github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
abb74c7afa
kubernetes/pkg/proxy
History
Antonio Ojea 933bcc123b only drop invalid cstate packets if non liberal 
Conntrack invalid packets may cause unexpected and subtle bugs
on esblished connections, because of that we install by default an
iptables rules that drops the packets with this conntrack state.

However, there are network scenarios, specially those that use multihoming
nodes, that may have legit traffic that is detected by conntrack as
invalid, hence these iptables rules are causing problems dropping this
traffic.

An alternative to solve the spurious problems caused by the invalid
connectrack packets is to set the sysctl nf_conntrack_tcp_be_liberal
option, but this is a system wide setting and we don't want kube-proxy
to be opinionated about the whole node networking configuration.

Kube-proxy will only install the DROP rules for invalid conntrack states
if the nf_conntrack_tcp_be_liberal is not set.

Change-Id: I5eb326931ed915f5ae74d210f0a375842b6a790e
2023-09-05 14:16:17 +00:00
..
apis Conditionally serialize flushFrequency as int 2023-07-16 08:37:37 -04:00
config lavalamp is taking a long break 2023-05-11 16:43:38 +00:00
conntrack Proxy changes for IP mode field 2023-08-14 17:21:26 +08:00
healthcheck aggregate kube-proxy metrics 2023-07-16 11:47:19 +00:00
iptables only drop invalid cstate packets if non liberal 2023-09-05 14:16:17 +00:00
ipvs Merge pull request #119937 from RyanAoh/kep-1860-dev 2023-08-17 14:00:28 -07:00
kubemark Remove duplicated config fields from ProxyServer 2023-05-03 10:15:37 -04:00
metaproxier Migrate cmd/proxy/app and pkg/proxy/meta_proxier to structured logging (#104928) 2021-09-14 20:50:40 -07:00
metrics aggregate kube-proxy metrics 2023-07-16 11:47:19 +00:00
util Proxy changes for IP mode field 2023-08-14 17:21:26 +08:00
winkernel Squash detectNodeIP and nodeIPTuple together 2023-06-06 20:48:00 -04:00
doc.go
endpoints_test.go pkg/proxy: fix stale detection logic 2023-09-02 12:45:19 +05:30
endpoints.go pkg/proxy: fix stale detection logic 2023-09-02 12:45:19 +05:30
endpointslicecache_test.go pkg/proxy: Replace deprecated func usage from the k8s.io/utils/pointer pkg 2022-08-14 18:27:33 +03:00
endpointslicecache.go Consistently use proxyutil as the name for pkg/proxy/util 2023-05-30 12:18:49 -04:00
node_test.go kube-proxy avoid race condition using LocalModeNodeCIDR 2023-06-06 15:03:22 +00:00
node.go Implement KEP-3836 2023-07-10 10:30:54 +02:00
OWNERS Add more labels (esp. area/kube-proxy) to sig-network OWNERS 2023-03-18 11:29:38 -04:00
service_test.go add unit test for kube-proxy service cache with ipMode 2023-08-19 11:24:28 +00:00
service.go kube-proxy service cache don't treat ipMode proxy address as invalid 2023-08-20 13:55:57 +00:00
topology_test.go pkg/proxy: using generic sets 2023-05-05 14:29:23 +05:30
topology.go promote ProxyTerminatingEndpoints to GA 2023-05-04 12:58:33 +00:00
types.go Merge pull request #119394 from aroradaman/fix/proxy-conntrack 2023-09-03 14:53:46 -07:00