github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
86,455 Commits 1 Branch 31 Tags
d511a809af49c70705e23ddee3cb1aadab7ab67d
Commit Graph

640 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
ff8cf507dc Merge pull request #83841 from RainbowMango/pr_hide_kubelet_deprecated_metrics 
Turn off kubelet deprecated metrics
 2019-12-09 11:30:02 -08:00
Kubernetes Prow Robot
1e2b6176aa Merge pull request #83289 from beautytiger/dev-190929-sctp 
fix unit test in hostport_manager_test.go
 2019-12-02 21:42:57 -08:00
Kubernetes Prow Robot
b84fad5e6f Merge pull request #84401 from xiaoanyunfei/bugfix/inspect-docker-image 
ignore image err when docker image has been cleaned up
 2019-11-25 19:11:10 -08:00
Kubernetes Prow Robot
09d142a7ab Merge pull request #80854 from aojea/hostportv6 
Add IPv6 support to kubenet hostport
 2019-11-16 04:35:41 -08:00
Kubernetes Prow Robot
3202bc1044 Merge pull request #83896 from mars1024/modify/cni_log 
modify error output in cniNetworkPlugin
 2019-11-14 20:52:02 -08:00
Kubernetes Prow Robot
5689961ed3 Merge pull request #84649 from benmoss/windows_network_not_initialized 
Skip GetPodNetworkStatus when CNI not yet initialized
 2019-11-13 09:25:59 -08:00
RainbowMango
30bf1f47dd Hide kubelet metrics that have been deprecated in 1.14 2019-11-13 19:17:38 +08:00
Krzysztof Siedlecki
d46daf891c fixing docker fake client InspectExec 2019-11-08 12:43:16 +01:00
Jordan Liggitt
297570e06a hack/update-vendor.sh 2019-11-06 17:42:34 -05:00
yuxiaobo
81e9f21f83 Correct spelling mistakes 
Signed-off-by: yuxiaobo <yuxiaobogo@163.com>
 2019-11-06 20:25:19 +08:00
Bruce Ma
fe50e904eb restrict max string length in log 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-11-05 18:09:55 +08:00
Ben Moss
ce41faa2eb Skip GetPodNetworkStatus when CNI not yet initialized 
Without this scheduling a pod on Windows results in a panic from
`addToNetwork` when it tries to read `NetworkConfig` and `CNIConfig` off
the nil network
 2019-10-31 17:51:04 -04:00
sunxiaofei03
fdbf5ef0b8 ignore image err when docker image has been cleaned up 2019-10-27 23:02:47 +08:00
qingsenLi
8d3daa8260 fix errors 2019-10-16 22:11:47 +08:00
Bruce Ma
213c378562 modify error output in cniNetworkPlugin 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-10-14 20:17:27 +08:00
Bob Killen
2e52875917 Prune inactive owners from pkg/kubelet/* network related OWNERS files. 2019-10-13 08:51:00 -04:00
Guangming Wang
97e2576750 hostport return error when claim SCTP type port 
revert last changes, just modify typos in unit test, and remove failed assert

sub count of sctp port when assert of len compare
 2019-10-09 20:02:04 +08:00
SataQiu
77f42c8108 eliminate direct references to prometheus 2019-10-04 21:33:34 +08:00
Angela Li
4301bbff08 Use ipv4 in wincat port forward 2019-09-23 17:10:01 -07:00
Kubernetes Prow Robot
53b3c8968e Merge pull request #82164 from yuxiaobo96/k8s-fix2 
delete extra comma
 2019-09-19 21:22:59 -07:00
Kubernetes Prow Robot
605687dec7 Merge pull request #71653 from liucimin/update_kubelet_cni_lib 
No timeout when Kubelet Calling cni plugin
 2019-09-19 18:00:59 -07:00
liucimin
ddb1c6a127 fix cni timeout 2019-09-19 22:56:03 +08:00
Kubernetes Prow Robot
4097a99fd7 Merge pull request #82800 from Random-Liu/fix-routes 
Only set ipv4/ipv6 routes when there is corresponding CIDR.
 2019-09-18 19:14:59 -07:00
Kubernetes Prow Robot
cfa3e2c499 Merge pull request #82508 from aanm/fix-get-pod-ip-panic 
dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode
 2019-09-17 19:43:32 -07:00
Lantao Liu
032c97daee Only set ipv4/ipv6 routes when there is corresponding CIDR. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-17 11:05:17 -07:00
Dan Winship
3948f16ff4 Add iptables.Monitor, use it from kubelet and kube-proxy 
Kubelet and kube-proxy both had loops to ensure that their iptables
rules didn't get deleted, by repeatedly recreating them. But on
systems with lots of iptables rules (ie, thousands of services), this
can be very slow (and thus might end up holding the iptables lock for
several seconds, blocking other operations, etc).

