-05-31 12:23:06 -07:00
Kubernetes Prow Robot	bdf3d248eb	Merge pull request #77523 from andrewsykim/fix-xlb-from-local iptables proxier: route local traffic to LB IPs to service chain	2019-05-31 12:22:53 -07:00
Kubernetes Prow Robot	8b7e777fe8	Merge pull request #74825 from ksubrmnn/preserve_dip Windows support for preserving the destination IP as the VIP when loadbalancing with DSR	2019-05-31 04:48:27 -07:00
Kubernetes Prow Robot	46a3d82240	Merge pull request #78464 from andrewsykim/ipvs-reviewer add myself and Laurent as ipvs proxy reviewers	2019-05-30 04:54:35 -07:00
Kubernetes Prow Robot	180acb315f	Merge pull request #78404 from andrewsykim/refactor-ipvs-ipset-tests ipvs: add descriptions to ipset unit tests	2019-05-30 00:32:33 -07:00
Kubernetes Prow Robot	2fb7b6074a	Merge pull request #78395 from andrewsykim/ipvs-graceful-termination-log-level ipvs proxier: increase log level for real server deletion message	2019-05-29 22:54:57 -07:00
Andrew Sy Kim	f6d9a45643	add myself and Laurent as ipvs proxy reviewers Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-29 01:43:50 -04:00
Kubernetes Prow Robot	944a7e2be6	Merge pull request #77802 from DataDog/lbernail/no-graceful-udp [proxier/ipvs] Disable graceful termination for UDP traffic	2019-05-28 22:20:35 -07:00
Kubernetes Prow Robot	aa25195ab1	Merge pull request #77371 from andrewsykim/77265 create new SCTP ipsets for IPVS proxier	2019-05-28 10:58:54 -07:00
Kubernetes Prow Robot	59f6ed3b14	Merge pull request #78379 from yanghaichao12/dev0527 remove some codes never used in proxier_test	2019-05-28 07:18:25 -07:00
Laurent Bernaille	9ff0685722	[proxier/ipvs] Disable graceful termination for udp	2019-05-28 13:51:56 +02:00
Andrew Sy Kim	f3715bbbac	ipvs: add descriptions to ipset unit tests Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-27 11:38:11 -04:00
yanghaichao12	66aa7c973d	delete unused code in proxier_test	2019-05-27 10:39:43 -04:00
Andrew Sy Kim	e049927a1c	ipvs proxier: increase log level for real server deletion message Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-27 08:24:37 -04:00
Kalya Subramanian	4e0f63b688	Set loadbalancer flags for DSR	2019-05-20 15:37:19 -07:00
Andrew Sy Kim	6677d796df	ipvs: add graceful termination unit tests Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-19 23:10:01 +02:00
Kubernetes Prow Robot	929adb69e3	Merge pull request #76165 from JacobTanenbaum/minor-cleanups Minor cleanups in pkg/proxy/endpoints.go	2019-05-15 22:55:55 -07:00
Kubernetes Prow Robot	746404f82a	Merge pull request #77560 from dcbw/proxy-sig-network-owners pkg/proxy: add sig-network-approvers/sig-network-reviewers to OWNERS files	2019-05-15 03:08:33 -07:00
Kubernetes Prow Robot	74743793f2	Merge pull request #74027 from squeed/kube-proxy-metrics proxy: add some useful metrics	2019-05-15 03:08:19 -07:00
Dan Williams	91716989b6	pkg/proxy: add sig-network-approvers/sig-network-reviewers to OWNERS files This PR also adds m1093782566 (Jun Du) to sig-network-reviewers in recognition of his contributions to the proxy.	2019-05-13 10:30:29 -05:00
Brad Hoekstra	62e58a66aa	Fix some lint errors in pkg/proxy	2019-05-09 16:48:29 -04:00
Shintaro Murakami	bc76a18d83	Clean up code in proxy/config	2019-05-09 10:58:26 +09:00
Andrew Sy Kim	8dfd4def99	add unit tests for -src-type=LOCAL from LB chain Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-07 15:22:46 -04:00
