github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
99,343 Commits 1 Branch 31 Tags 1,019 MiB
d0882e69e2
Commit Graph

1461 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
b014610de3
Merge pull request #99958 from sbangari/winkubeproxylbservicefix 
For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP
 2021-03-10 00:35:35 -08:00
Rob Scott
f07be06a19
Adding support for TopologyAwareHints to kube-proxy 2021-03-08 15:37:47 -08:00
Fangyuan Li
0621e90d31 Rename fields and methods for BaseServiceInfo 
Fields:
1. rename onlyNodeLocalEndpoints to nodeLocalExternal;
2. rename onlyNodeLocalEndpointsForInternal to nodeLocalInternal;
Methods:
1. rename OnlyNodeLocalEndpoints to NodeLocalExternal;
2. rename OnlyNodeLocalEndpointsForInternal to NodeLocalInternal;
 2021-03-07 16:52:59 -08:00
Fangyuan Li
7ed2f1d94d Implements Service Internal Traffic Policy 
1. Add API definitions;
2. Add feature gate and drops the field when feature gate is not on;
3. Set default values for the field;
4. Add API Validation
5. add kube-proxy iptables and ipvs implementations
6. add tests
 2021-03-07 16:52:59 -08:00
Swetha Repakula
108fd44f7c Graduate EndpointSlice feature gate to GA 2021-03-06 15:58:47 -08:00
Kubernetes Prow Robot
269d62d895
Merge pull request #97837 from JornShen/proxier_userspace_structured_logging 
migrate proxy/userspace/proxier.go logs to structured logging
 2021-03-05 13:25:42 -08:00
Kubernetes Prow Robot
70d732c7e7
Merge pull request #99653 from aojea/kproxymetrics 
new kube-proxy iptables metric to expose then number of iptables rules
 2021-03-05 10:00:34 -08:00
Antonio Ojea
654be57022 kube-proxy iptables expose number of rules metrics 
add a new metric to kube-proxy iptables, so it exposes the number
of rules programmed in each iteration.
 2021-03-05 10:00:38 +01:00
Swetha Repakula
6f5329d4c0 Remove EndpointSliceNodeName feature gate logic 
- feature gate has graduated to GA and will always be enabled, so no
 longer need to check if enabled
 2021-03-04 09:57:15 -08:00
Kubernetes Prow Robot
7c9841d586
Merge pull request #98985 from timyinshi/proxy 
delete the extra word
 2021-03-03 01:53:32 -08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Kubernetes Prow Robot
4ef5d1402d
Merge pull request #99102 from justinsb/avoid_multiple_calls_to_done 
proxy/config tests: avoid multiple calls to done
 2021-02-18 20:28:24 -08:00
Kubernetes Prow Robot
6dc317a107
Merge pull request #98130 from JornShen/optimze_redundant_listenPortOpener 
migrate to use k8s.io/util/net/port in kube-proxy
 2021-02-18 10:02:51 -08:00
Justin SB
6ac76e184e proxy/config tests: avoid multiple calls to done 
If the callback is called multiple times the wait group will be
over-decremented.
 2021-02-15 15:23:21 -05:00
jornshen
dbe89a5683 migrate kube canary chain as const 2021-02-15 16:50:48 +08:00
jornshen
00e26e9785 clear pkg/proxy/port.go port_test.go file 2021-02-15 16:36:09 +08:00
jornshen
d8d6a0223b clear no use LocalPort in winkernel 2021-02-15 16:36:08 +08:00
jornshen
97a5a3d4d5 migrate to use k8s.io/util LocalPort and ListenPortOpener in ipvs.proxier 2021-02-15 16:36:08 +08:00
jornshen
e68e105102 migrate to use k8s.io/util LocalPort and ListenPortOpener in iptables.proxier 2021-02-15 16:36:06 +08:00
timyinshi
5242af9d2d
delete the extra word 
Signed-off-by: timyinshi <shiguangyin@inspur.com>
 2021-02-11 16:35:48 +08:00
Kubernetes Prow Robot
659b4dc4a8
Merge pull request #98305 from aojea/holdports 
kube-proxy has to clear NodePort stale UDP entries
 2021-02-10 23:36:16 -08:00
Antonio Ojea
ed21a0e16c kube-proxy: clear conntrack entries after rules are in place 
Clear conntrack entries for UDP NodePorts,
this has to be done AFTER the iptables rules are programmed.
It can happen that traffic to the NodePort hits the host before
the iptables rules are programmed this will create an stale entry
in conntrack that will blackhole the traffic, so we need to
clear it ONLY when the service has endpoints.