The specific threat that they need to worry about is
firewall-management commands that flush *all* dynamic iptables rules.
So add a new iptables.Monitor() function that handles this by creating
iptables-flush canaries and only triggering a full rule reload after
noticing that someone has deleted those chains.
 2019-09-17 10:19:26 -04:00
Dan Winship
b6c3d5416a Drop iptables firewalld monitoring support 
The firewalld monitoring code was not well tested (and not easily
testable), would never be triggered on most platforms, and was only
being taken advantage of from one place (kube-proxy), which didn't
need it anyway since it already has its own resync loop.

Since the firewalld monitoring was the only consumer of pkg/util/dbus,
we can also now delete that.
 2019-09-15 15:35:40 -04:00
Davanum Srinivas
1b79c1f6b3 Add 16MB limit to dockershim ExecSync 
Change-Id: Ia86cfdb9bdaf994d30216621f78aebc6c555cf4a
 2019-09-11 09:52:28 -04:00
André Martins
a5365d5be1 dockershim/network: fix panic for cni plugins in IPv4/IPv6 dual-stack mode 
```
 k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni.(*cniNetworkPlugin).GetPodNetworkStatus(0xc000a04370, 0xc000b89a62, 0xb, 0xc000b89a49, 0x18, 0x42edffb, 0x6, 0xc000cfa340, 0x40, 0xc000ced7d0, ...)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/network/cni/cni_others.go:78 +0x420
 k8s.io/kubernetes/pkg/kubelet/dockershim/network.(*PluginManager).GetPodNetworkStatus(0xc000a51880, 0xc000b89a62, 0xb, 0xc000b89a49, 0x18, 0x42edffb, 0x6, 0xc000cfa340, 0x40, 0x0, ...)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/network/plugins.go:391 +0x1f9
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).getIPsFromPlugin(0xc00029b600, 0xc000c25cb0, 0x40, 0x78c0000, 0x7982100, 0x0, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:335 +0x1c3
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).getIPs(0xc00029b600, 0xc000b66cc0, 0x40, 0xc000c25cb0, 0x30bd171a, 0xed508364b, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:373 +0xe3
 k8s.io/kubernetes/pkg/kubelet/dockershim.(*dockerService).PodSandboxStatus(0xc00029b600, 0x4ad8b20, 0xc000c25c80, 0xc000cde1c0, 0xc00029b600, 0xc000c25c80, 0xc0005f5bd0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go:439 +0x133
 k8s.io/kubernetes/vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2._RuntimeService_PodSandboxStatus_Handler(0x42c4e00, 0xc00029b600, 0x4ad8b20, 0xc000c25c80, 0xc000c126c0, 0x0, 0x4ad8b20, 0xc000c25c80, 0xc000cb2d20, 0x42)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.pb.go:7663 +0x23e
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00, 0xc000a61b00, 0x78c97c0, 0x0, 0x0, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:995 +0x466
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).handleStream(0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00, 0x0)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:1275 +0xda6
 k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc000a8e9c0, 0xc000a4f760, 0x4b45280, 0xc000b02d80, 0xc000847c00)
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:710 +0x9f
 created by k8s.io/kubernetes/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
         /workspace/anago-v1.16.0-beta.1.787+48ca054daba9e6/src/k8s.io/kubernetes/_output/dockerized/go/src/k8s.io/kubernetes/vendor/google.golang.org/grpc/server.go:708 +0xa1
```

Fixes: dba434c4ba ("kubenet for ipv6 dualstack")
Signed-off-by: André Martins <aanm90@gmail.com>
 2019-09-10 21:06:19 +02:00
Bruce Ma
f9169d29cb skip recording inputs & outputs in fake script plugin when CNI_COMMAND=VERSION 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-09-04 22:50:13 +08:00
Mike Spreitzer
d86d1defa1 Made IPVS and iptables modes of kube-proxy fully randomize masquerading if possible 
Work around Linux kernel bug that sometimes causes multiple flows to
get mapped to the same IP:PORT and consequently some suffer packet
drops.