Andrew Sy Kim	b926fb9d2b	iptables proxier: route local traffic to LB IPs to service chain Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-07 15:22:46 -04:00
Jacob Tanenbaum	9d4693a70f	changing UpdateEndpointsMap to Update changing UpdateEndpointsMap to be a function of the EndpointsMap object	2019-05-07 14:41:15 -04:00
Jacob Tanenbaum	5201cc994c	Cleanup of GetLocalEndpointIPs unexported GetLocalEndpointIPs and made it a endpointsMap struct method	2019-05-07 14:41:15 -04:00
Jacob Tanenbaum	1d60557c87	Merge() and Unmerge() needlessly exported	2019-05-07 14:41:15 -04:00
Casey Callendrello	017f57a6b0	proxy: add some useful metrics This adds some useful metrics around pending changes and last successful sync time. The goal is for administrators to be able to alert on proxies that, for whatever reason, are quite stale. Signed-off-by: Casey Callendrello <cdc@redhat.com>	2019-05-07 14:21:13 +02:00
Krzysztof Siedlecki	941629d37a	Revert "Add better logging when iptables-restore fails"	2019-05-07 13:37:29 +02:00
Kubernetes Prow Robot	5b34d95ec5	Merge pull request #77381 from JieJhih/network/golint Fix golint	2019-05-07 00:23:54 -07:00
draveness	fabc628210	style: update several golint errors in winkernel	2019-05-06 20:28:09 +08:00
Andrew Sy Kim	43ded7c4e2	create new ipset KUBE-NODE-PORT-SCTP-HASH and KUBE-NODE-PORT-LOCAL-SCTP-HASH for ipvs proxier Signed-off-by: Andrew Sy Kim <kiman@vmware.com>	2019-05-03 11:59:49 -04:00
JieJhih Jhang	21e4f0039e	fix golint	2019-05-03 14:31:51 +08:00
Kubernetes Prow Robot	a949abc5bd	Merge pull request #76712 from tedyu/rr-read-lock Use read lock for ServiceHasEndpoints	2019-05-01 23:28:31 -07:00
Kubernetes Prow Robot	de83eefd1b	Merge pull request #76784 from tedyu/health-read Use read lock in ServeHTTP	2019-05-01 20:42:19 -07:00
JieJhih Jhang	176d49300d	combine two logics avoid for range the same thing	2019-05-01 18:35:52 +08:00
Kubernetes Prow Robot	4dc05dd9df	Merge pull request #76320 from JieJhih/config/kube_proxy support ipv6 in bind address	2019-04-26 17:14:22 -07:00
Kubernetes Prow Robot	a143d07b27	Merge pull request #76254 from JieJhih/fix/word Fix spell error	2019-04-26 14:26:34 -07:00
Kubernetes Prow Robot	fa833a1e33	Merge pull request #74840 from anfernee/connreset kube-proxy: Drop packets in INVALID state	2019-04-26 14:26:22 -07:00
Ted Yu	2472d34bf0	Refactor err checking	2019-04-25 10:18:52 -07:00
Ted Yu	9d30833e53	Follow on for #76779	2019-04-25 02:46:38 -07:00
Kubernetes Prow Robot	e8cbeaae2b	Merge pull request #76779 from tedyu/stored-cidr Store parsed CIDRs at initialization of Proxier	2019-04-24 23:04:45 -07:00
Davanum Srinivas	7b8c9acc09	remove unused code Change-Id: If821920ec8872e326b7d85437ad8d2620807799d	2019-04-19 08:36:31 -04:00
Ted Yu	9fb6a100c8	Use read lock in ServeHTTP	2019-04-18 11:40:29 -07:00
Ted Yu	0062a7d8de	Store parsed CIDRs at initialization of Proxier	2019-04-18 09:36:05 -07:00
Ted Yu	cf706531a5	Use read lock for ServiceHasEndpoints	2019-04-17 08:10:30 -07:00
JieJhih Jhang	08e320fa4e	support ipv6 in bind address use split host port func instead trim specific character add unit test for metrics and healthz bind address recover import package refactor set default kube proxy configuration fix ipv4 condition fix set default port condition rewrite call function occasion to reduce error set ipv6 default value move get GetBindAddressHostPort to util use one func to handle deprecated series update bazel define address type return earlier in the error case refactor set default kube proxy configuration logic recover import package preserve some of the original comments add get default address func add append port if needed unit test rewrite unit test for deprecated flags remove unused codes	2019-04-17 15:31:42 +08:00
