github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123,523 Commits 1 Branch 31 Tags
ecbafb8de5fc9a45e9c55ace9def1f33996faead
Commit Graph

72 Commits

Author SHA1 Message Date
HirazawaUi
facf702e64 Remove useless util functions 2024-05-20 19:57:43 +08:00
Dan Winship
19b3a9e194 (Mostly) Revert "change --nodeport-addresses behavior to default to primary node ip only" 
This reverts commit 8bccf4873b, except
for the nftables unit test changes, since we still want the "new"
results (not to mention the bugfixes), just for a different reason
now.
 2024-04-18 09:25:06 -04:00
Antonin Bas
5fb002147b Remove unused Resolver interface in pkg/proxy/util 
Signed-off-by: Antonin Bas <antonin.bas@broadcom.com>
 2024-02-20 11:32:59 -08:00
nayihz
8bccf4873b change --nodeport-addresses behavior to default to primary node ip only 2024-01-25 13:42:30 +08:00
Lars Ekman
50b3ffc71f kube-proxy: LoadBalancerSourceRanges as *net.IPNet 2024-01-09 09:17:56 +01:00
Lars Ekman
9eac24c656 kube-proxy: store ExternalIPs as net.IP 
They were stored as strings which could be non-canonical
and cause problems
 2024-01-09 09:17:50 +01:00
Lars Ekman
d2294007b0 kube-proxy: store LoadBalancerVIPs as net.IP 
They were stored as strings which could be non-canonical
and cause problems
 2024-01-09 09:17:43 +01:00
Aohan Yang
86b1f095ca Proxy changes for IP mode field 2023-08-14 17:21:26 +08:00
Mark Rossetti
0d90d1ffa5 Revert "Merge pull request #118895 from RyanAoh/kep-1860" 
This reverts commit 890a6c8f70, reversing
changes made to 4f60a8d493.
 2023-08-09 15:51:20 -07:00
Aohan Yang
7eab0d7a0d Proxy changes for IP mode field 2023-07-17 16:02:36 +08:00
Dan Winship
883d0c3b71 Add a dummy implementation of proxyutil.LineBuffer 
Rather than actually assembling all of the rules we aren't going to
use, just count them and throw them away.
 2023-07-14 08:38:25 -04:00
Dan Winship
bb0c3a0818 Remove proxyutil.IsProxyableIP / IsProxyableHostname 
These don't belong in pkg/proxy/util; they involve a completely
unrelated definition of proxying.

Since each is only used from one place, just inline them at the
callers.
 2023-07-01 08:49:38 -04:00
Dan Winship
5bde9404a0 Remove unused error return value from internal function 2023-06-15 05:22:11 -04:00
carlory
5e048041e4 remove helper function for unused storage feature in pkg/proxy/util 2023-06-13 09:22:59 +08:00
TommyStarK
1fcfd1d509 pkg/util/iptables: use buf.String() instead of string(buf.Bytes()) 
Signed-off-by: TommyStarK <thomasmilox@gmail.com>
 2023-06-05 19:47:47 +02:00
Lars Ekman
8d63750c35 Generic sets in netlink and utils 2023-02-19 18:25:07 +01:00
Dan Winship
fe49e3933d Move GetNodeAddresses() and ContainsIPv4Loopback() into a new file 
Both sound slightly generic, but implement semantics specific to the
handling of NodePort addresses.

(No changes other than moving code.)
 2023-01-21 14:25:07 -05:00
cyclinder
bef2070031 kube-proxy: add a flag to disables the allowing NodePort services to be accessed via localhost 2022-11-02 16:17:52 +08:00
Dan Winship
e7bae9df81 Count iptables lines as we write them 2022-02-19 11:56:14 -05:00
Antonio Ojea
8b5fa408e0 kube-proxy: only set route_localnet if required 
kube-proxy sets the sysctl net.ipv4.conf.all.route_localnet=1
so NodePort services can be accessed on the loopback addresses in
IPv4, but this may present security issues.