Also made the same update in kubelet.

Also added cross-pointers between the two bodies of code, in comments.

Some day we should eliminate the duplicate code.  But today is not
that day.
 2019-09-01 22:07:30 -04:00
Antonio Ojea
cc7257b462 Kubenet can't fail fast on teardown 2019-08-30 10:19:10 +02:00
yuxiaobo
065343933d delete extra comma 2019-08-30 16:03:33 +08:00
Antonio Ojea
c1e3d375d4 Add IPv6 support to kubenet hostport 2019-08-30 09:59:43 +02:00
Han Kang
3a50917795 migrate kubelet's metrics/probes & metrics endpoint to metrics stability framework 2019-08-28 11:16:38 -07:00
Kubernetes Prow Robot
879418a714 Merge pull request #81828 from mars1024/bugfix/delete_lo_network 
delete lo network when TearDownPod to avoid CNI cache leak
 2019-08-28 03:09:11 -07:00
Bruce Ma
ec342ec98f delete lo network when TearDownPod to avoid CNI cache leak 
Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-08-27 19:26:23 +08:00
Jean Rouge
4d4edcb27b Make container removal fail if platform-specific containers fail 
https://github.com/kubernetes/kubernetes/pull/74737 introduced a new in-memory
map for the dockershim, that could potentially (in pathological cases) cause
memory leaks - for containers that use GMSA cred specs, get created
successfully, but then never get started nor removed.

This patch addresses this issue by making container removal fail altogether
when platform-specific clean ups fail: this allows clean ups to be retried
later, when the kubelet attempts to remove the container again.

Resolves issue https://github.com/kubernetes/kubernetes/issues/74843.

Signed-off-by: Jean Rouge <rougej+github@gmail.com>
 2019-08-22 18:03:48 -07:00
Kubernetes Prow Robot
a3488b4cee Merge pull request #81206 from tallclair/staticcheck-kubelet-push 
Cleanup Kubelet static analysis issues
 2019-08-22 15:09:43 -07:00
Kubernetes Prow Robot
37651f1cef Merge pull request #80368 from danwinship/iptables-checks 
iptables feature detection improvements
 2019-08-22 13:31:20 -07:00
Tim Allclair
a2c51674cf Cleanup more static check issues (S1*,ST*) 2019-08-21 10:40:21 -07:00
Tim Allclair
8a495cb5e4 Clean up error messages (ST1005) 2019-08-21 10:40:21 -07:00
Tim Allclair
e06912ca3e Clean up deprecated references 2019-08-21 10:40:21 -07:00
Tim Allclair
6510d26b6a Fix misc static check issues 2019-08-21 10:40:21 -07:00
Tim Allclair
3f510c69f6 Remove dead code from pkg/kubelet/... 2019-08-21 10:40:21 -07:00
Kubernetes Prow Robot
29c87cbfff Merge pull request #80482 from mars1024/bugfix/cni_validation 
add CNI config validation to getDefaultCNINetwork
 2019-08-19 10:11:31 -07:00
Bruce Ma
9903cb3ad3 add validation for CNI config before loading and fix some typo 
1. add validation for CNI config before loading
2. make some CNI capabilities constants
3. add Capabilities field to cniNetwork struct

Signed-off-by: Bruce Ma <brucema19901024@gmail.com>
 2019-08-09 21:22:23 +08:00
Kubernetes Prow Robot
7f1ae0e32d Merge pull request #80105 from ASankaran/dockershim-linux 
Add ImageFSInfo, ContainerStats, and ListContainerStats impl for linux to dockershim
 2019-08-06 18:14:51 -07:00
Jianfei Bai
5726b22fbc Move docker specific const to dockershim. 2019-08-05 10:28:08 +08:00
Dan Winship
81cd27a51e iptables: simplify version handling 2019-08-01 12:05:31 -04:00