github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88,785 Commits 1 Branch 31 Tags 1,019 MiB
e64169d6b5
Commit Graph

366 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
9c736445f5
Merge pull request #79846 from aramase/fix-golint-pkg/proxy 
Fix golint failures in pkg/proxy
 2019-08-23 00:51:17 -07:00
liuxu
c90b295ef1 don't delete KUBE-MARK-MASQ chain in iptables/ipvs proxier 2019-08-20 15:43:54 +08:00
Subrata Paul
138b8b8aaa Fix in kube-proxy for sctp ipset entries 
Kube-proxy will add ipset entries for all node ips for an SCTP nodeport service. This will solve the problem 'SCTP nodeport service is not working for all IPs present in the node when ipvs is enabled. It is working only for node's InternalIP.'
 2019-08-18 00:40:27 +05:30
Kubernetes Prow Robot
d21822a02a
Merge pull request #81538 from thockin/master 
Don't track syncProxyRules runtime if not running
 2019-08-17 09:24:06 -07:00
Tim Hockin
5b14394f4e Don't track syncProxyRules runtime if not running 2019-08-16 17:05:03 -07:00
Kubernetes Prow Robot
4ac9701370
Merge pull request #81309 from andrewsykim/ipvs-test-delete-with-realserver 
proxy/ipvs: test cleanLegacyService with real servers
 2019-08-14 12:46:24 -07:00
Kubernetes Prow Robot
8c7244ac12
Merge pull request #81312 from andrewsykim/ipvs-remove-const 
proxy/ipvs: remove unused constant rsGracefulDeletePeriod
 2019-08-13 19:37:16 -07:00
Andrew Sy Kim
459bfb1ab7 proxy/ipvs: test cleanLegacyService with real servers 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-08-13 11:55:16 -04:00
Kubernetes Prow Robot
6d921c0eb5
Merge pull request #80779 from andrewsykim/ipvs-test-tables 
proxy/ipvs: refactor IPVS unit tests TestClusterIP and TestNodePort to use test tables
 2019-08-13 07:55:42 -07:00
Kubernetes Prow Robot
12a085f917
Merge pull request #80942 from gongguan/fix_ipvs_svc_del 
fix ipvs_svc deletion
 2019-08-13 02:27:54 -07:00
Andrew Sy Kim
e198eefa2b proxy/ipvs: remove unused constant rsGracefulDeletePeriod 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-08-12 16:30:28 -04:00
ethan
94efd3fcdf
cleanup: proxier.go error message fix 2019-08-12 22:36:16 +08:00
louisssgong
97c4edaa4f Fix a bug in the IPVS proxier where virtual servers are not cleaned up even though the corresponding Service object was deleted. 2019-08-10 06:32:38 +08:00
hui luo
a2ef00c1b1 Add iptables restore failure metrics 
As mentioned in issue #80061, in iptables lock contention case,
we can see increasing rate of iptables restore failures because it
need to grab iptables file lock.

The failure metric can provide administrators more insight

Metrics will be collected in kube-proxy iptables and ipvs modes

Signed-off-by: Hui Luo <luoh@vmware.com>
 2019-08-09 10:18:19 -07:00
Emrecan BATI
90ce2d50d3 Add GetKernelVersion to ipvs.KernelHandler interface 
ipvs `getProxyMode` test fails on mac as `utilipvs.GetRequiredIPVSMods`
try to reach `/proc/sys/kernel/osrelease` to find version of the running
linux kernel. Linux kernel version is used to determine the list of required
kernel modules for ipvs.

Logic to determine kernel version is moved to GetKernelVersion
method in LinuxKernelHandler which implements ipvs.KernelHandler.
Mock KernelHandler is used in the test cases.

