github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-10-31 05:40:42 +00:00
Code Issues Projects Releases Wiki Activity
49,030 Commits 42 Branches 8,159 Tags
0f95f13dcca23302d973a923fba6bc95fc502a7c
Commit Graph

162 Commits

Author SHA1 Message Date
Girish Kalele
d3a1510e02 Fix kube-proxy logic to change iptables chains when ESIPP is turned on or off 2016-09-06 11:04:36 -07:00
Angus Salkeld
f785f3d3ef Clean up IPTables caps i.e.: sed -i "s/Iptables/IPTables/g" 2016-08-29 10:34:42 +10:00
Kubernetes Submit Queue
189a870ec8 Merge pull request #30376 from justinsb/kubenet_mtu 
Automatic merge from submit-queue

Add kubelet --network-plugin-mtu flag for MTU selection

* Add network-plugin-mtu option which lets us pass down a MTU to a network provider (currently processed by kubenet)
* Add a test, and thus make sysctl testable
 2016-08-23 21:54:50 -07:00
Girish Kalele
b82c028f77 GCE Cloud provider changes for ESIPP 
Add feature gate (ExternalTrafficLocalOnly) for alpha feature
 2016-08-23 16:16:39 -07:00
Justin Santa Barbara
2c103af2b6 Create testable implementation of sysctl 
This is so we can test kubenet Init, which calls sysctl
 2016-08-23 01:42:37 -04:00
Minhan Xia
ec5699e451 clean up oldIptablesMasqueradeMark 2016-08-22 15:05:13 -07:00
Minhan Xia
392a92c9fa change KUBE-XLB back to KUBE-FW 2016-08-18 10:19:59 -07:00
Minhan Xia
b31874fe82 bug fixes and nits 2016-08-18 10:19:59 -07:00
Minhan Xia
1acaa1db09 Revert "Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE"" 2016-08-18 10:19:48 -07:00
Daniel Smith
2aa0bb2dfc Revert "syncNetworkUtil in kubelet and fix loadbalancerSourceRange on GCE" 2016-08-16 18:12:28 -07:00
Minhan Xia
643fc3803b add firewall chain to filter request based on loadbalancer source range 2016-08-15 17:42:41 -07:00
Girish Kalele
5d6abf59ff kube-proxy: Propagate hostname to iptables proxier 2016-08-09 10:05:29 -07:00
Tim Hockin
04d60ddab0 Remove br_netfilter warning in kube-proxy 
Many distros have this module linked in, generating a spurious error.
 2016-07-03 09:54:26 -07:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Minhan Xia
6a3ad1d66d add hostport support for kubenet 2016-05-22 22:18:58 -07:00
Clayton Coleman
fdb110c859 Fix the rest of the code 2016-04-29 17:12:10 -04:00
Minhan Xia
56ad718008 only close new ports upon iptables-restore failure 2016-04-26 14:23:06 -07:00
goltermann
dddc6cb6c8 Fix a few spellings. 2016-04-21 15:16:42 -07:00
CJ Cullen
760568796f Masquerade traffic from off-cluster going through kube-proxy. 2016-04-19 21:39:34 -07:00
Minhan Xia
ad8c67723a add test for udp connection flush 2016-04-18 14:58:08 -07:00
Minhan Xia
4fa6f3841a fixing dead endpoint black hole udp traffic 2016-04-13 10:20:02 -07:00
Dan Williams
6248939e11 Push responsibility for bridge-nf-call-iptables to kubelet network plugins 
bridge-nf-call-iptables appears to only be relevant when the containers are
attached to a Linux bridge, which is usually the case with default Kubernetes
setups, docker, and flannel.  That ensures that the container traffic is
actually subject to the iptables rules since it traverses a Linux bridge
and bridged traffic is only subject to iptables when bridge-nf-call-iptables=1.

But with other networking solutions (like openshift-sdn) that don't use Linux
bridges, bridge-nf-call-iptables may not be not relevant, because iptables is
invoked at other points not involving a Linux bridge.

