github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
57,264 Commits 1 Branch 31 Tags 1,019 MiB
c8a12b8045
Commit Graph

177 Commits

Author SHA1 Message Date
Kubernetes Submit Queue
20dd848e7c Merge pull request #44204 from FengyunPan/optimize-code 
Automatic merge from submit-queue

Optimize getProxyMode() to get proxy mode

1. getProxyMode() does not need nodeGetter args after remove
   proxy-mode annotation.
2. we should get error when the version of iptables less than
   MinVersion.
 2017-04-21 18:11:07 -07:00
Wojciech Tyczynski
7a647f9d1a Event-based iptables proxy for services 2017-04-18 13:30:59 +02:00
FengyunPan
b95b95dc00 Optimize getProxyMode() to get proxy mode 
The getProxyMode() does not need nodeGetter args after remove
proxy-mode annotation.
 2017-04-13 09:44:30 +08:00
Wojciech Tyczynski
af710835fa Remove deprecated code from proxy/config 2017-04-12 11:17:49 +02:00
Wojciech Tyczynski
c3e9467b63 Edge-based winuserspace proxy 2017-04-12 11:10:34 +02:00
Wojciech Tyczynski
b1475565e6 Edge-based iptables proxy 2017-04-10 13:12:45 +02:00
Wojciech Tyczynski
c5cbdbe3d2 Edge-based userspace proxy 2017-04-10 11:59:21 +02:00
Wojciech Tyczynski
f7c06ad23c Support endpoints event handlers in kube-proxy 2017-04-10 11:59:21 +02:00
Andy Goldstein
d2bc4d0b2e Use shared informers for proxy endpoints and service configs 
Use shared informers instead of creating local controllers/reflectors
for the proxy's endpoints and service configs. This allows downstream
integrators to pass in preexisting shared informers to save on memory &
cpu usage.

This also enables the cache mutation detector for kube-proxy for those
presubmit jobs that already turn it on.
 2017-04-04 12:51:41 -04:00
Tim Hockin
adf30aa2e1 kube-proxy: OnServiceUpdate takes pointers 
This signature is more consistent with OnEndpointsUpdate and removes a
copy loop.  This is part on ongoing cleanup to rate-limit iptables
calls.
 2017-04-03 17:19:39 -07:00
Wojciech Tyczynski
7ce368ccd2 Simplify proxy config for Services by removing Mux. 2017-03-26 11:07:36 +02:00
Wojciech Tyczynski
596527dafa Simplify proxy config for Endpoints by removing Mux. 2017-03-26 11:07:36 +02:00
Kubernetes Submit Queue
0796d5c0d8 Merge pull request #29465 from DirectXMan12/feature/extensible-proxysocket 
Automatic merge from submit-queue

Extensible Userspace Proxy

This PR refactors the userspace proxy to allow for custom proxy socket implementations.
It changes the the ProxySocket interface to ensure that other packages can properly implement it (making sure all arguments are publicly exposed types, etc), and adds in a mechanism for an implementation to create an instance of the userspace proxy with a non-standard ProxySocket.
Custom ProxySockets are useful to inject additional logic into the actual proxying.  For example, our idling proxier uses a custom proxy socket to hold connections and notify the cluster that idled scalable resources need to be woken up.

Also-Authored-By: Ben Bennett bbennett@redhat.com
 2017-03-01 09:17:29 -08:00
Kubernetes Submit Queue
ef852f9301 Merge pull request #41487 from anhowe/anhowe-windowsproxy 
Automatic merge from submit-queue (batch tested with PRs 42200, 39535, 41708, 41487, 41335)

Update kube-proxy support for Windows

**What this PR does / why we need it**:

The kube-proxy is built upon the sophisticated iptables NAT rules.  Windows does not have an equivalent capability.  This introduces a change to the architecture of the user space mode of the Windows version of kube-proxy to match the capabilities of Windows.

The proxy is organized around service ports and portals.  For each service a service port is created and then a portal, or iptables NAT rule, is opened for each service ip, external ip, node port, and ingress ip.  This PR merges the service port and portal into a single concept of a "ServicePortPortal" where there is one connection opened for each of service IP, external ip, node port, and ingress IP.

This PR only affects the Windows kube-proxy.  It is important for the Windows kube-proxy because it removes the limited portproxy rule and RRAS service and enables full tcp/udp capability to services.

