mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #88541 from cmluciano/cml/41ipvsfix
ipvs: only attempt setting of sysctlconnreuse on supported kernels
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
42c94f35a7
@ -302,6 +302,7 @@ func newProxyServer(
|
|||||||
healthzServer,
|
healthzServer,
|
||||||
config.IPVS.Scheduler,
|
config.IPVS.Scheduler,
|
||||||
config.NodePortAddresses,
|
config.NodePortAddresses,
|
||||||
|
kernelHandler,
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
var localDetector proxyutiliptables.LocalTrafficDetector
|
var localDetector proxyutiliptables.LocalTrafficDetector
|
||||||
@ -332,6 +333,7 @@ func newProxyServer(
|
|||||||
healthzServer,
|
healthzServer,
|
||||||
config.IPVS.Scheduler,
|
config.IPVS.Scheduler,
|
||||||
config.NodePortAddresses,
|
config.NodePortAddresses,
|
||||||
|
kernelHandler,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -88,6 +88,8 @@ const (
|
|||||||
|
|
||||||
// DefaultDummyDevice is the default dummy interface which ipvs service address will bind to it.
|
// DefaultDummyDevice is the default dummy interface which ipvs service address will bind to it.
|
||||||
DefaultDummyDevice = "kube-ipvs0"
|
DefaultDummyDevice = "kube-ipvs0"
|
||||||
|
|
||||||
|
connReuseMinSupportedKernelVersion = "4.1"
|
||||||
)
|
)
|
||||||
|
|
||||||
// iptablesJumpChain is tables of iptables chains that ipvs proxier used to install iptables or cleanup iptables.
|
// iptablesJumpChain is tables of iptables chains that ipvs proxier used to install iptables or cleanup iptables.
|
||||||
@ -342,6 +344,7 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
healthzServer healthcheck.ProxierHealthUpdater,
|
healthzServer healthcheck.ProxierHealthUpdater,
|
||||||
scheduler string,
|
scheduler string,
|
||||||
nodePortAddresses []string,
|
nodePortAddresses []string,
|
||||||
|
kernelHandler KernelHandler,
|
||||||
) (*Proxier, error) {
|
) (*Proxier, error) {
|
||||||
// Set the route_localnet sysctl we need for
|
// Set the route_localnet sysctl we need for
|
||||||
if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
|
if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
|
||||||
@ -364,12 +367,24 @@ func NewProxier(ipt utiliptables.Interface,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
kernelVersionStr, err := kernelHandler.GetKernelVersion()
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error determining kernel version to find required kernel modules for ipvs support: %v", err)
|
||||||
|
}
|
||||||
|
kernelVersion, err := version.ParseGeneric(kernelVersionStr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error parsing kernel version %q: %v", kernelVersionStr, err)
|
||||||
|
}
|
||||||
|
if kernelVersion.LessThan(version.MustParseGeneric(connReuseMinSupportedKernelVersion)) {
|
||||||
|
klog.Errorf("can't set sysctl %s, kernel version must be at least %s", sysctlConnReuse, connReuseMinSupportedKernelVersion)
|
||||||
|
} else {
|
||||||
// Set the connection reuse mode
|
// Set the connection reuse mode
|
||||||
if val, _ := sysctl.GetSysctl(sysctlConnReuse); val != 0 {
|
if val, _ := sysctl.GetSysctl(sysctlConnReuse); val != 0 {
|
||||||
if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
|
if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
|
||||||
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
|
return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Set the expire_nodest_conn sysctl we need for
|
// Set the expire_nodest_conn sysctl we need for
|
||||||
if val, _ := sysctl.GetSysctl(sysctlExpireNoDestConn); val != 1 {
|
if val, _ := sysctl.GetSysctl(sysctlExpireNoDestConn); val != 1 {
|
||||||
@ -504,6 +519,7 @@ func NewDualStackProxier(
|
|||||||
healthzServer healthcheck.ProxierHealthUpdater,
|
healthzServer healthcheck.ProxierHealthUpdater,
|
||||||
scheduler string,
|
scheduler string,
|
||||||
nodePortAddresses []string,
|
nodePortAddresses []string,
|
||||||
|
kernelHandler KernelHandler,
|
||||||
) (proxy.Provider, error) {
|
) (proxy.Provider, error) {
|
||||||
|
|
||||||
safeIpset := newSafeIpset(ipset)
|
safeIpset := newSafeIpset(ipset)
|
||||||
@ -513,7 +529,7 @@ func NewDualStackProxier(
|
|||||||
exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP,
|
exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP,
|
||||||
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
|
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
|
||||||
localDetectors[0], hostname, nodeIP[0],
|
localDetectors[0], hostname, nodeIP[0],
|
||||||
recorder, healthzServer, scheduler, nodePortAddresses)
|
recorder, healthzServer, scheduler, nodePortAddresses, kernelHandler)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
|
return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
|
||||||
}
|
}
|
||||||
@ -522,7 +538,7 @@ func NewDualStackProxier(
|
|||||||
exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP,
|
exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP,
|
||||||
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
|
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
|
||||||
localDetectors[1], hostname, nodeIP[1],
|
localDetectors[1], hostname, nodeIP[1],
|
||||||
nil, nil, scheduler, nodePortAddresses)
|
nil, nil, scheduler, nodePortAddresses, kernelHandler)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err)
|
return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err)
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user