github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Dont log errors on proxy leftover cleanup

Browse Source
This commit is contained in:
Tim Hockin 2016-02-02 15:58:06 -08:00 committed by Matt Dupre
parent 19c80e126a
commit 41ba8ced6d
4 changed files with 67 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/kube-proxy/app/server.go
View File

@ -190,7 +190,7 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
proxyMode := getProxyMode(string(config.Mode), client.Nodes(), hostname, iptInterface) proxyMode := getProxyMode(string(config.Mode), client.Nodes(), hostname, iptInterface)
if proxyMode == proxyModeIptables { if proxyMode == proxyModeIptables {
glog.V(2).Info("Using iptables Proxier.") glog.V(0).Info("Using iptables Proxier.")
proxierIptables, err := iptables.NewProxier(iptInterface, execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll) proxierIptables, err := iptables.NewProxier(iptInterface, execer, config.IPTablesSyncPeriod.Duration, config.MasqueradeAll)
if err != nil { if err != nil {
glog.Fatalf("Unable to create proxier: %v", err) glog.Fatalf("Unable to create proxier: %v", err)
@ -198,10 +198,10 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
proxier = proxierIptables proxier = proxierIptables
endpointsHandler = proxierIptables endpointsHandler = proxierIptables
// No turning back. Remove artifacts that might still exist from the userspace Proxier. // No turning back. Remove artifacts that might still exist from the userspace Proxier.
glog.V(2).Info("Tearing down userspace rules. Errors here are acceptable.") glog.V(0).Info("Tearing down userspace rules.")
userspace.CleanupLeftovers(iptInterface) userspace.CleanupLeftovers(iptInterface)
} else { } else {
glog.V(2).Info("Using userspace Proxier.") glog.V(0).Info("Using userspace Proxier.")
// This is a proxy.LoadBalancer which NewProxier needs but has methods we don't need for // This is a proxy.LoadBalancer which NewProxier needs but has methods we don't need for
// our config.EndpointsConfigHandler. // our config.EndpointsConfigHandler.
loadBalancer := userspace.NewLoadBalancerRR() loadBalancer := userspace.NewLoadBalancerRR()
@ -221,7 +221,7 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
} }
proxier = proxierUserspace proxier = proxierUserspace
// Remove artifacts from the pure-iptables Proxier. // Remove artifacts from the pure-iptables Proxier.
glog.V(2).Info("Tearing down pure-iptables proxy rules. Errors here are acceptable.") glog.V(0).Info("Tearing down pure-iptables proxy rules.")
iptables.CleanupLeftovers(iptInterface) iptables.CleanupLeftovers(iptInterface)
} }
iptInterface.AddReloadFunc(proxier.Sync) iptInterface.AddReloadFunc(proxier.Sync)

11
pkg/proxy/iptables/proxier.go
View File

@ -115,7 +115,6 @@ type serviceInfo struct {
loadBalancerStatus api.LoadBalancerStatus loadBalancerStatus api.LoadBalancerStatus
sessionAffinityType api.ServiceAffinity sessionAffinityType api.ServiceAffinity
stickyMaxAgeSeconds int stickyMaxAgeSeconds int
// Deprecated, but required for back-compat (including e2e)
externalIPs []string externalIPs []string
} }
@ -196,34 +195,44 @@ func CleanupLeftovers(ipt utiliptables.Interface) (encounteredError bool) {
//TODO: actually tear down all rules and chains. //TODO: actually tear down all rules and chains.
args := []string{"-m", "comment", "--comment", "kubernetes service portals", "-j", string(iptablesServicesChain)} args := []string{"-m", "comment", "--comment", "kubernetes service portals", "-j", string(iptablesServicesChain)}
if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainOutput, args...); err != nil { if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainOutput, args...); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error removing pure-iptables proxy rule: %v", err) glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
encounteredError = true encounteredError = true
} }
}
if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainPrerouting, args...); err != nil { if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainPrerouting, args...); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error removing pure-iptables proxy rule: %v", err) glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
encounteredError = true encounteredError = true
} }
}
args = []string{"-m", "comment", "--comment", "kubernetes service traffic requiring SNAT", "-m", "mark", "--mark", iptablesMasqueradeMark, "-j", "MASQUERADE"} args = []string{"-m", "comment", "--comment", "kubernetes service traffic requiring SNAT", "-m", "mark", "--mark", iptablesMasqueradeMark, "-j", "MASQUERADE"}
if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainPostrouting, args...); err != nil { if err := ipt.DeleteRule(utiliptables.TableNAT, utiliptables.ChainPostrouting, args...); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error removing pure-iptables proxy rule: %v", err) glog.Errorf("Error removing pure-iptables proxy rule: %v", err)
encounteredError = true encounteredError = true
} }
}
// flush and delete chains. // flush and delete chains.
chains := []utiliptables.Chain{iptablesServicesChain, iptablesNodePortsChain} chains := []utiliptables.Chain{iptablesServicesChain, iptablesNodePortsChain}
for _, c := range chains { for _, c := range chains {
// flush chain, then if sucessful delete, delete will fail if flush fails. // flush chain, then if sucessful delete, delete will fail if flush fails.
if err := ipt.FlushChain(utiliptables.TableNAT, c); err != nil { if err := ipt.FlushChain(utiliptables.TableNAT, c); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error flushing pure-iptables proxy chain: %v", err) glog.Errorf("Error flushing pure-iptables proxy chain: %v", err)
encounteredError = true encounteredError = true
}
} else { } else {
if err = ipt.DeleteChain(utiliptables.TableNAT, c); err != nil { if err = ipt.DeleteChain(utiliptables.TableNAT, c); err != nil {
if !utiliptables.IsNotFoundError(err) {
glog.Errorf("Error deleting pure-iptables proxy chain: %v", err) glog.Errorf("Error deleting pure-iptables proxy chain: %v", err)
encounteredError = true encounteredError = true
} }
} }
} }
}
return encounteredError return encounteredError
} }

