github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
84,544 Commits 1 Branch 31 Tags
d410bd28c371fbb8c9b07feb8c4bc1fef018173f
Commit Graph

622 Commits

Author SHA1 Message Date
Bob Killen
2e52875917 Prune inactive owners from pkg/kubelet/* network related OWNERS files. 2019-10-13 08:51:00 -04:00
SataQiu
77f42c8108 eliminate direct references to prometheus 2019-10-04 21:33:34 +08:00
Angela Li
4301bbff08 Use ipv4 in wincat port forward 2019-09-23 17:10:01 -07:00
Kubernetes Prow Robot
53b3c8968e Merge pull request #82164 from yuxiaobo96/k8s-fix2 
delete extra comma
 2019-09-19 21:22:59 -07:00
Kubernetes Prow Robot
605687dec7 Merge pull request #71653 from liucimin/update_kubelet_cni_lib 
No timeout when Kubelet Calling cni plugin
 2019-09-19 18:00:59 -07:00
liucimin
ddb1c6a127 fix cni timeout 2019-09-19 22:56:03 +08:00
Kubernetes Prow Robot
4097a99fd7 Merge pull request #82800 from Random-Liu/fix-routes 
Only set ipv4/ipv6 routes when there is corresponding CIDR.
 2019-09-18 19:14:59 -07:00
Kubernetes Prow Robot
cfa3e2c499 Merge pull request #82508 from aanm/fix-get-pod-ip-panic 
dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode
 2019-09-17 19:43:32 -07:00
Lantao Liu
032c97daee Only set ipv4/ipv6 routes when there is corresponding CIDR. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-17 11:05:17 -07:00
Dan Winship
3948f16ff4 Add iptables.Monitor, use it from kubelet and kube-proxy 
Kubelet and kube-proxy both had loops to ensure that their iptables
rules didn't get deleted, by repeatedly recreating them. But on
systems with lots of iptables rules (ie, thousands of services), this
can be very slow (and thus might end up holding the iptables lock for
several seconds, blocking other operations, etc).

The specific threat that they need to worry about is
firewall-management commands that flush *all* dynamic iptables rules.
So add a new iptables.Monitor() function that handles this by creating
iptables-flush canaries and only triggering a full rule reload after
noticing that someone has deleted those chains.
 2019-09-17 10:19:26 -04:00
Dan Winship
b6c3d5416a Drop iptables firewalld monitoring support 
The firewalld monitoring code was not well tested (and not easily
testable), would never be triggered on most platforms, and was only
being taken advantage of from one place (kube-proxy), which didn't
need it anyway since it already has its own resync loop.

Since the firewalld monitoring was the only consumer of pkg/util/dbus,
we can also now delete that.
 2019-09-15 15:35:40 -04:00
Davanum Srinivas
1b79c1f6b3 Add 16MB limit to dockershim ExecSync 
Change-Id: Ia86cfdb9bdaf994d30216621f78aebc6c555cf4a
 2019-09-11 09:52:28 -04:00
André Martins
a5365d5be1 dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode 
```
 k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni.(*cniNetworkPlugin).GetPodNetworkStatus(0xc000a04370, 0xc000b89a62, 0xb, 0xc000b89a49, 0x18, 0x42edffb, 0x6, 0xc000cfa340, 0x40, 0xc000ced7d0, ...)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni/cni_others.go:78 +0x420
 k8s.io/kubernetes/pkg/kubelet/dockershim/network.(*PluginManager).GetPodNetworkStatus(0xc000a51880, 0xc000b89a62, 0xb, 0xc000b89a49, 0x18, 0x42edffb, 0x6, 0xc000cfa340, 0x40, 0x0, ...)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/network/plugins.go:391 +0x1f9
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).getIPsFromPlugin(0xc00029b600, 0xc000c25cb0, 0x40, 0x78c0000, 0x7982100, 0x0, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:335 +0x1c3
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).getIPs(0xc00029b600, 0xc000b66cc0, 0x40, 0xc000c25cb0, 0x30bd171a, 0xed508364b, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:373 +0xe3
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).PodSandboxStatus(0xc00029b600, 0x4ad8b20, 0xc000c25c80, 0xc000cde1c0, 0xc00029b600, 0xc000c25c80, 0xc0005f5bd0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:439 +0x133
 k8s.io/kubernetes/vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2._RuntimeService_PodSandboxStatus_Handler(0x42c4e00, 0xc00029b600, 0x4ad8b20, 0xc000c25c80, 0xc000c126c0, 0x0, 0x4ad8b20, 0xc000c25c80, 0xc000cb2d20, 0x42)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.pb.go:7663 +0x23e
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00, 0xc000a61b00, 0x78c97c0, 0x0, 0x0, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:995 +0x466
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).handleStream(0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:1275 +0xda6
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000a8e9c0, 0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:710 +0x9f
 created by k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:708 +0xa1
```

