mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-07 03:03:59 +00:00
kube-proxy: more logging at startup
This commit is contained in:
Tim Hockin
parent
5bfe8fe2b9
commit
37da906db2
@ -273,6 +273,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
|
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
|
||||||
@ -285,6 +286,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
// Generate the masquerade mark to use for SNAT rules.
|
// Generate the masquerade mark to use for SNAT rules.
|
||||||
masqueradeValue := 1 << uint(masqueradeBit)
|
masqueradeValue := 1 << uint(masqueradeBit)
|
||||||
masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue)
|
masqueradeMark := fmt.Sprintf("%#08x/%#08x", masqueradeValue, masqueradeValue)
|
||||||
|
klog.V(2).Infof("iptables(%s) masquerade mark: %s", ipVersion(ipt.IsIpv6()), masqueradeMark)
|
||||||
|
|
||||||
endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying)
|
endpointSlicesEnabled := utilfeature.DefaultFeatureGate.Enabled(features.EndpointSliceProxying)
|
||||||
|
|
||||||
@ -319,18 +321,35 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
nodePortAddresses: nodePortAddresses,
|
nodePortAddresses: nodePortAddresses,
|
||||||
networkInterfacer: utilproxy.RealNetwork{},
|
networkInterfacer: utilproxy.RealNetwork{},
|
||||||
}
|
}
|
||||||
|
|
||||||
burstSyncs := 2
|
burstSyncs := 2
|
||||||
klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs)
|
klog.V(2).Infof("iptables(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d",
|
||||||
|
ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs)
|
||||||
// We pass syncPeriod to ipt.Monitor, which will call us only if it needs to.
|
// We pass syncPeriod to ipt.Monitor, which will call us only if it needs to.
|
||||||
// We need to pass *some* maxInterval to NewBoundedFrequencyRunner anyway though.
|
// We need to pass *some* maxInterval to NewBoundedFrequencyRunner anyway though.
|
||||||
// time.Hour is arbitrary.
|
// time.Hour is arbitrary.
|
||||||
proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, time.Hour, burstSyncs)
|
proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, time.Hour, burstSyncs)
|
||||||
|
|
||||||
go ipt.Monitor(utiliptables.Chain("KUBE-PROXY-CANARY"),
|
go ipt.Monitor(utiliptables.Chain("KUBE-PROXY-CANARY"),
|
||||||
[]utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter},
|
[]utiliptables.Table{utiliptables.TableMangle, utiliptables.TableNAT, utiliptables.TableFilter},
|
||||||
proxier.syncProxyRules, syncPeriod, wait.NeverStop)
|
proxier.syncProxyRules, syncPeriod, wait.NeverStop)
|
||||||
|
|
||||||
|
if ipt.HasRandomFully() {
|
||||||
|
klog.V(2).Infof("iptables(%s) supports --random-fully", ipVersion(ipt.IsIpv6()))
|
||||||
|
} else {
|
||||||
|
klog.V(2).Infof("iptables(%s) does not support --random-fully", ipVersion(ipt.IsIpv6()))
|
||||||
|
}
|
||||||
|
|
||||||
return proxier, nil
|
return proxier, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ipVersion(isIPv6 bool) string {
|
||||||
|
if isIPv6 {
|
||||||
|
return "ipv6"
|
||||||
|
}
|
||||||
|
return "ipv4"
|
||||||
|
}
|
||||||
|
|
||||||
// NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies.
|
// NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies.
|
||||||
func NewDualStackProxier(
|
func NewDualStackProxier(
|
||||||
ipt [2]utiliptables.Interface,
|
ipt [2]utiliptables.Interface,
|
||||||
@ -787,7 +806,7 @@ func (proxier *Proxier) syncProxyRules() {
|
|||||||
start := time.Now()
|
start := time.Now()
|
||||||
defer func() {
|
defer func() {
|
||||||
metrics.SyncProxyRulesLatency.Observe(metrics.SinceInSeconds(start))
|
metrics.SyncProxyRulesLatency.Observe(metrics.SinceInSeconds(start))
|
||||||
klog.V(4).Infof("syncProxyRules took %v", time.Since(start))
|
klog.V(2).Infof("syncProxyRules took %v", time.Since(start))
|
||||||
}()
|
}()
|
||||||
|
|
||||||
localAddrs, err := utilproxy.GetLocalAddrs()
|
localAddrs, err := utilproxy.GetLocalAddrs()
|
||||||
@ -818,7 +837,7 @@ func (proxier *Proxier) syncProxyRules() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
klog.V(3).Info("Syncing iptables rules")
|
klog.V(2).Info("Syncing iptables rules")
|
||||||
|
|
||||||
success := false
|
success := false
|
||||||
defer func() {
|
defer func() {
|
||||||
|
|||||||
@ -351,6 +351,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
|
// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
|
||||||
@ -365,6 +366,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack)
|
||||||
}
|
}
|
||||||
|
|
||||||
kernelVersionStr, err := kernelHandler.GetKernelVersion()
|
kernelVersionStr, err := kernelHandler.GetKernelVersion()
|
||||||
@ -383,6 +385,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
|
if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -391,6 +394,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the expire_quiescent_template sysctl we need for
|
// Set the expire_quiescent_template sysctl we need for
|
||||||
@ -398,6 +402,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the ip_forward sysctl we need for
|
// Set the ip_forward sysctl we need for
|
||||||
@ -405,6 +410,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlForward)
|
||||||
}
|
}
|
||||||
|
|
||||||
if strictARP {
|
if strictARP {
|
||||||
@ -413,6 +419,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil {
|
if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set the arp_announce sysctl we need for
|
// Set the arp_announce sysctl we need for
|
||||||
@ -420,6 +427,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil {
|
if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err)
|
||||||
}
|
}
|
||||||
|
klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -490,12 +498,20 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
proxier.ipsetList[is.name] = NewIPSet(ipset, is.name, is.setType, isIPv6, is.comment)
|
proxier.ipsetList[is.name] = NewIPSet(ipset, is.name, is.setType, isIPv6, is.comment)
|
||||||
}
|
}
|
||||||
burstSyncs := 2
|
burstSyncs := 2
|
||||||
klog.V(3).Infof("minSyncPeriod: %v, syncPeriod: %v, burstSyncs: %d", minSyncPeriod, syncPeriod, burstSyncs)
|
klog.V(2).Infof("ipvs(%s) sync params: minSyncPeriod=%v, syncPeriod=%v, burstSyncs=%d",
|
||||||
|
ipVersion(ipt.IsIpv6()), minSyncPeriod, syncPeriod, burstSyncs)
|
||||||
proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, syncPeriod, burstSyncs)
|
proxier.syncRunner = async.NewBoundedFrequencyRunner("sync-runner", proxier.syncProxyRules, minSyncPeriod, syncPeriod, burstSyncs)
|
||||||
proxier.gracefuldeleteManager.Run()
|
proxier.gracefuldeleteManager.Run()
|
||||||
return proxier, nil
|
return proxier, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ipVersion(isIPv6 bool) string {
|
||||||
|
if isIPv6 {
|
||||||
|
return "ipv6"
|
||||||
|
}
|
||||||
|
return "ipv4"
|
||||||
|
}
|
||||||
|
|
||||||
// NewDualStackProxier returns a new Proxier for dual-stack operation
|
// NewDualStackProxier returns a new Proxier for dual-stack operation
|
||||||
func NewDualStackProxier(
|
func NewDualStackProxier(
|
||||||
ipt [2]utiliptables.Interface,
|
ipt [2]utiliptables.Interface,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user