Leverage the --nodeport-addresses flag to opt-out of this feature,
if the list is not empty and none of the IP ranges contains an IPv4
loopback address this sysctl is not set.

In addition, add a warning to inform users about this behavior.
 2022-02-17 20:20:31 +01:00
Angus Lees
05cc0fb1df Reject proxy requests to 0.0.0.0 as well 2022-01-07 17:42:54 +11:00
Kubernetes Prow Robot
67a352e85f Merge pull request #101429 from Nordix/issues-93858 
Kube-proxy/ipvs; Use go "net" lib to get nodeIPs
 2021-11-15 11:26:48 -08:00
Lars Ekman
9f37096c38 Kube-proxy/ipvs; Use go "net" lib to get nodeIPs 
The nodeIPs to be used for nodePorts were collected using
netlink which was unnecessary complex and caused se #93858
 2021-11-13 15:07:47 +01:00
Neha Lohia
fa1b6765d5 move pkg/util/node to component-helpers/node/util (#105347) 
Signed-off-by: Neha Lohia <nehapithadiya444@gmail.com>
 2021-11-12 07:52:27 -08:00
Tim Hockin
731dc8cf74 Fix regression in kube-proxy (#106214) 
* Fix regression in kube-proxy

Don't use a prepend() - that allocates.  Instead, make Write() take
either strings or slices (I wish we could express that better).

* WIP: switch to intf

* WIP: less appends

* tests and ipvs
 2021-11-08 15:14:49 -08:00
Tim Hockin
f662170ff7 kube-proxy: make iptables buffer-writing cleaner 2021-11-05 12:28:19 -07:00
Tim Hockin
f558554ce0 kube-proxy: minor cleanup 
Get rid of overlapping helper functions.
 2021-11-05 12:28:19 -07:00
Khaled (Kal) Henidak
59dd238fd4 mute unnecessary logs 2021-09-23 20:52:18 +00:00
Pritish Samal
060f5b88d0 Migrate pkg/proxy/util to structured logging (#104908) 
* Migrate to Structured Logs in `pkg/proxy/util`

* Minor fixes

* change key to cidr and remove namespace arg

* Update key from cidr to CIDR

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key cidr to CIDR

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key ip to IP

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Update key ip to IP

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>

* Interchange svcNamespace and svcName

* Change first letter of all messages to capital

* Change key names in endpoints.go

* Change all keynames to lower bumby caps convention

Co-authored-by: JUN YANG <69306452+yangjunmyfm192085@users.noreply.github.com>
 2021-09-20 13:54:35 -07:00
Ricardo Pchevuzinske Katz
37d11bcdaf Move node and networking related helpers from pkg/util to component helpers 
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
 2021-09-16 17:00:19 -03:00
Kubernetes Prow Robot
d3621ae008 Merge pull request #101303 from wangyx1992/capatial-log-proxy 
cleanup: fix errors in wrapped format and log capitalization in proxy
 2021-09-03 10:01:50 -07:00
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Kubernetes Prow Robot
96dff7d0c7 Merge pull request #102832 from Yuan-Junliang/migrateProxyEventAPI 
Migrate kube-proxy event to use v1 Event API
 2021-07-05 17:44:17 -07:00
chenyw1990
1f24a198e7 reduce cpu usage of kube-proxy with iptables mode 2021-07-05 16:08:19 +08:00
wangyx1992
c85e567a3d cleanup: fix errors in wrapped format and log capitalization in proxy 
Signed-off-by: wangyx1992 <wang.yixiang@zte.com.cn>
 2021-06-28 04:39:15 +08:00
Yuan-Junliang
2e06066bab Migrate kube-proxy to use v1 Event API 2021-06-13 18:57:52 +08:00
Surya Seetharaman
d3fe48e848 Kube-proxy: perf-enhancement: Reduce NAT table KUBE-SERVICES/NODEPORTS chain rules 
The nat KUBE-SERVICES chain is called from OUTPUT and PREROUTING stages. In
clusters with large number of services, the nat-KUBE-SERVICES chain is the largest
chain with for eg: 33k rules. This patch aims to move the KubeMarkMasq rules from
the kubeServicesChain into the respective KUBE-SVC-* chains. This way during each
packet-rule matching we won't have to traverse the MASQ rules of all services which
get accumulated in the KUBE-SERVICES and/or KUBE-NODEPORTS chains. Since the
jump to KUBE-MARK-MASQ ultimately sets the 0x400 mark for nodeIP SNAT, it should not
matter whether the jump is made from KUBE-SERVICES or KUBE-SVC-* chains.