Kubernetes Prow Robot	a55478319a	Merge pull request #76277 from dcbw/proxy-userspace-dans-owners proxy/userspace: add dcbw and danwinship to OWNERS approvers	2019-04-16 19:14:18 -07:00
Kubernetes Prow Robot	2490e035d7	Merge pull request #71735 from dcbw/userspace-proxy-ratelimiting proxy/userspace: respect minSyncInterval	2019-04-16 19:14:03 -07:00
Kubernetes Prow Robot	b66fb6a347	Merge pull request #76658 from ksubrmnn/owners Update winkernel owners file	2019-04-16 17:48:50 -07:00
Kubernetes Prow Robot	90b9ccf7f4	Merge pull request #74447 from WanLinghao/builder_ptr_replace Remove and replace ptr functions	2019-04-16 16:19:38 -07:00
ksubrmnn	a7c3068e86	Update owners file	2019-04-16 10:45:50 -07:00
Igor German	107faf5ab0	proxy: Take into account exclude CIDRs while deleting legacy real servers	2019-04-11 17:05:49 +03:00
WanLinghao	d0138ca3fe	This commit does two things in pkg package: 1. Remove unused ptr functions. 2. Replace ptr functions with k8s.io/utils/pointer	2019-04-09 10:56:35 +08:00
Dan Williams	63c01133f8	proxy/userspace: add dcbw and danwinship to OWNERS approvers Per recommendation of @thockin: https://github.com/kubernetes/kubernetes/pull/71735#pullrequestreview-189515580 --- IMO this code is as dead as it could be. The only significant user is OpenShift as far as I know. I'd rather never touch it again, but I know that is not realistic. Also, it seems like maybe this could be broken into a couple commits for easier review? I raised some questions about this design, but I think you should add yourselves as approvers in OWNERS for this subdir. If it evolves, I will lose context on the impl. I don't think it is covered by e2e, either (more argument for breaking it to a separate repo and having its own e2e tests) ---	2019-04-08 12:38:22 -05:00
Jay	9f2147161e	Fix spell error	2019-04-08 15:49:29 +08:00
Dan Williams	cc2b31a2f3	proxy/userspace: consolidate portal and proxy cleanup	2019-04-05 16:28:24 -05:00
Dan Williams	8cf0076e23	proxy/userspace: respect minSyncInterval and simplify locking The userspace proxy does not have any ratelimiting and when many services are used will hammer iptables every time a service or endpoint change occurs. Instead build up a map of changed services and process all those changes at once instead of each time an event comes in. This also ensures that no long-running processing happens in the same call chain as the OnService* calls as this blocks other handlers attached to the proxy's parent ServiceConfig object for long periods of time. Locking can also now be simplified as the only accesses to the proxy's serviceMap happen from syncProxyRules(). So instead of locking in many functions just lock once in syncProxyRules() like the other proxies do. https://bugzilla.redhat.com/show_bug.cgi?id=1590589 https://bugzilla.redhat.com/show_bug.cgi?id=1689690	2019-04-05 16:28:17 -05:00
Dan Williams	cf7225f561	proxy/userspace: replace IsServiceIPSet() with ShouldSkipService() Keeps things consistent with iptables/IPVS proxies. Proxies don't handle ServiceTypeExternalName even if the ClusterIP is set.	2019-04-05 16:16:36 -05:00