Read and parse file is converted to go function instead of execing cut.
 2019-07-31 22:10:44 +03:00
Andrew Sy Kim
089e0cd9ef proxy/ipvs: refactor TestNodePort to use test tables 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-07-30 22:04:52 -04:00
Andrew Sy Kim
9af797c51e proxy/ipvs: refactor TestClusterIP to use test tables 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-07-30 21:30:52 -04:00
silenceshell
c31a2b7076
kube-proxy in ipvs mode use ipvs to redirect traffic 
fix the comment.
 2019-07-28 21:36:02 +08:00
Cezar Sa Espinola
c25763e159
proxy/ipvs: Compute all node ips only once when a zero cidr is used 
Computing all node ips twice would always happen when no node port
addresses were explicitly set. The GetNodeAddresses call would return
two zero cidrs (ipv4 and ipv6) and we would then retrieve all node IPs
twice because the loop wouldn't break after the first time.

Also, it is possible for the user to set explicit node port addresses
including both a zero and a non-zero cidr, but this wouldn't make sense
for nodeIPs since the zero cidr would already cause nodeIPs to include
all IPs on the node.
 2019-07-23 13:35:37 -03:00
Cezar Sa Espinola
5c16940508
proxy/ipvs: Only compute node ip addresses once per sync 
Previously the same ip addresses would be computed for each nodePort
service and this could be CPU intensive for a large number of nodePort
services with a large number of ipaddresses on the node.
 2019-07-23 13:35:27 -03:00
Andrew Sy Kim
7aa1700dba proxy/ipvs: increase log level for graceful termination 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-07-12 15:17:42 -04:00
Andrew Sy Kim
3629ed10fa add myself and lbernail as IPVS approvers 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-07-11 19:06:59 -04:00
Anish Ramasekar
2878270f5b
Fix golint failures in pkg/proxy 
Review feedback - remove alias from imports

fix comments
 2019-07-08 11:48:33 -07:00
Andrew Sy Kim
22832cfb78 ipvs proxy: add unit test for udp graceful termination 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-06-22 21:07:40 -04:00
Kubernetes Prow Robot
101f9ff703
Merge pull request #78999 from andrewsykim/ipvs-graceful-term-fix 
ipvs: fix string check for IPVS protocol during graceful termination
 2019-06-15 08:52:38 -07:00
Kubernetes Prow Robot
0c9964fac3
Merge pull request #76160 from JacobTanenbaum/BaseServiceInfo-cleanup 
enforce the interface relationship between ServicePort and BaseServiceInfo
 2019-06-13 20:37:13 -07:00
Andrew Sy Kim
bb95143369 ipvs: fix string check for IPVS protocol during graceful termination 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-06-13 19:03:58 -04:00
Jacob Tanenbaum
c0392d72e9 enforce the interface relationship between ServicePort and BaseServiceInfo 
Currently the BaseServiceInfo struct implements the ServicePort interface, but
only uses that interface sometimes. All the elements of BaseServiceInfo are exported
and sometimes the interface is used to access them and othertimes not