Specifically we change:

1) For ClusterIP svc, we move the KUBE-MARK-MASQ jump rule from KUBE-SERVICES
chain into KUBE-SVC-* chain.
2) For ExternalIP svc, we move the KUBE-MARK-MASQ jump rule in the case of
non-ServiceExternalTrafficPolicyTypeLocal from KUBE-SERVICES
chain into KUBE-SVC-* chain.
3) For NodePorts svc, we move the KUBE-MARK-MASQ jump rule in case of
non-ServiceExternalTrafficPolicyTypeLocal from KUBE-NODEPORTS chain to
KUBE-SVC-* chain.
4) For load-balancer svc, we don't change anything since it is already svc specific
due to creation of KUBE-FW-* chains per svc.

This would cut the rules per svc in KUBE-SERVICES and KUBE-NODEPORTS in half.
 2021-04-21 16:41:03 +02:00
Kubernetes Prow Robot
016d1c1072 Merge pull request #99278 from yangjunmyfm192085/run-test21 
Fix incorrect use of  klog.ErrorS
 2021-04-08 14:27:58 -07:00
Antonio Ojea
654be57022 kube-proxy iptables expose number of rules metrics 
add a new metric to kube-proxy iptables, so it exposes the number
of rules programmed in each iteration.
 2021-03-05 10:00:38 +01:00
JunYang
53056e88b6 Fix incorrect use of klog.ErrorS 
Signed-off-by: JunYang <yang.jun22@zte.com.cn>
 2021-02-21 14:55:23 +08:00
jornshen
00e26e9785 clear pkg/proxy/port.go port_test.go file 2021-02-15 16:36:09 +08:00
Kubernetes Prow Robot
e89e7b4ed1 Merge pull request #98083 from JornShen/optimize_proxier_duplicate_localaddrset 
optimize proxier duplicate localaddrset
 2021-01-29 01:21:40 -08:00
jornshen
3f506cadb0 optimize proxier duplicate localaddrset 2021-01-29 10:52:01 +08:00
Jordan Liggitt
ce553e1b68 Resolve IP addresses of host-only in filtered dialer 2021-01-26 12:00:53 -05:00
jornshen
3783821553 move the redundant writeline writeBytesLine to proxy/util/util.go 2021-01-21 10:51:39 +08:00
Basant Amarkhed
293d4b7c48 Avoiding double parsing of ip/cidr strings and logging bad ips/cidrs 2020-11-20 22:22:55 +00:00
Basant Amarkhed
707073d2f9 Fixup #1 addressing review comments 2020-11-17 07:13:51 +00:00
Basant Amarkhed
8fb895f3f1 Updating after merging with a conflicting commit 2020-11-14 01:09:46 +00:00
Patrik Cyvoct
d29665cc17 Revert "Merge pull request #92312 from Sh4d1/kep_1860" 
This reverts commit ef16faf409, reversing
changes made to 2343b8a68b.
 2020-11-11 10:26:53 +01:00
Patrik Cyvoct
540901779c fix reviews 
Signed-off-by: Patrik Cyvoct <patrik@ptrk.io>
 2020-11-07 10:00:53 +01:00