kube-proxy: more logging at startup

2025-07-30 15:05:27 +00:00 · 2020-04-09 12:02:14 -07:00 · 2020-04-09 12:02:14 -07:00 · 37da906db2
commit 37da906db2
parent 5bfe8fe2b9
2 changed files with 39 additions and 4 deletions
--- a/pkg/proxy/iptables/proxier.go
+++ b/pkg/proxy/iptables/proxier.go
@ -273,6 +273,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
 	}

 	// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
@ -285,6 +286,7 @@ func NewProxier(ipt utiliptables.Interface,
 	// Generate the masquerade mark to use for SNAT rules.
 	masqueradeValue := 1 << uint(masqueradeBit)
 	masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue)
+	klog.V(2).Infof("iptables(%s) masquerade mark: %s", ipVersion(ipt.IsIpv6()), masqueradeMark)

 	endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying)

@ -319,18 +321,35 @@ func NewProxier(ipt utiliptables.Interface,
 		nodePortAddresses:        nodePortAddresses,
 		networkInterfacer:        utilproxy.RealNetwork{},
 	}
+
 	burstSyncs := 2
-	klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs)
+	klog.V(2).Infof("iptables(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d",
+		ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs)
 	// We pass syncPeriod to ipt.Monitor, which will call us only if it needs to.
 	// We need to pass *some* maxInterval to NewBoundedFrequencyRunner anyway though.
 	// time.Hour is arbitrary.
 	proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, time.Hour, burstSyncs)
+
 	go ipt.Monitor(utiliptables.Chain("KUBE-PROXY-CANARY"),
 		[]utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter},
 		proxier.syncProxyRules, syncPeriod, wait.NeverStop)
+
+	if ipt.HasRandomFully() {
+		klog.V(2).Infof("iptables(%s) supports --random-fully", ipVersion(ipt.IsIpv6()))
+	} else {
+		klog.V(2).Infof("iptables(%s) does not support --random-fully", ipVersion(ipt.IsIpv6()))
+	}
+
 	return proxier, nil
 }

+func ipVersion(isIPv6 bool) string {
+	if isIPv6 {
+		return "ipv6"
+	}
+	return "ipv4"
+}
+
 // NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies.
 func NewDualStackProxier(
 	ipt [2]utiliptables.Interface,
@ -787,7 +806,7 @@ func (proxier *Proxier) syncProxyRules() {
 	start := time.Now()
 	defer func() {
 		metrics.SyncProxyRulesLatency.Observe(metrics.SinceInSeconds(start))
-		klog.V(4).Infof("syncProxyRules took %v", time.Since(start))
+		klog.V(2).Infof("syncProxyRules took %v", time.Since(start))
 	}()

 	localAddrs, err := utilproxy.GetLocalAddrs()
@ -818,7 +837,7 @@ func (proxier *Proxier) syncProxyRules() {
 		}
 	}

-	klog.V(3).Info("Syncing iptables rules")
+	klog.V(2).Info("Syncing iptables rules")

 	success := false
 	defer func() {
--- a/pkg/proxy/ipvs/proxier.go
+++ b/pkg/proxy/ipvs/proxier.go
@ -351,6 +351,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
 	}

 	// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
@ -365,6 +366,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack)
 	}

 	kernelVersionStr, err := kernelHandler.GetKernelVersion()
@ -383,6 +385,7 @@ func NewProxier(ipt utiliptables.Interface,
 			if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
 				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
 			}
+			klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse)
 		}
 	}

@ -391,6 +394,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn)
 	}

 	// Set the expire_quiescent_template sysctl we need for
@ -398,6 +402,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate)
 	}

 	// Set the ip_forward sysctl we need for
@ -405,6 +410,7 @@ func NewProxier(ipt utiliptables.Interface,
 		if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
 			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
 		}
+		klog.V(1).Infof("Set sysctl %q to 1", sysctlForward)
 	}

 	if strictARP {
@ -413,6 +419,7 @@ func NewProxier(ipt utiliptables.Interface,
 			if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil {
 				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err)
 			}
+			klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore)
 		}

 		// Set the arp_announce sysctl we need for
@ -420,6 +427,7 @@ func NewProxier(ipt utiliptables.Interface,
 			if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil {
 				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err)
 			}
+			klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce)
 		}
 	}

@ -490,12 +498,20 @@ func NewProxier(ipt utiliptables.Interface,
 		proxier.ipsetList[is.name] = NewIPSet(ipset, is.name, is.setType, isIPv6, is.comment)
 	}
 	burstSyncs := 2
-	klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs)
+	klog.V(2).Infof("ipvs(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d",
+		ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs)
 	proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, syncPeriod, burstSyncs)
 	proxier.gracefuldeleteManager.Run()
 	return proxier, nil
 }

+func ipVersion(isIPv6 bool) string {
+	if isIPv6 {
+		return "ipv6"
+	}
+	return "ipv4"
+}
+
 // NewDualStackProxier returns a new Proxier for dual-stack operation
 func NewDualStackProxier(
 	ipt [2]utiliptables.Interface,