I extended the ServicePort interface so that all relevent values can be accessed through
it and unexported all the elements of BaseServiceInfo
 2019-06-05 14:50:24 -04:00
Kubernetes Prow Robot
46a3d82240
Merge pull request #78464 from andrewsykim/ipvs-reviewer 
add myself and Laurent as ipvs proxy reviewers
 2019-05-30 04:54:35 -07:00
Kubernetes Prow Robot
180acb315f
Merge pull request #78404 from andrewsykim/refactor-ipvs-ipset-tests 
ipvs: add descriptions to ipset unit tests
 2019-05-30 00:32:33 -07:00
Kubernetes Prow Robot
2fb7b6074a
Merge pull request #78395 from andrewsykim/ipvs-graceful-termination-log-level 
ipvs proxier: increase log level for real server deletion message
 2019-05-29 22:54:57 -07:00
Andrew Sy Kim
f6d9a45643 add myself and Laurent as ipvs proxy reviewers 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-29 01:43:50 -04:00
Kubernetes Prow Robot
944a7e2be6
Merge pull request #77802 from DataDog/lbernail/no-graceful-udp 
[proxier/ipvs] Disable graceful termination for UDP traffic
 2019-05-28 22:20:35 -07:00
Kubernetes Prow Robot
aa25195ab1
Merge pull request #77371 from andrewsykim/77265 
create new SCTP ipsets for IPVS proxier
 2019-05-28 10:58:54 -07:00
Kubernetes Prow Robot
59f6ed3b14
Merge pull request #78379 from yanghaichao12/dev0527 
remove some codes never used in proxier_test
 2019-05-28 07:18:25 -07:00
Laurent Bernaille
9ff0685722
[proxier/ipvs] Disable graceful termination for udp 2019-05-28 13:51:56 +02:00
Andrew Sy Kim
f3715bbbac ipvs: add descriptions to ipset unit tests 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-27 11:38:11 -04:00
yanghaichao12
66aa7c973d delete unused code in proxier_test 2019-05-27 10:39:43 -04:00
Andrew Sy Kim
e049927a1c ipvs proxier: increase log level for real server deletion message 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-27 08:24:37 -04:00
Andrew Sy Kim
6677d796df ipvs: add graceful termination unit tests 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-19 23:10:01 +02:00
Kubernetes Prow Robot
929adb69e3
Merge pull request #76165 from JacobTanenbaum/minor-cleanups 
Minor cleanups in pkg/proxy/endpoints.go
 2019-05-15 22:55:55 -07:00
Kubernetes Prow Robot
746404f82a
Merge pull request #77560 from dcbw/proxy-sig-network-owners 
pkg/proxy: add sig-network-approvers/sig-network-reviewers to OWNERS files
 2019-05-15 03:08:33 -07:00
Kubernetes Prow Robot
74743793f2
Merge pull request #74027 from squeed/kube-proxy-metrics 
proxy: add some useful metrics
 2019-05-15 03:08:19 -07:00
Dan Williams
91716989b6 pkg/proxy: add sig-network-approvers/sig-network-reviewers to OWNERS files 
This PR also adds m1093782566 (Jun Du) to sig-network-reviewers in
recognition of his contributions to the proxy.
 2019-05-13 10:30:29 -05:00
Jacob Tanenbaum
9d4693a70f changing UpdateEndpointsMap to Update 
changing UpdateEndpointsMap to be a function of the EndpointsMap object
 2019-05-07 14:41:15 -04:00
Casey Callendrello
017f57a6b0 proxy: add some useful metrics 
This adds some useful metrics around pending changes and last successful
sync time.

The goal is for administrators to be able to alert on proxies that, for
whatever reason, are quite stale.

Signed-off-by: Casey Callendrello <cdc@redhat.com>
 2019-05-07 14:21:13 +02:00
Krzysztof Siedlecki
941629d37a
Revert "Add better logging when iptables-restore fails" 2019-05-07 13:37:29 +02:00
Andrew Sy Kim
43ded7c4e2 create new ipset KUBE-NODE-PORT-SCTP-HASH and KUBE-NODE-PORT-LOCAL-SCTP-HASH for ipvs proxier 
Signed-off-by: Andrew Sy Kim <kiman@vmware.com>
 2019-05-03 11:59:49 -04:00
Ted Yu
2472d34bf0 Refactor err checking 2019-04-25 10:18:52 -07:00
Ted Yu
9d30833e53 Follow on for #76779 2019-04-25 02:46:38 -07:00
Ted Yu
0062a7d8de Store parsed CIDRs at initialization of Proxier 2019-04-18 09:36:05 -07:00
Igor German
107faf5ab0 proxy: Take into account exclude CIDRs while deleting legacy real servers 2019-04-11 17:05:49 +03:00
Tim Hockin
f8a7936894 Add better logging when iptables-restore fails 2019-04-04 16:34:10 -07:00
Kubernetes Prow Robot
29566d0a65
Merge pull request #74341 from paulsubrata55/kube_proxy_sctp_fix 
Issue in kube-proxy when IPVS is enabled and SCTP traffic is sent.
 2019-03-26 12:33:33 -07:00
Kubernetes Prow Robot
59140d6474
Merge pull request #75295 from DataDog/lbernail/strict-arp-flag 
[kube-proxy/ipvs] Add flag to enable strict ARP
 2019-03-20 07:41:51 -07:00
Kubernetes Prow Robot
88dc966a8a
Merge pull request #75283 from DataDog/lbernail/graceful-restart 
[kube-proxy/ipvs] Do not delete existing VS and RS when starting
 2019-03-20 07:41:36 -07:00
Jacob Tanenbaum
c3548165d5 Clear conntrack entries on 0 -> 1 endpoint transition with externalIPs 
As part of the endpoint creation process when going from 0 -> 1 conntrack entries
are cleared. This is to prevent an existing conntrack entry from preventing traffic
to the service. Currently the system ignores the existance of the services external IP
addresses, which exposes that errant behavior