Dan Williams	04b943ce38	proxy/userspace: track initial service/endpoints sync We'll use this shortly to prevent premature syncing before all initial endpoints and services have been received from the apiserver.	2019-04-05 16:16:36 -05:00
Dan Williams	ddab79a233	proxy/userspace: add proxy shutdown function and use in testcases If a testcase does time out and 'go test' prints the call stack, make sure everything from previous tests is cleaned up so the call stack is easier to understand.	2019-04-05 16:16:36 -05:00
Dan Williams	4b07f80d20	proxy: consolidate ServicesHandler/EndpointsHandler into ProxyProvider Proxies should be able to cleanly figure out when endpoints have been synced, so make all ProxyProviders also implement EndpointsHandler and pass those through to loadbalancers when required.	2019-04-05 16:16:35 -05:00
Tim Hockin	f8a7936894	Add better logging when iptables-restore fails	2019-04-04 16:34:10 -07:00
Kubernetes Prow Robot	29566d0a65	Merge pull request #74341 from paulsubrata55/kube_proxy_sctp_fix Issue in kube-proxy when IPVS is enabled and SCTP traffic is sent.	2019-03-26 12:33:33 -07:00
Kubernetes Prow Robot	59140d6474	Merge pull request #75295 from DataDog/lbernail/strict-arp-flag [kube-proxy/ipvs] Add flag to enable strict ARP	2019-03-20 07:41:51 -07:00
Kubernetes Prow Robot	88dc966a8a	Merge pull request #75283 from DataDog/lbernail/graceful-restart [kube-proxy/ipvs] Do not delete existing VS and RS when starting	2019-03-20 07:41:36 -07:00
Kubernetes Prow Robot	046dcbd1ed	Merge pull request #73917 from droslean/cleanup replace loops with go idiomatic.	2019-03-19 19:01:04 -07:00
Yongkun Gui	a07169bcad	kube-proxy: Drop packets in INVALID state Fixes: #74839	2019-03-18 15:22:30 -07:00
Kubernetes Prow Robot	aa9cbd112c	Merge pull request #75265 from JacobTanenbaum/ClearExternalIPs Clear conntrack entries on 0 -> 1 endpoint transition with externalIPs	2019-03-18 11:06:23 -07:00
Jacob Tanenbaum	c3548165d5	Clear conntrack entries on 0 -> 1 endpoint transition with externalIPs As part of the endpoint creation process when going from 0 -> 1 conntrack entries are cleared. This is to prevent an existing conntrack entry from preventing traffic to the service. Currently the system ignores the existance of the services external IP addresses, which exposes that errant behavior This adds the externalIP addresses of udp services to the list of conntrack entries that get cleared. Allowing traffic to flow Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>	2019-03-15 11:18:51 -04:00
Laurent Bernaille	09f821ddb5	[kube-proxy/ipvs] Add flag to enable strict ARP	2019-03-12 15:56:22 +01:00
Laurent Bernaille	96818ea31e	[kube-proxy/ipvs] Do not delete existing VS and RS when starting	2019-03-12 09:40:55 +01:00
Tim Hockin	de25d6cb95	Kube-proxy: REJECT LB IPs with no endpoints We REJECT every other case. Close this FIXME. To get this to work in all cases, we have to process service in filter.INPUT, since LB IPS might be manged as local addresses.	2019-03-11 20:33:45 -07:00
Kubernetes Prow Robot	56c74635e2	Merge pull request #75023 from danielqsj/metrics-1 clean the deprecated metrics which introduced recently	2019-03-07 22:43:55 -08:00
Kubernetes Prow Robot	a8492d74ec	Merge pull request #74688 from ksubrmnn/overlay_dsr Allow Overlay loadbalancing to Public IP in Windows	2019-03-06 20:35:52 -08:00
danielqsj	10ab3fb832	clean the deprecated metrics which introduced recently	2019-03-06 15:23:46 +08:00