Fixes: dba434c4ba ("kubenet for ipv6 dualstack")
Signed-off-by: André Martins <aanm90@gmail.com>
 2019-09-10 21:06:19 +02:00
Bruce Ma
f9169d29cb skip recording inputs & outputs in fake script plugin when CNI_COMMAND=VERSION 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-09-04 22:50:13 +08:00
Mike Spreitzer
d86d1defa1 Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible 
Work around Linux kernel bug that sometimes causes multiple flows to
get mapped to the same IP:PORT and consequently some suffer packet
drops.

Also made the same update in kubelet.

Also added cross-pointers between the two bodies of code, in comments.

Some day we should eliminate the duplicate code.  But today is not
that day.
 2019-09-01 22:07:30 -04:00
yuxiaobo
065343933d delete extra comma 2019-08-30 16:03:33 +08:00
Han Kang
3a50917795 migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework 2019-08-28 11:16:38 -07:00
Kubernetes Prow Robot
879418a714 Merge pull request #81828 from mars1024/bugfix/delete_lo_network 
delete lo network when TearDownPod to avoid CNI cache leak
 2019-08-28 03:09:11 -07:00
Bruce Ma
ec342ec98f delete lo network when TearDownPod to avoid CNI cache leak 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-08-27 19:26:23 +08:00
Jean Rouge
4d4edcb27b Make container removal fail if platform-specific containers fail 
https://github.com/kubernetes/kubernetes/pull/74737 introduced a new in-memory
map for the dockershim, that could potentially (in pathological cases) cause
memory leaks - for containers that use GMSA cred specs, get created
successfully, but then never get started nor removed.

This patch addresses this issue by making container removal fail altogether
when platform-specific clean ups fail: this allows clean ups to be retried
later, when the kubelet attempts to remove the container again.

Resolves issue https://github.com/kubernetes/kubernetes/issues/74843.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-08-22 18:03:48 -07:00
Kubernetes Prow Robot
a3488b4cee Merge pull request #81206 from tallclair/staticcheck-kubelet-push 
Cleanup Kubelet static analysis issues
 2019-08-22 15:09:43 -07:00
Kubernetes Prow Robot
37651f1cef Merge pull request #80368 from danwinship/iptables-checks 
iptables feature detection improvements
 2019-08-22 13:31:20 -07:00
Tim Allclair
a2c51674cf Cleanup more static check issues (S1*,ST*) 2019-08-21 10:40:21 -07:00
Tim Allclair
8a495cb5e4 Clean up error messages (ST1005) 2019-08-21 10:40:21 -07:00
Tim Allclair
e06912ca3e Clean up deprecated references 2019-08-21 10:40:21 -07:00
Tim Allclair
6510d26b6a Fix misc static check issues 2019-08-21 10:40:21 -07:00
Tim Allclair
3f510c69f6 Remove dead code from pkg/kubelet/... 2019-08-21 10:40:21 -07:00
Kubernetes Prow Robot
29c87cbfff Merge pull request #80482 from mars1024/bugfix/cni_validation 
add CNI config validation to getDefaultCNINetwork
 2019-08-19 10:11:31 -07:00
Bruce Ma
9903cb3ad3 add validation for CNI config before loading and fix some typo 
1. add validation for CNI config before loading
2. make some CNI capabilities constants
3. add Capabilities field to cniNetwork struct

Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-08-09 21:22:23 +08:00
Kubernetes Prow Robot
7f1ae0e32d Merge pull request #80105 from ASankaran/dockershim-linux 
Add ImageFSInfo, ContainerStats, and ListContainerStats impl for linux to dockershim
 2019-08-06 18:14:51 -07:00
Jianfei Bai
5726b22fbc Move docker specific const to dockershim. 2019-08-05 10:28:08 +08:00
Dan Winship
81cd27a51e iptables: simplify version handling 2019-08-01 12:05:31 -04:00
Kubernetes Prow Robot
0775e6b2db Merge pull request #80591 from danwinship/no-localhost-snat 
hostport: Don't masquerade localhost-to-localhost traffic
 2019-07-31 22:36:50 -07:00
Kubernetes Prow Robot
40b31794ab Merge pull request #79623 from aaronbbrown/abb-quote-container-in-use 
quote container name in container already use error matching
 2019-07-30 03:35:31 -07:00
Dan Winship
bf077b19d4 hostport: Don't masquerade localhost-to-localhost traffic 2019-07-25 13:34:14 -04:00
Arnav Sankaran
0c1d6d330f Run gofmt 2019-07-15 09:58:09 -07:00
Arnav Sankaran
82b6b19173 Add test for ContainerStats 2019-07-15 09:57:21 -07:00
Arnav Sankaran
cd8d8f2dce Add tracing to GetContainerStats 2019-07-15 09:56:55 -07:00
Arnav Sankaran
2cfc85c8b3 Fix compile on non windows linux systems 2019-07-15 09:04:22 -07:00
Arnav Sankaran
9ed8340306 Removed duplicate code 2019-07-15 08:41:06 -07:00
Arnav Sankaran
5a26fe5696 Rename unused variable 2019-07-15 08:26:49 -07:00
Arnav Sankaran
db8e47a965 Run gofmt 2019-07-15 08:24:51 -07:00
Arnav Sankaran
0d907e015b Add ImageFSInfo, ContainerStats, and ListContainerStats impl for linux to dockershim 2019-07-12 08:44:54 -07:00
tiffany jernigan
27a0d91f2d Remove lazy provide from credential provider and kubelet (#79674) 
* Remove LazyProvide from kubelet

* Remove LazyProvide from cloud providers

* Remove LazyProvide from credential provider keyring and provider
 2019-07-03 13:52:52 -07:00
fanhao01
24a95a6c3e Fix golint failure in pkg/kubelet/dockershim/network/cni 2019-07-03 12:57:24 +08:00
Khaled Henidak(Kal)
dba434c4ba kubenet for ipv6 dualstack 2019-07-02 22:26:25 +00:00
Kubernetes Prow Robot
6f73ab2219 Merge pull request #78908 from dcbw/cni-0.7.1-snapshot 
vendor: bump CNI to v0.7.1 snapshot
 2019-07-01 21:33:21 -07:00
Kubernetes Prow Robot
cdddcf9b48 Merge pull request #71170 from atlassian/rand-cleanup2 
Cleanup math/rand package usage
 2019-07-01 21:33:08 -07:00
Aaron Brown
d1066ead3f quote container name in container already use error matching 
https://github.com/moby/moby/pull/27510 switched the container already
in use message from a bare string to a quoted string, so the
auto-deletion of "in use" containers no longer works in Docker > 17.04.
 2019-07-01 17:37:35 -04:00
Dan Williams
8739ade3fa kubelet: add CNI cache dir option and plumb through to CNI and kubenet 
libcni 0.7.0 caches ADD operation results and allows the runtime to
retrieve these from the cache. In case the user wants a different
cache directory than the defaul, plumb that through like we do
for --cni-bin-dir and --cni-conf-dir.
 2019-07-01 12:14:07 -05:00