The decision to set bridge-nf-call-iptables should be influenced by networking
plugins, so push the responsiblity out to them.  If no network plugin is
specified, fall back to the existing bridge-nf-call-iptables=1 behavior.
 2016-02-23 09:34:59 -06:00
k8s-merge-robot
b32078d89b Merge pull request #20496 from matthewdupre/masquerade-config 
Auto commit by PR queue bot
 2016-02-08 10:49:20 -08:00
Matt Dupre
9925cddc11 Change iptables fwmark to use single configurable bit instead of whole mark space 2016-02-08 11:12:09 +00:00
k8s-merge-robot
c26087db45 Merge pull request #19611 from thockin/proxy-sysctl-decouple 
Auto commit by PR queue bot
 2016-02-06 23:01:48 -08:00
Tim Hockin
1e7db4a174 Implement proper cleanup in iptables proxy 2016-02-07 02:42:18 +00:00
Tim Hockin
107c5f7813 Put all masquerade mark logic into new chains 
This allows us to use the MARK-MASQ chain as a subroutine, rather than encoding
the mark in many places.  Having a KUBE-POSTROUTING chain means we can flush
and rebuild it atomically.  This makes followon work to change the mark
significantly easier.
 2016-02-07 02:42:07 +00:00
Tim Hockin
41ba8ced6d Dont log errors on proxy leftover cleanup 2016-02-07 02:41:50 +00:00
Marc Lough
c33fcba311 Reject packets to services without endpoints 2016-02-04 20:56:02 +00:00
Prashanth Balasubramanian
e1fa6e9fb8 kube-proxy applies latest snapshot of endpoints and services. 2016-02-03 12:58:37 -08:00
Tim Hockin
11f75e61b9 Inject a kernel-compat tester for kube-proxy test 2016-02-02 22:11:39 -08:00
Tim Hockin
970c045848 Enable iptables kube-proxy by default in master 2015-11-13 18:38:01 -08:00
k8s-merge-robot
36bae67910 Merge pull request #16548 from ArtfulCoder/kube-proxy-mem-use 
Auto commit by PR queue bot
 2015-10-30 06:23:14 -07:00
Abhishek Shah
5367a32ee9 Read Iptables-save output in a more-memory-efficient way 2015-10-29 15:30:00 -07:00
Avesh Agarwal
e1837185de Improves iptables cleanup for pure iptables based proxier. 2015-10-27 13:08:16 -04:00
derekwaynecarr
970c369f31 Kubelet sets kernel overcommit_memory flag 2015-10-06 14:28:46 -04:00
Alex Robinson
b1461be2e4 Merge pull request #14982 from Huawei-PaaS/fixed_typos_for_proxy 
Fixed some typos for pkg/proxy
 2015-10-05 11:40:03 -07:00
qiaolei
718d7df276 Fixed some typos 2015-10-03 00:33:35 +08:00
Mikaël Cluseau
4bf0ef8ce2 setSysctl for bridge-nf-call-iptables should fail with a warning 2015-09-26 17:11:33 +11:00
k8s-merge-robot
bf990acefa Merge pull request #13988 from thockin/kube-proxy-startup-clobber 
Auto commit by PR queue bot
 2015-09-17 01:29:35 -07:00
Tim Hockin
84a9b0a37a Fix bug in iptables proxy that clobbered endpoints 
There is a race at startup where the two watch operations might clobber state
if the initial message comes in the wrong order.
 2015-09-15 13:07:33 -07:00
Dan Winship
30ea22f40e Make kube-proxy resync its rules on firewalld restart 2015-09-15 11:17:40 -04:00
Dan Winship
a41e422600 Drop the "v" from GetIptablesVersionString() output 
Neither of its callers wants it
 2015-08-31 09:54:57 -04:00
Tim Hockin
8e503f3814 Hold node ports in iptables proxier 2015-08-24 16:35:05 -07:00
Nikhil Jindal
9a7f871d17 Merge pull request #12896 from thockin/proxy-nodeports 
Tail-call nodeports rules in iptables proxy
 2015-08-24 10:39:54 -07:00
Tim Hockin
16102c41df Tail-call nodeports rules in iptables proxy 2015-08-21 14:15:21 -07:00
BenTheElder
81ab51709a Add --cleanup-iptables flag to kube-proxy 
Adds a flag to cleanup iptables rules created by kube-proxy per
https://github.com/mesosphere/kubernetes-mesos/issues/353#issuecomment-1
27382832
 2015-08-21 14:44:11 -04:00
Jerzy Szczepkowski
3df1b9e151 Merge pull request #12986 from BenTheElder/masquerade_all_flag 
Add flag to masquerade all in kube-proxy when using iptables proxier
 2015-08-21 10:28:07 +02:00
BenTheElder
1f2076ce64 Add flag to masquerade all in kube-proxy when using iptables proxier 2015-08-20 20:12:32 -04:00
Abhishek Shah
b6b8e99393 External IPs support. 2015-08-20 16:10:01 -07:00