This adds the externalIP addresses of udp services to the list of conntrack entries that
get cleared. Allowing traffic to flow

Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
 2019-03-15 11:18:51 -04:00
Laurent Bernaille
09f821ddb5 [kube-proxy/ipvs] Add flag to enable strict ARP 2019-03-12 15:56:22 +01:00
Laurent Bernaille
96818ea31e [kube-proxy/ipvs] Do not delete existing VS and RS when starting 2019-03-12 09:40:55 +01:00
danielqsj
10ab3fb832 clean the deprecated metrics which introduced recently 2019-03-06 15:23:46 +08:00
danielqsj
f7b437cae0 convert latency in mertics name to duration 2019-02-22 21:40:13 +08:00
Kubernetes Prow Robot
059d6057dd
Merge pull request #73323 from prameshj/clear-externalip-conntrack 
Clear conntrack entries for externalIP and LoadBalancer IP
 2019-02-19 18:38:17 -08:00
Subrata Paul
bf099d557e Fix for issue #73300. kube-proxy with IPVS and sctp traffic 2019-02-19 20:29:08 +05:30
Nguyen Van Trung
d5d7db476d fix an issue of yaml and json format 
Signed-off-by: Nguyen Van Trung <trungnv@vn.fujitsu.com>
 2019-02-15 09:55:53 +07:00
Pavithra Ramesh
24d3ab83dc Remove conntrack entries from loadbalancer ip too. 2019-02-13 09:55:31 -08:00
Kubernetes Prow Robot
41d2445f8e
Merge pull request #71999 from mm4tt/kube-proxy 
Start exporting the in-cluster network programming latency metric.
 2019-02-12 05:21:29 -08:00
Matt Matejczyk
7141ece4bf Start exporting the in-cluster network programming latency metric. 2019-02-12 08:09:59 +01:00
Kubernetes Prow Robot
c2d88db834
Merge pull request #73582 from AdamDang/patch-24 
Improve the ipvs/README.md
 2019-02-11 19:58:19 -08:00
Kubernetes Prow Robot
5b7a790d35
Merge pull request #72185 from dcbw/owners-label-sig-network 
OWNERS: add label:sig/network to a bunch of places
 2019-02-08 10:36:16 -08:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Ashish Ranjan
7be223e798 Refactor to use k8s.io/utils/net/ package instead of kubernetes/pkg/util/net/sets 
Signed-off-by: Ashish Ranjan <ashishranjan738@gmail.com>
 2019-02-04 10:34:53 +05:30
AdamDang
62105c87d4
Improve the ipvs/README.md 
Improve the ipvs/README.md
 2019-01-31 18:42:17 +08:00
Kubernetes Prow Robot
b8d6de320f
Merge pull request #72334 from danielqsj/kp 
Change proxy metrics to conform metrics guidelines
 2019-01-25 18:32:12 -08:00
prameshj
5667ebd4f6
Merge branch 'master' into clear-externalip-conntrack 2019-01-25 11:12:16 -08:00
Pavithra Ramesh
168602e597 Clear conntrack entries for externalIP 
When an endpoint is deleted, the conntrack entries are cleared for
clusterIP but not for externalIP of the service. This change adds
that step.
 2019-01-25 11:05:18 -08:00
Jeff Grafton
11f248fd35 Remove deprecated automanaged tag from some go rules 2019-01-08 14:40:57 -08:00
yanghaichao12
ba64ae18bc Fix typos in kube-proxy 2019-01-07 11:08:34 -05:00
Kubernetes Prow Robot
dfea6456f1
Merge pull request #72432 from DataDog/issue-71596 
Fix for #71596
 2019-01-03 20:22:15 -08:00
Laurent Bernaille
7092e2f9f4 [kube-proxy/IPVS] Enforce ExternalTrafficPolicy:local even for services without affinity 2018-12-29 13:01:35 +01:00