Kubernetes Prow Robot	9b8c58644a	Merge pull request #74418 from danielqsj/duration convert latency/latencies in metrics name to duration	2019-03-01 17:58:12 -08:00
ksubrmnn	0173545b56	Allow Overlay loadbalancing to Public IP	2019-02-27 16:27:08 -08:00
Kubernetes Prow Robot	b96378c058	Merge pull request #74436 from ksubrmnn/overlay_dsr Temporarily remove V2 API check	2019-02-22 19:19:37 -08:00
ksubrmnn	a322e08a98	Temporarily remove V2 API check	2019-02-22 14:10:05 -08:00
danielqsj	f7b437cae0	convert latency in mertics name to duration	2019-02-22 21:40:13 +08:00
Kubernetes Prow Robot	c06ca11b5d	Merge pull request #70896 from ksubrmnn/overlay_dsr Adding Windows Overlay support to Kube Proxy	2019-02-20 12:53:13 -08:00
Kubernetes Prow Robot	059d6057dd	Merge pull request #73323 from prameshj/clear-externalip-conntrack Clear conntrack entries for externalIP and LoadBalancer IP	2019-02-19 18:38:17 -08:00
Subrata Paul	bf099d557e	Fix for issue #73300 . kube-proxy with IPVS and sctp traffic	2019-02-19 20:29:08 +05:30
Kubernetes Prow Robot	c90bf8d8ea	Merge pull request #74062 from trungnvfet/fix_json_format Fix an issue of yaml and json format	2019-02-14 23:56:00 -08:00
Kubernetes Prow Robot	808f2cf0ef	Merge pull request #72525 from justinsb/owners_should_not_be_executable Remove executable file permission from OWNERS files	2019-02-14 23:55:45 -08:00
Nguyen Van Trung	d5d7db476d	fix an issue of yaml and json format Signed-off-by: Nguyen Van Trung <trungnv@vn.fujitsu.com>	2019-02-15 09:55:53 +07:00
Pavithra Ramesh	24d3ab83dc	Remove conntrack entries from loadbalancer ip too.	2019-02-13 09:55:31 -08:00
Matt Matejczyk	fce1909483	Don't log warning when EndpointsLastChangeTriggerTime not set.	2019-02-13 09:11:59 +01:00
Kubernetes Prow Robot	41d2445f8e	Merge pull request #71999 from mm4tt/kube-proxy Start exporting the in-cluster network programming latency metric.	2019-02-12 05:21:29 -08:00
Matt Matejczyk	7141ece4bf	Start exporting the in-cluster network programming latency metric.	2019-02-12 08:09:59 +01:00
Kubernetes Prow Robot	c2d88db834	Merge pull request #73582 from AdamDang/patch-24 Improve the ipvs/README.md	2019-02-11 19:58:19 -08:00
Nikolaos Moraitis	6e820cdcaf	replace loops with go idiomatic.	2019-02-11 11:21:52 +01:00
Kubernetes Prow Robot	5b7a790d35	Merge pull request #72185 from dcbw/owners-label-sig-network OWNERS: add label:sig/network to a bunch of places	2019-02-08 10:36:16 -08:00
ksubrmnn	c115b5aec2	Add WinDSR and WinOverlay feature flags	2019-02-05 10:49:22 -08:00
ksubrmnn	b724bdb19a	Update winkernel proxy for overlay	2019-02-05 10:39:23 -08:00
ksubrmnn	a47e99e37a	Add Windows flags for KubeProxyConfiguration	2019-02-05 10:39:23 -08:00
Roy Lenferink	b43c04452f	Updated OWNERS files to include link to docs	2019-02-04 22:33:12 +01:00
Ashish Ranjan	7be223e798	Refactor to use k8s.io/utils/net/ package instead of kubernetes/pkg/util/net/sets Signed-off-by: Ashish Ranjan <ashishranjan738@gmail.com>	2019-02-04 10:34:53 +05:30
AdamDang	62105c87d4	Improve the ipvs/README.md Improve the ipvs/README.md	2019-01-31 18:42:17 +08:00
Brad Hoekstra	6117316752	Refactor service-proxy-name label	2019-01-29 11:28:35 -05:00
Kubernetes Prow Robot	a5e424dc17	Merge pull request #72923 from saschagrunert/dedent-update Update dedent to latest release	2019-01-25 18:32:23 -08:00
Kubernetes Prow Robot	b8d6de320f	Merge pull request #72334 from danielqsj/kp Change proxy metrics to conform metrics guidelines	2019-01-25 18:32:12 -08:00