**Special notes for your reviewer**:

**Release note**:

```
Add tcp/udp userspace proxy support for Windows.
```
 2017-02-28 20:16:10 -08:00
Benjamin Bennett
5447db3048 Userspace proxy should remove conntrack entries 
This changes the userspace proxy so that it cleans up its conntrack
settings when a service is removed (as the iptables proxy already
does).  This could theoretically cause problems when a UDP service
as deleted and recreated quickly (with the same IP address).  As
long as packets from the same UDP source IP and port were going to
the same destination IP and port, the the conntrack would apply and
the packets would be sent to the old destination.

This is astronomically unlikely if you did not specify the IP address
to use in the service, and even then, only happens with an "established"
UDP connection.  However, in cases where a service could be "switched"
between using the iptables proxy and the userspace proxy, this case
becomes much more frequent.
 2017-02-27 18:41:47 -05:00
Piotr Szczesniak
179cef3ca3 Export Prometheus metrics in kube-proxy 2017-02-25 16:48:43 +01:00
Anthony Howe
48647fb9b5 add tcp or udp proxy for service addresses 2017-02-22 19:42:33 -08:00
Klaus Ma
f6aa8bbb8f Updated NodeRef to clientv1.ObjectReference. 2017-02-07 06:27:06 +08:00
deads2k
8a12000402 move client/record 2017-01-31 19:14:13 -05:00
Christoph Blecker
a9dfd254c7
Remove proxy-mode annotation from kube-proxy 
This removes the net.experimental.kubernetes.io/proxy-mode and net.beta.kubernetes.io/proxy-mode annotations from kube-proxy.
 2017-01-28 09:12:28 -08:00
deads2k
335ef747d6 mechanical 2017-01-23 10:03:55 -05:00
deads2k
cdb2934bbc remove kubernetes copy of clientcmd types 2017-01-19 07:39:19 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Kubernetes Submit Queue
64c21133f0 Merge pull request #39142 from k82cn/k8s_39136 
Automatic merge from submit-queue (batch tested with PRs 39152, 39142, 39055)

Update NodeRef to v1.ObjectReference.

fixes #39136
 2016-12-27 17:10:13 -08:00
Klaus Ma
b0dfa4ad47 Add event when failed to open local port. 2016-12-23 04:51:12 +08:00
Klaus Ma
e901800687 Update NodeRef to v1.ObjectReference. 2016-12-22 16:28:20 +08:00
Wojciech Tyczynski
e8d1cba875 GetOptions in client calls 2016-12-09 09:42:01 +01:00
caiyixiang
da46d1cf51 correct a few spelling mistakes 2016-12-01 16:34:25 +08:00
Chao Xu
643f0bbd34 other cmd/ 2016-11-23 15:53:09 -08:00
Paulo Pires
23c35f24c7
Added automatic seletion of userspace proxy mode depending on the OS kube-proxy is running. 2016-11-07 09:11:35 +00:00
Timothy St. Clair
2b012e822a Add minimum iptables sync period to the proxy, default is 2/sec 2016-11-04 00:38:35 -05:00
Bowei Du
a06fc6ab7a Adds TCPCloseWaitTimeout option to kube-proxy for sysctl nf_conntrack_tcp_timeout_time_wait 
Fixes issue-32551
 2016-11-03 22:07:02 -07:00
Chao Xu
850729bfaf include multiple versions in clientset 
update client-gen to use the term "internalversion" rather than "unversioned";
leave internal one unqualified;
cleanup client-gen
 2016-10-29 13:30:47 -07:00
Jan Chaloupka
4fde09d308 Replace client with clientset in code 2016-10-23 22:00:35 +02:00
Tim Hockin
957c85a8fd Add a lower-bound for conntrack 2016-09-26 20:25:40 -07:00
Kubernetes Submit Queue
a61a1f51f3 Merge pull request #29732 from ping035627/ping035627-patch-0728 
Automatic merge from submit-queue

Optimise the getConntrackMax function

The PR optimise the getConntrackMax function, make it more concise.
 2016-09-26 19:56:00 -07:00
PingWang
3bce910d0f delete null value 
Signed-off-by: PingWang <wang.ping5@zte.com.cn>
 2016-09-07 08:27:17 +08:00
Angus Salkeld
f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
Kubernetes Submit Queue
6fcbbe8663 Merge pull request #31404 from m1093782566/m109-proxy-log-level 
Automatic merge from submit-queue

[kube-proxy] Modify log level from Info to Warning when proxyMode unknown

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. If this is your first time, read our contributor guidelines https://github.com/kubernetes/kubernetes/blob/master/CONTRIBUTING.md and developer guide https://github.com/kubernetes/kubernetes/blob/master/docs/devel/development.md
2. If you want *faster* PR reviews, read how: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md
3. Follow the instructions for writing a release note: https://github.com/kubernetes/kubernetes/blob/master/docs/devel/pull-requests.md#release-notes
-->

**What this PR does / why we need it**:

Currently, we use `glog.Infof` to print the log when proxy-mode is unknown, I think we may need to modify to `glog.Warningf`.