 2021-02-10 16:22:03 +01:00
Kubernetes Prow Robot
6b9379eae4
Merge pull request #98001 from JornShen/proxier_winkernel_structured_logging 
migrate proxy/winkernel/proxier.go logs to structured logging
 2021-02-09 23:47:12 -08:00
Kubernetes Prow Robot
c1b3797f4b
Merge pull request #97824 from hanlins/fix/97225/hc-rules 
Explicitly add iptables rule to allow healthcheck nodeport
 2021-02-04 15:54:52 -08:00
Hanlin Shi
4cd1eacbc1 Add rule to allow healthcheck nodeport traffic in filter table 
1. For iptables mode, add KUBE-NODEPORTS chain in filter table. Add
   rules to allow healthcheck node port traffic.
2. For ipvs mode, add KUBE-NODE-PORT chain in filter table. Add
   KUBE-HEALTH-CHECK-NODE-PORT ipset to allow traffic to healthcheck
   node port.
 2021-02-03 15:20:10 +00:00
Sravanth Bangari
04eced5c67 For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP 2021-01-31 11:56:30 -08:00
jornshen
e3d068870d migrate proxy/userspace/proxier.go logs to structured logging 2021-01-30 10:21:51 +08:00
Kubernetes Prow Robot
e89e7b4ed1
Merge pull request #98083 from JornShen/optimize_proxier_duplicate_localaddrset 
optimize proxier duplicate localaddrset
 2021-01-29 01:21:40 -08:00
jornshen
3f506cadb0 optimize proxier duplicate localaddrset 2021-01-29 10:52:01 +08:00
Kubernetes Prow Robot
97076f6647
Merge pull request #98297 from JornShen/replace_ipvs_proxier_protocal_str 
use exist const to replace ipvs/proxier.go tcp,udp,sctp str
 2021-01-28 14:41:52 -08:00
Jordan Liggitt
ce553e1b68 Resolve IP addresses of host-only in filtered dialer 2021-01-26 12:00:53 -05:00
Kubernetes Prow Robot
b557633c3f
Merge pull request #98249 from JornShen/optimize_writeline_writeBytesLine 
Optimize writeline and writeBytesLine in proxier.go
 2021-01-22 23:45:39 -08:00
jornshen
249996e62f use exist const to replace ipvs/proxier.go tcp,udp,sctp 2021-01-22 14:52:00 +08:00
jornshen
761473cd44 add ut for utils WriteLine WriteBytesLine 2021-01-21 10:51:54 +08:00
jornshen
3783821553 move the redundant writeline writeBytesLine to proxy/util/util.go 2021-01-21 10:51:39 +08:00
Kubernetes Prow Robot
0c91285ea6
Merge pull request #97941 from JornShen/proxier_winuserspace_structured_logging 
migrate proxy/winuserspace/proxier.go logs to structured logging
 2021-01-20 17:51:00 -08:00
jornshen
f3b9e8b105 migrate proxy/winkernel/proxier.go logs to structured logging 2021-01-18 09:35:51 +08:00
Kubernetes Prow Robot
857c06eb49
Merge pull request #98043 from JornShen/migrate_string_overlay_as_const 
migrate winkernel network type string "overlay" as const
 2021-01-14 20:43:51 -08:00
jornshen
dff2da8cbc migrate winkernel network type string overlay as const 2021-01-14 16:38:02 +08:00
Kubernetes Prow Robot
5c7ee30eaa
Merge pull request #94902 from cmluciano/cml/proxyvaltesting 
proxy: Restructure config validation tests to check errors
 2021-01-13 10:18:36 -08:00
Kubernetes Prow Robot
eb08f36c7d
Merge pull request #96371 from andrewsykim/kube-proxy-terminating 
kube-proxy: track serving/terminating conditions in endpoints cache
 2021-01-11 18:38:25 -08:00
jornshen
a5a5fef039 migrate proxy/winuserspace/proxier.go logs to structured logging 2021-01-12 10:31:31 +08:00
Kubernetes Prow Robot
5e22f7fead
Merge pull request #92938 from DataDog/lbernail/CVE-2020-8558 
Do not set sysctlRouteLocalnet (CVE-2020-8558)
 2021-01-11 17:38:24 -08:00
Andrew Sy Kim
a11abb5475 kube-proxy: ipvs proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
9c096292cc kube-proxy: iptables proxy should ignore endpoints with condition ready=false 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:27:38 -05:00
Andrew Sy Kim
1acdfb4e7c kube-proxyy: update winkernel proxier to read 'ready', 'serving' and 'terminating' conditions 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
a7333e1a3e kube-proxy: add endpointslice cache unit tests for terminating endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
e5f9b80023 kube-proxy: health check server should only check ready endpoints 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Andrew Sy Kim
55cb453a3c kube-proxy: update internal endpoints map with 'serving' and 'terminating' condition from EndpointSlice 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-01-11 16:17:58 -05:00
Laurent Bernaille
15439148da
Do not set sysctlRouteLocalnet (CVE-2020-8558) 
Signed-off-by: Laurent Bernaille <laurent.bernaille@datadoghq.com>
 2021-01-11 11:41:32 +01:00