github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2ece9e4dec
kubernetes/cluster
History
Kubernetes Submit Queue 15f0468986 Merge pull request #44895 from dcbw/iptables-restore-manual-locking 
Automatic merge from submit-queue

util/iptables: grab iptables locks if iptables-restore doesn't support --wait

When iptables-restore doesn't support --wait (which < 1.6.2 don't), it may
conflict with other iptables users on the system, like docker, because it
doesn't acquire the iptables lock before changing iptables rules. This causes
sporadic docker failures when starting containers.

To ensure those don't happen, essentially duplicate the iptables locking
logic inside util/iptables when we know iptables-restore doesn't support
the --wait option.

Unfortunately iptables uses two different locking mechanisms, one until
1.4.x (abstract socket based) and another from 1.6.x (/run/xtables.lock
flock() based).  We have to grab both locks, because we don't know what
version of iptables-restore exists since iptables-restore doesn't have
a --version option before 1.6.2.  Plus, distros (like RHEL) backport the
/run/xtables.lock patch to 1.4.x versions.

Related: https://github.com/kubernetes/kubernetes/pull/43575
See also: https://github.com/openshift/origin/pull/13845
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1417234

@kubernetes/rh-networking @kubernetes/sig-network-misc @eparis @knobunc @danwinship @thockin @freehan
2017-05-06 15:17:21 -07:00
..
addons Replace git_repository with http_archive and use ixdy's fork of bazel tools for pkg_tar 2017-05-03 10:13:06 -07:00
aws hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00
centos Centos provider: generate SSL certificates for etcd cluster. 2017-03-24 09:15:57 +08:00
gce Merge pull request #45130 from vishh/gpu-cluster-setup 2017-05-05 15:39:32 -07:00
gke Merge pull request #44590 from ihmccreery/rotate-username 2017-05-05 14:08:08 -07:00
images Bump to go1.8.1 and remove the edge GOROOT 2017-04-25 23:45:47 +03:00
juju Merge pull request #45289 from ktsakalozos/bug/fixbadrebase 2017-05-03 12:07:56 -07:00
kubemark Correct CIDR range for kubemark 2017-02-28 19:26:32 +01:00
lib hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00
libvirt-coreos Enable service account token lookup by default 2017-04-04 22:00:11 -04:00
local Merge pull request #28469 from asalkeld/local-e2e 2016-09-11 05:44:47 -07:00
openstack-heat Merge pull request #41561 from jamiehannaford/fix-multiple-swift-urls 2017-04-12 02:16:28 -07:00
photon-controller Merge pull request #42748 from dcbw/cfssl-localup 2017-04-10 14:27:11 -07:00
saltbase Bump cluster autoscaler to 0.5.3 2017-05-04 17:27:54 +02:00
skeleton
vagrant Merge pull request #42748 from dcbw/cfssl-localup 2017-04-10 14:27:11 -07:00
vsphere Update generated for 2017 2017-01-01 23:11:09 -08:00
windows Fixed the issue with log rotation 2016-12-12 11:08:41 -05:00
BUILD Replace git_repository with http_archive and use ixdy's fork of bazel tools for pkg_tar 2017-05-03 10:13:06 -07:00
clientbin.sh Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script. 2017-01-26 21:29:49 -08:00
common.sh Merge pull request #44062 from ixdy/semver-regexes 2017-05-01 12:54:44 -07:00
get-kube-binaries.sh Make get-kube.sh work properly the "ci/latest" pointer 2017-04-05 15:02:10 -07:00
get-kube-local.sh hack/cluster: map /run/xtables.lock into containerized kubelet filesystem 2017-05-05 23:34:06 -05:00
get-kube.sh Merge pull request #44062 from ixdy/semver-regexes 2017-05-01 12:54:44 -07:00
kube-down.sh Automatically download missing kube binaries in kube-up/kube-down. 2016-12-13 14:59:13 -08:00
kube-push.sh Automatically download missing kube binaries in kube-up/kube-down. 2016-12-13 14:59:13 -08:00
kube-up.sh Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts. 2017-04-11 14:07:50 -07:00
kube-util.sh Add KUBE_GCE_ENABLE_IP_ALIASES flag to the cluster turn up scripts. 2017-04-11 14:07:50 -07:00
kubeadm.sh Refactor the common parts of cluster/kube{ctl,adm}.sh into a util script. 2017-01-26 21:29:49 -08:00
kubectl.sh Fix failing kubectl skew tests 2017-03-08 16:08:47 -03:00
log-dump.sh Allow disabling log dump for nodes (in preparation for using logexporter) 2017-04-25 10:48:33 +02:00
options.md
OWNERS Updated top level owners file to match new format 2017-01-19 11:29:16 -08:00
README.md Fix typos and linted_packages sorting 2016-10-31 18:31:08 +01:00
restore-from-backup.sh Fix restore-from-backup.sh script 2017-03-21 11:58:13 +01:00
test-e2e.sh
test-network.sh
test-smoke.sh
update-storage-objects.sh
validate-cluster.sh hack/cluster: consolidate cluster/ utils to hack/lib/util.sh 2017-03-30 22:34:46 -05:00

README.md

Cluster Configuration

Deprecation Notice: This directory has entered maintenance mode and will not be accepting new providers. Please submit new automation deployments to kube-deploy. Deployments in this directory will continue to be maintained and supported at their current level of support.

The scripts and data in this directory automate creation and configuration of a Kubernetes cluster, including networking, DNS, nodes, and master components.

See the getting-started guides for examples of how to use the scripts.

cloudprovider/config-default.sh contains a set of tweakable definitions/parameters for the cluster.

The heavy lifting of configuring the VMs is done by SaltStack.

Analytics