**Which issue this PR fixes**: 

fixes #31405
 2016-08-28 16:14:53 -07:00
m1093782566
23aadeadb8 modify log Info to Warning when proxyMode unknown 
Change-Id: I39f143d07fb43261afb0d6cbd67bff054796ebcc
 2016-08-25 10:20:22 +08:00
Justin Santa Barbara
2c103af2b6 Create testable implementation of sysctl 
This is so we can test kubenet Init, which calls sysctl
 2016-08-23 01:42:37 -04:00
Minhan Xia
1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith
2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia
643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
PingWang
ee567e1ea0 optimise the getConntrackMax function 
Signed-off-by: PingWang <wang.ping5@zte.com.cn>
 2016-08-15 09:42:09 +08:00
Girish Kalele
5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Harry Zhang
15d0f5cfd5 Move linedelimiter to it's own pkg 
Refactoring resource container
 2016-07-29 02:29:26 -04:00
Tim Hockin
1f37281dae Scale kube-proxy conntrack limits by cores 
For large machines we want more conntrack entries than smaller machines.
 2016-07-15 16:36:40 -07:00
Random-Liu
4246853211 Prevent kube-proxy from panicing when sysfs is mounted as read-only. 
Send a node event when this happens and hint to the administrator
about the remediation.
 2016-07-10 22:32:51 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Clayton Coleman
fdb110c859
Fix the rest of the code 2016-04-29 17:12:10 -04:00
Wojciech Tyczynski
d6896fa45a Allow setting content-type in binaries 2016-04-21 14:12:13 +02:00
CJ Cullen
760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
goltermann
34d4eaea08 Fixing several (but not all) go vet errors. Most are around string formatting, or unreachable code. 2016-03-22 17:26:50 -07:00
Mike Danese
5ec02bd021 add http handler to export configuration state 2016-02-24 14:12:28 -08:00
k8s-merge-robot
b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre
9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
Jan Chaloupka
4389b3f0d6 Rewritte util.* -> wait.* wherever reasonable 2016-02-07 12:02:20 +01:00
k8s-merge-robot
c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
Tim Hockin
41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Tim Hockin
11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin
7ed83ad4f9 Make kube-proxy default to iptables (regression) 
This was accidentally introduced as part of the component config changes.
 2016-02-02 12:45:11 -08:00
Mike Danese
309eac5f7f update proxy server 2016-01-28 15:46:40 -08:00
Clayton Coleman
715b77cbcd Split proxy and scheduler arguments 
Keep options and flags distinct from initialization
 2016-01-06 21:34:31 -05:00
Tim Hockin
da0ac31182 Set conntrack params in kube-proxy 
Add flags to control max connections (set to 256k vs 64k default) and TCP
established timeout (set to 1 day vs 5 day default).  Flags can be set to 0 to
mean "don't change it".

This is only set at startup, and not wrapped in a rectifier loop.

Tested manually.
 2015-12-30 15:46:40 -08:00
Avesh Agarwal
3d5207fd73 This commit adds type information to events. 
This addresses issue #15624.
 2015-11-24 09:59:54 -05:00
Mike Danese
65b8d43543 remove code that puts kube-proxy into a special cgroup since it runs in a container now 2015-11-23 10:20:58 -08:00
Tim Hockin
970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot
ec9b493647 Merge pull request #14639 from gmarek/hollow-proxy 
Auto commit by PR queue bot
 2015-10-27 18:22:38 -07:00
gmarek
5a4e4d4d57 Add a HollowProxy to the HollowNode. 2015-10-27 18:23:29 +01:00
feisky
13dce74adb Gendocs for docs/admin/kube-* 2015-10-25 19:24:23 +08:00
Steve Sloka
4302208aa9 globally search/replace 'KubeApiQps' to 'KubeAPIQPS' and 'KubeApiBurst' to 'KubeAPIBurst' to match GO rules 2015-10-23 08:24:19 -04:00
Abhishek Shah
d172ca6986 Added UdpIdleTimeout flag 2015-10-21 17:25:35 -07:00
k8s-merge-robot
6dc3dcf36a Merge pull request #15414 from thockin/exp-beta-annotations 
Auto commit by PR queue bot
 2015-10-20 17:45:32 -07:00
Clayton Coleman
9440d17041 Proxy resync period should not be 30 seconds 2015-10-15 11:26:49 -04:00
Tim Hockin
4a2e64d3eb Add beta annotation for kube-proxy 2015-10-14 15:31:37 -07:00
Dawn Chen
69a8dc64c7 Merge pull request #15247 from spiffxp/kube-api-limits 
Expose kube-api burst/qps settings for kube components
 2015-10-12 15:19:46 -07:00
Aaron Crickenberger
69351e3e88 Expose kube-api burst/qps settings for kube components 
Default to hardcodes for components that had them, and 5.0 qps, 10 burst
for those that relied on client defaults

