github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
9bd6c62a366cc0c2f2001f19a7c179e307892424
kubernetes/pkg
History
Kubernetes Submit Queue 9bd6c62a36 Merge pull request #61329 from Lion-Wei/ipvs-esipp 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

fix externaltrafficpolicy=local related ipvs ci case

**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61328

**Special notes for your reviewer**:
To realize externalTrafficPolicy=local, but do not affect traffic inside the cluster.
If thie pr got merged, the iptables rules of ipvs proxy mode ESIPP should be like(for loadbalance case):
```
Chain KUBE-FIRE-WALL (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            match-set KUBE-LB-INGRESS-LOCAL dst,dst
KUBE-MARK-MASQ  all  --  0.0.0.0/0            0.0.0.0/0            /* mark MASQ for external traffic policy not local */

Chain KUBE-MARK-DROP (0 references)
target     prot opt source               destination         
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK or 0x8000

Chain KUBE-MARK-MASQ (3 references)
target     prot opt source               destination         
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK or 0x4000

Chain KUBE-NODE-PORT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            match-set KUBE-NODE-PORT-LOCAL-TCP dst
KUBE-MARK-MASQ  all  --  0.0.0.0/0            0.0.0.0/0            /* mark MASQ for external traffic policy not local */

Chain KUBE-POSTROUTING (0 references)
target     prot opt source               destination         
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0            /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0            match-set KUBE-LOOP-BACK dst,dst,src

Chain KUBE-SERVICES (2 references)
target     prot opt source               destination         
KUBE-MARK-MASQ  all  -- !10.64.0.0/14         0.0.0.0/0            match-set KUBE-CLUSTER-IP dst,dst
KUBE-FIRE-WALL  all  --  0.0.0.0/0            0.0.0.0/0            match-set KUBE-LOAD-BALANCER-MASQ dst,dst
KUBE-NODE-PORT  tcp  --  0.0.0.0/0            0.0.0.0/0            tcp match-set KUBE-NODE-PORT-TCP dst
```

**Release note**:
```release-note
NONE
```
2018-04-07 21:33:13 -07:00
..
api
remove unused pkg unversioned
2018-03-13 15:06:38 +08:00
apis
Merge pull request #61806 from hzxuzhonghu/LoadBalancerStatus-DeepCopy
2018-04-03 17:24:21 -07:00
auth
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
capabilities
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
client
Run hack/update-codegen.sh
2018-04-05 23:35:14 +02:00
cloudprovider
Add subnet-id annotation for openstack cloud provider
2018-04-04 19:13:48 +08:00
controller
Merge pull request #62180 from msau42/binding-predicate
2018-04-06 11:56:07 -07:00
credentialprovider
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
features
Delete in-tree support for NVIDIA GPUs.
2018-04-02 20:17:01 -07:00
fieldpath
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
generated
Fix kubectl bindata
2018-04-05 14:05:53 +02:00
kubeapiserver
apiserver: enforce shared RequestContextMapper in delegation chain
2018-04-05 14:41:56 +02:00
kubectl
Merge pull request #62196 from liggitt/create-dry-run
2018-04-06 21:30:12 -07:00
kubelet
Merge pull request #44495 from wu8685/fix-inotify-issue
2018-04-06 20:32:03 -07:00
kubemark
add nodeport-addresses flag for kube-proxy
2018-02-26 23:48:46 +08:00
master
apiserver: enforce shared RequestContextMapper in delegation chain
2018-04-05 14:41:56 +02:00
printers
update PrintFlags#Complete to receive string template
2018-04-06 16:44:40 -04:00
probe
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
proxy
Merge pull request #61329 from Lion-Wei/ipvs-esipp
2018-04-07 21:33:13 -07:00
quota
Resources prefixed with *kubernetes.io/ should remain unscheduled if they are not exposed on the node.
2018-03-28 17:24:30 -07:00
registry
Merge pull request #60519 from bsalamat/auto_prio_class
2018-03-26 23:20:05 -07:00
routes
Remove /ui/ redirect
2018-02-12 10:54:33 -05:00
scheduler
Merge pull request #62180 from msau42/binding-predicate
2018-04-06 11:56:07 -07:00
security
Update gofmt for go1.10
2018-04-02 17:44:04 -07:00
securitycontext
remove unused code in securitycontext
2018-03-29 23:32:48 -07:00
serviceaccount
implement token authenticator for new id tokens
2018-02-27 17:20:46 -08:00
ssh
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
util
Merge pull request #60073 from justaugustus/int-to-int32ptr
2018-04-02 16:22:28 -07:00
version
Require boilerplate on Bazel Skylark source files
2018-02-16 13:44:04 -08:00
volume
Merge pull request #61447 from jianglingxia/csiattacher-2018032109
2018-04-06 09:14:04 -07:00
watch/json
remove outdate package
2018-01-15 23:17:19 +08:00
windows/service
Add support for binaries to run as Windows services
2018-03-07 00:51:36 +01:00
.import-restrictions
BUILD
pkg/api/unversioned related cleanup
2018-03-13 17:20:16 +08:00
OWNERS