Pavithra Ramesh	cd2d33eaa3	fix import	2019-01-25 11:19:00 -08:00
prameshj	5667ebd4f6	Merge branch 'master' into clear-externalip-conntrack	2019-01-25 11:12:16 -08:00
Pavithra Ramesh	168602e597	Clear conntrack entries for externalIP When an endpoint is deleted, the conntrack entries are cleared for clusterIP but not for externalIP of the service. This change adds that step.	2019-01-25 11:05:18 -08:00
Sascha Grunert	ba7aaa911d	Update dedent to latest release Signed-off-by: Sascha Grunert <sgrunert@suse.com>	2019-01-17 08:30:07 +01:00
Kubernetes Prow Robot	fc282645ac	Merge pull request #72534 from thockin/kube-proxy-reject-no-endpoints-bug kube-proxy: Fix bug in rejecting 0 endpoint svc	2019-01-15 02:46:36 -08:00
Justin SB	dd19b923b7	Remove executable file permission from OWNERS files	2019-01-11 16:42:59 -08:00
Jeff Grafton	11f248fd35	Remove deprecated automanaged tag from some go rules	2019-01-08 14:40:57 -08:00
Kubernetes Prow Robot	1b28775db1	Merge pull request #72569 from luxas/component_base_init Create the k8s.io/component-base staging repo	2019-01-08 03:18:35 -08:00
danielqsj	1fb91a7206	Mark deprecated in related proxy metrics	2019-01-08 13:15:25 +08:00
yanghaichao12	ba64ae18bc	Fix typos in kube-proxy	2019-01-07 11:08:34 -05:00
Lucas Käldström	1edd2723f8	autogenerated files	2019-01-06 15:48:53 +02:00
Lucas Käldström	0140c82c16	Updated references from k8s.io/{apiserver,apimachinery} to the new k8s.io/component-base repo. Co-authored-by @Klaven	2019-01-06 14:01:26 +02:00
Kubernetes Prow Robot	dfea6456f1	Merge pull request #72432 from DataDog/issue-71596 Fix for #71596	2019-01-03 20:22:15 -08:00
Tim Hockin	df77e8eefd	kube-proxy: reject 0 endpoints on forward Previously we only REJECTed on OUTPUT which works for packets from the node but not for packets from pods on the node.	2019-01-03 10:59:13 -08:00
Tim Hockin	0d451d7a4c	kube-proxy: remove old cleanup rules	2019-01-03 10:59:10 -08:00
Tim Hockin	51442b1e8e	kube-proxy: rename field for congruence	2019-01-03 10:59:10 -08:00
Tim Hockin	2106447d21	kube-proxy: rename vars for clarity, fix err str	2019-01-03 10:59:10 -08:00
Tim Hockin	b3c2888e71	kube-proxy: rename internal field for clarity	2019-01-03 10:59:06 -08:00
Laurent Bernaille	7092e2f9f4	[kube-proxy/IPVS] Enforce ExternalTrafficPolicy:local even for services without affinity	2018-12-29 13:01:35 +01:00
danielqsj	8975e62254	Change proxy metrics to conform guideline	2018-12-26 17:25:10 +08:00
Kubernetes Prow Robot	ae88c2d7b4	Merge pull request #70616 from teemow/teemow-proxy-flush-iptables-first flush iptable chains first and then remove them	2018-12-20 08:53:47 -08:00
Dan Williams	2e339188ed	OWNERS: add label:sig/network to a bunch of places	2018-12-19 00:00:02 -06:00
Laurent Bernaille	8bafc9771e	[kube-proxy/ipvs] Do not try to delete RS already in termination list	2018-12-17 13:46:50 +01:00
Laurent Bernaille	ffbfc53053	[kube-proxy/ipvs] Add info message showing the reason for skipping deletion	2018-12-17 13:46:09 +01:00
Micah Hausler	9740b6a6e1	Disable proxy to loopback and linklocal	2018-12-11 20:51:40 -08:00
Lars Ekman	227893dc3d	Corrected test TestOnlyLocalLoadBalancing	2018-12-11 10:07:04 +01:00
Kubernetes Prow Robot	9d80e7522a	Merge pull request #71911 from Nordix/issue-70113-2 Only handle addresses of the own ip family	2018-12-10 23:02:33 -08:00
Kubernetes Prow Robot	0914272a42	Merge pull request #71035 from Nordix/issue-68437 Fixes NodePort in ipv6 with proxy-mode=ipvs	2018-12-10 08:53:42 -08:00