Unclear if maybe it'd be better to just assume these are set as part of
the incoming kubeconfig.  For now just exposing them as flags since it's
easier for me to manually tweak.
 2015-10-12 11:56:15 -04:00
Avesh Agarwal
8fb96afff4 This removes unused params passed to proxy server. 2015-10-06 18:21:16 -04:00
k8s-merge-robot
bd58984844 Merge pull request #14736 from aveshagarwal/master-proxy-crash 
Auto commit by PR queue bot
 2015-10-02 18:37:38 -07:00
k8s-merge-robot
698441cad3 Merge pull request #14655 from aveshagarwal/master-proxy-issue 
Auto commit by PR queue bot
 2015-09-30 22:51:20 -07:00
Avesh Agarwal
af90318222 Fixes crash when proxy is run with --cleanup-iptables=true. 2015-09-30 23:13:13 -04:00
Avesh Agarwal
310d4f48e6 Fixes erroneous declaration of oomAdjuster. 
Fixes duplication of execer, dbus, iptInterface.
Fixes default assignment of SyncPeriod.
 2015-09-29 23:00:14 -04:00
k8s-merge-robot
b661cfd21e Merge pull request #14643 from liguangbo/change_Oom_to_OOM 
Auto commit by PR queue bot
 2015-09-29 18:54:22 -07:00
Avesh Agarwal
7c1ff97e39 execer is already created earliler, and so there is no need to create it 
again.
 2015-09-28 09:56:57 -04:00
liguangbo
12299087da Change Oom to OOM 2015-09-28 18:18:04 +08:00
Tim Hockin
026054f73e Set iptables refresh to 30s 2015-09-25 14:02:24 -07:00
gmarek
1c25c2cd99 Refactor KubeProxy to allow mocking of all moving parts. 2015-09-23 18:47:05 +02:00
Tim Hockin
bd3cd82a12 Change kube-proxy flag: annotation for proxy-mode 
This changes the --legacy-userspace-proxy flag to be a string flag
--proxy-mode.  If specified, the flag will be respected ('userspace' and
'iptables' being valid values).  If left blank (default) we will choose the
"best".  best means userspace for now UNLESS the user adds an annotation
(net.experimental.kubernetes.io/proxy-mode) to their node, in which case we
will try to use that.

This allows people to try it on a single machine without fear of global failure
and without it getting rolled back on reboots.  It is a poor-man's config blob.
 2015-09-21 18:06:24 -07:00
Dan Winship
30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship
8bc9c40796 Watch for firewalld restart, to allow reloading iptables rules 2015-09-15 11:17:40 -04:00
Daniel Smith
b225c1d47a Run gofmt (separate commit for easy rebases) 2015-09-10 17:17:59 -07:00
Daniel Smith
15b30b8b09 Move version agnostic parts of client 
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
 2015-09-10 17:17:59 -07:00
k8s-merge-robot
3879bee562 Merge pull request #13670 from aveshagarwal/proxy-fixes 
Auto commit by PR queue bot
 2015-09-09 09:55:52 -07:00
k8s-merge-robot
5a01a760b2 Merge pull request #13669 from aveshagarwal/proxy-birthcry-fix 
Auto commit by PR queue bot
 2015-09-08 17:33:05 -07:00
Avesh Agarwal
f94c57ac30 If ForceUserspaceProxy is true, check for iptables based proxy 
should not be performed.
 2015-09-08 19:54:07 -04:00
Paul Morie
7f5e70022b Fix typo in kube-proxy server.go 2015-09-08 14:03:45 -04:00
Avesh Agarwal
599100dc64 Fixed kube-proxy birthCry event as it seemed to start too early and 
had a possibility to not start successfully after the event was already
posted.
 2015-09-08 09:33:42 -04:00
caogaojin
60cb4406e9 Cleanup deprecated Forever function 
Since util.Forever function has been deprecated, we should cleanup these
pieces of code.
 2015-08-24 10:31:59 +08:00
BenTheElder
81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00