danielqsj
8975e62254 Change proxy metrics to conform guideline 2018-12-26 17:25:10 +08:00
Kubernetes Prow Robot
ae88c2d7b4
Merge pull request #70616 from teemow/teemow-proxy-flush-iptables-first 
flush iptable chains first and then remove them
 2018-12-20 08:53:47 -08:00
Dan Williams
2e339188ed OWNERS: add label:sig/network to a bunch of places 2018-12-19 00:00:02 -06:00
Laurent Bernaille
8bafc9771e [kube-proxy/ipvs] Do not try to delete RS already in termination list 2018-12-17 13:46:50 +01:00
Laurent Bernaille
ffbfc53053 [kube-proxy/ipvs] Add info message showing the reason for skipping deletion 2018-12-17 13:46:09 +01:00
Lars Ekman
227893dc3d Corrected test TestOnlyLocalLoadBalancing 2018-12-11 10:07:04 +01:00
Kubernetes Prow Robot
9d80e7522a
Merge pull request #71911 from Nordix/issue-70113-2 
Only handle addresses of the own ip family
 2018-12-10 23:02:33 -08:00
Kubernetes Prow Robot
0914272a42
Merge pull request #71035 from Nordix/issue-68437 
Fixes NodePort in ipv6 with proxy-mode=ipvs
 2018-12-10 08:53:42 -08:00
Lars Ekman
39dc41d411 Updated and new tests for ipv4/ipv6 address mix 2018-12-10 14:16:17 +01:00
Lars Ekman
5065f89a17 Only handle addresses of the own ip family 2018-12-10 12:14:42 +01:00
Kubernetes Prow Robot
a69b565c3e
Merge pull request #71834 from DataDog/lbernail/ipvs-sysctls 
[kubeproxy/ipvs] New sysctls to improve pod termination
 2018-12-09 23:59:16 -08:00
Laurent Bernaille
ec598d1a16 [kube-proxy/ipvs] Gofmt 2018-12-08 23:49:49 +01:00
Laurent Bernaille
0f9d30dd27 [kube-proxy/ipvs] Avoid unbinding multiple times for multiport svc 2018-12-08 23:47:59 +01:00
Laurent Bernaille
b2c169d27c [kube-proxy/ipvs] Update test for new CleanupLegacyServices function 2018-12-08 21:27:37 +01:00
Laurent Bernaille
e8c7dba25b [kube-proxy/ipvs] Apply graceful termination logic when unbinding addresses 2018-12-08 21:16:13 +01:00
Laurent Bernaille
81252e2ec1 [kube-proxy/ipvs] Apply graceful termination when deleting a service 2018-12-08 21:15:58 +01:00
Laurent Bernaille
1570d9f042 [kubeproxy/ipvs] New sysctls to improve pod termination 2018-12-06 19:49:47 +01:00
Lars Ekman
c3c7152c55 Corrected condition. Fix for #71596 2018-11-30 18:44:46 +01:00
Laurent Bernaille
b11233a2be [kube-proxy/ipvs] Generalize handling of InactiveConn to TCP 2018-11-29 13:34:13 +01:00
Laurent Bernaille
ed65f6edeb [kube-proxy/ipvs] Handle UDP graceful termination 
The current logic is to delete a RS if the number of active connections
is 0. This makes sense for TCP but for UDP the number of active
connections is always 0. This is an issue for DNS queries because the RS
will be deleted but the IPVS connection will remain until it expires
(5mn by default) and if there are a lot of DNS queries, the port will be
reused and queries blackholed. Of course for this to work properly the
service needs to continue to serve queries until the connections expire
(this works fine with the lameduck option of coredns).
 2018-11-28 18:02:11 +01:00
Laurent Bernaille
b955634d99 [kube-proxy/ipvs] Fix logic of delete function 2018-11-28 18:02:11 +01:00