Lars Ekman	39dc41d411	Updated and new tests for ipv4/ipv6 address mix	2018-12-10 14:16:17 +01:00
Lars Ekman	5065f89a17	Only handle addresses of the own ip family	2018-12-10 12:14:42 +01:00
Kubernetes Prow Robot	a69b565c3e	Merge pull request #71834 from DataDog/lbernail/ipvs-sysctls [kubeproxy/ipvs] New sysctls to improve pod termination	2018-12-09 23:59:16 -08:00
Laurent Bernaille	ec598d1a16	[kube-proxy/ipvs] Gofmt	2018-12-08 23:49:49 +01:00
Laurent Bernaille	0f9d30dd27	[kube-proxy/ipvs] Avoid unbinding multiple times for multiport svc	2018-12-08 23:47:59 +01:00
Laurent Bernaille	b2c169d27c	[kube-proxy/ipvs] Update test for new CleanupLegacyServices function	2018-12-08 21:27:37 +01:00
Laurent Bernaille	e8c7dba25b	[kube-proxy/ipvs] Apply graceful termination logic when unbinding addresses	2018-12-08 21:16:13 +01:00
Laurent Bernaille	81252e2ec1	[kube-proxy/ipvs] Apply graceful termination when deleting a service	2018-12-08 21:15:58 +01:00
Kubernetes Prow Robot	f0bae6e9c5	Merge pull request #71573 from JacobTanenbaum/UDP_conntrack Correctly Clear conntrack entry on endpoint changes when using nodeport	2018-12-07 15:01:43 -08:00
Laurent Bernaille	1570d9f042	[kubeproxy/ipvs] New sysctls to improve pod termination	2018-12-06 19:49:47 +01:00
Jacob Tanenbaum	144280e7a7	Correctly Clear conntrack entrty on endpoint changes when using nodeport When using NodePort to connect to an endpoint using UDP, if the endpoint is deleted on restoration of the endpoint traffic does not flow. This happens because conntrack holds the state of the connection and the proxy does not correctly clear the conntrack entry for the stale endpoint. Introduced a new function to conntrack ClearEntriesForPortNAT that uses the endpointIP and NodePort to remove the stale conntrack entry and allow traffic to resume when the endpoint is restored. Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>	2018-12-03 15:02:48 -05:00
Lars Ekman	c3c7152c55	Corrected condition. Fix for #71596	2018-11-30 18:44:46 +01:00
Laurent Bernaille	b11233a2be	[kube-proxy/ipvs] Generalize handling of InactiveConn to TCP	2018-11-29 13:34:13 +01:00
Laurent Bernaille	ed65f6edeb	[kube-proxy/ipvs] Handle UDP graceful termination The current logic is to delete a RS if the number of active connections is 0. This makes sense for TCP but for UDP the number of active connections is always 0. This is an issue for DNS queries because the RS will be deleted but the IPVS connection will remain until it expires (5mn by default) and if there are a lot of DNS queries, the port will be reused and queries blackholed. Of course for this to work properly the service needs to continue to serve queries until the connections expire (this works fine with the lameduck option of coredns).	2018-11-28 18:02:11 +01:00
Laurent Bernaille	b955634d99	[kube-proxy/ipvs] Fix logic of delete function	2018-11-28 18:02:11 +01:00
Laurent Bernaille	7acb5a67fb	[kube-proxy/ipvs] Display RS complete name in logs Help distinguish UDP and TCP RS (useful for DNS which uses both)	2018-11-28 18:02:11 +01:00
Lars Ekman	2e5a985e47	Updates after review	2018-11-19 11:44:17 +01:00
Lars Ekman	1be71b8a99	Add the extra parameter for non-linux code	2018-11-19 10:02:48 +01:00
liangwei	f39060c604	set net/ipv4/vs/conn_reuse_mode to 0	2018-11-16 15:17:24 +08:00
Lars Ekman	e2409a054b	Fixes NodePort in ipv6 with proxy-mode=ipvs. #68437 Use ipv6 addresses for NodePort with proxy-mode=ipvs in a ipv6-only cluster.	2018-11-14 12:34:06 +01:00