14
pkg/proxy/userspace/proxier.go
View File

@ -196,28 +196,38 @@ func CleanupLeftovers(ipt iptables.Interface) (encounteredError bool) {
// Delete Rules first, then Flush and Delete Chains // Delete Rules first, then Flush and Delete Chains
args := []string{"-m", "comment", "--comment", "handle ClusterIPs; NOTE: this must be before the NodePort rules"} args := []string{"-m", "comment", "--comment", "handle ClusterIPs; NOTE: this must be before the NodePort rules"}
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, append(args, "-j", string(iptablesHostPortalChain))...); err != nil { if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, append(args, "-j", string(iptablesHostPortalChain))...); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error removing userspace rule: %v", err) glog.Errorf("Error removing userspace rule: %v", err)
encounteredError = true encounteredError = true
} }
}
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, append(args, "-j", string(iptablesContainerPortalChain))...); err != nil { if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, append(args, "-j", string(iptablesContainerPortalChain))...); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error removing userspace rule: %v", err) glog.Errorf("Error removing userspace rule: %v", err)
encounteredError = true encounteredError = true
} }
}
args = []string{"-m", "addrtype", "--dst-type", "LOCAL"} args = []string{"-m", "addrtype", "--dst-type", "LOCAL"}
args = append(args, "-m", "comment", "--comment", "handle service NodePorts; NOTE: this must be the last rule in the chain") args = append(args, "-m", "comment", "--comment", "handle service NodePorts; NOTE: this must be the last rule in the chain")
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, append(args, "-j", string(iptablesHostNodePortChain))...); err != nil { if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainOutput, append(args, "-j", string(iptablesHostNodePortChain))...); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error removing userspace rule: %v", err) glog.Errorf("Error removing userspace rule: %v", err)
encounteredError = true encounteredError = true
} }
}
if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, append(args, "-j", string(iptablesContainerNodePortChain))...); err != nil { if err := ipt.DeleteRule(iptables.TableNAT, iptables.ChainPrerouting, append(args, "-j", string(iptablesContainerNodePortChain))...); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error removing userspace rule: %v", err) glog.Errorf("Error removing userspace rule: %v", err)
encounteredError = true encounteredError = true
} }
}
args = []string{"-m", "comment", "--comment", "Ensure that non-local NodePort traffic can flow"} args = []string{"-m", "comment", "--comment", "Ensure that non-local NodePort traffic can flow"}
if err := ipt.DeleteRule(iptables.TableFilter, iptables.ChainInput, append(args, "-j", string(iptablesNonLocalNodePortChain))...); err != nil { if err := ipt.DeleteRule(iptables.TableFilter, iptables.ChainInput, append(args, "-j", string(iptablesNonLocalNodePortChain))...); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error removing userspace rule: %v", err) glog.Errorf("Error removing userspace rule: %v", err)
encounteredError = true encounteredError = true
} }
}
// flush and delete chains. // flush and delete chains.
tableChains := map[iptables.Table][]iptables.Chain{ tableChains := map[iptables.Table][]iptables.Chain{
@ -228,16 +238,20 @@ func CleanupLeftovers(ipt iptables.Interface) (encounteredError bool) {
for _, c := range chains { for _, c := range chains {
// flush chain, then if successful delete, delete will fail if flush fails. // flush chain, then if successful delete, delete will fail if flush fails.
if err := ipt.FlushChain(table, c); err != nil { if err := ipt.FlushChain(table, c); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error flushing userspace chain: %v", err) glog.Errorf("Error flushing userspace chain: %v", err)
encounteredError = true encounteredError = true
}
} else { } else {
if err = ipt.DeleteChain(table, c); err != nil { if err = ipt.DeleteChain(table, c); err != nil {
if !iptables.IsNotFoundError(err) {
glog.Errorf("Error deleting userspace chain: %v", err) glog.Errorf("Error deleting userspace chain: %v", err)
encounteredError = true encounteredError = true
} }
} }
} }
} }
}
return encounteredError return encounteredError
} }

14
pkg/util/iptables/iptables.go
View File

@ -576,3 +576,17 @@ func (runner *runner) reload() {
f() f()
} }
} }
// IsNotFoundError returns true if the error indicates "not found". It parses
// the error string looking for known values, which is imperfect but works in
// practice.
func IsNotFoundError(err error) bool {
es := err.Error()
if strings.Contains(es, "No such file or directory") {
return true
}
if strings.Contains(es, "No chain/target/match by that name") {
return true
}
return false
}