AdamDang	cc4d38c768	Typo fix: healtcheck->healthcheck (#65394 ) Typo fix: healtcheck->healthcheck Typo fix: healtcheck->healthcheck	2018-11-13 19:45:24 -08:00
k8s-ci-robot	d8e78c8ac5	Merge pull request #66149 from honkiko/do-not-take-all-endpoints-into-ipset hairpin ipset could only contain local endpoints	2018-11-12 02:04:09 -08:00
Davanum Srinivas	954996e231	Move from glog to klog - Move from the old github.com/golang/glog to k8s.io/klog - klog as explicit InitFlags() so we add them as necessary - we update the other repositories that we vendor that made a similar change from glog to klog * github.com/kubernetes/repo-infra * k8s.io/gengo/ * k8s.io/kube-openapi/ * github.com/google/cadvisor - Entirely remove all references to glog - Fix some tests by explicit InitFlags in their init() methods Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135	2018-11-10 07:50:31 -05:00
k8s-ci-robot	7984a2bf60	Merge pull request #70564 from KevinWang15/master Fix typos	2018-11-05 19:04:45 -08:00
k8s-ci-robot	79e3d6c0f8	Merge pull request #70542 from wpalmeri/patch-2 fix typo in comment	2018-11-05 11:42:07 -08:00
Ke Wang	946c701b05	Fix Typo: mataData -> metaData; masquared -> masquerade	2018-11-05 21:19:25 +08:00
Weibin Lin	4b90559369	use 'nf_conntrack' instead of 'nf_conntrack_ipv4' for linux kernel >= 4.19	2018-11-05 10:33:31 +08:00
Timo Derstappen	90d2c5ca5a	flush iptable chains first and then remove them while cleaning up ipvs mode. flushing iptable chains first and then remove the chains. this avoids trying to remove chains that are still referenced by rules in other chains. fixes #70615	2018-11-03 11:36:14 +01:00
Will Palmeri	80f96e9abb	fix typo	2018-11-01 10:07:15 -07:00
kvaps	489e95bc30	Set arp_ignore and arp_announce flags	2018-11-01 10:38:42 +01:00
k8s-ci-robot	0be22d8ace	Merge pull request #70230 from qingsenLi/git181025 fix golint for /pkg/util/ipconfig and /pkg/util/resourcecontainer	2018-10-31 11:50:23 -07:00
Weibin Lin	95d379021b	add module 'nf_conntrack' in ipvs prerequisite check	2018-10-27 16:40:38 +08:00
qingsenLi	ca74d32e4c	fix golint for /pkg/util/ipconfig and /pkg/util/resourcecontainer-2	2018-10-26 23:58:30 +08:00
k8s-ci-robot	3b5d2e865e	Merge pull request #68436 from Nordix/issue-67799 Create ipsets with family inet6 in an ipv6-only cluster	2018-10-24 02:16:11 -07:00
Pengfei Ni	4b7a502c07	Fix service targetPort with string for Windows	2018-10-22 15:17:27 +08:00
xujieasd	4eab9406fa	add UT code for cleanLegacyBindAddr gofmt modify change api to v1	2018-10-17 11:04:26 +08:00
Weibin Lin	73e3d8a081	Improve the ipvs error message	2018-10-10 16:16:58 +08:00
Christoph Blecker	97b2992dc1	Update gofmt for go1.11	2018-10-05 12:59:38 -07:00
k8s-ci-robot	2f349d58df	Merge pull request #68897 from ksubrmnn/mac_address Load Balancing is not distributing connections to different endpoints	2018-10-04 19:34:45 -07:00
k8s-ci-robot	8a3888dcfa	Merge pull request #69407 from madhanrm/approvers Updated approvers for winkernel proxy	2018-10-04 15:59:39 -07:00
Madhan Raj Mookkandy	77a9884f4a	Updated approvers for winkernel	2018-10-04 10:05:59 -07:00
delulu	524de768bb	fix inconsistency in updating hns policy	2018-10-03 22:00:03 +08:00
k8s-ci-robot	941fc26418	Merge pull request #67888 from tanshanshan/glogformat remove unused format log print	2018-10-01 22:20:28 -07:00

... 9 10 11 12 13 ...

1965 Commits