27a68aee3a introduced context support for events. Creating an event
broadcaster with context makes tests more resilient against leaking goroutines
when that context gets canceled at the end of a test and enables per-test
output via ktesting.
The context could get passed to the constructor. A cleaner solution is to
enhance context support for the apiserver and then pass the context into the
controller's run method. This ripples up the call stack to all places which
start an apiserver.
27a68aee3a introduced context support for events. Creating an event
broadcaster with context makes tests more resilient against leaking goroutines
when that context gets canceled at the end of a test and enables per-test
output via ktesting.
The New method already had a context, therefore no API changes are needed.
Importing the `k8s.io/kubernetes/pkg/features` package in the remote
runtime implementation makes it harder to separate the functionalities
at some later point in time.
We now decouple them by checking if the feature is enabled directly in
the kubelet service creation path.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* LocalTrafficDetector construction and test improvements
* Reorder getLocalDetector unit test fields so "input" args come before "output" args
* Don't pass DetectLocalMode as a separate arg to getLocalDetector
It's already part of `config`
* Clarify test names in preparation for merging
* Merge single-stack/dual-stack LocalTrafficDetector construction
Also, only warn if the *primary* IP family is not correctly configured
(since we don't actually know if the cluster is really dual-stack or
not), and pass the pair of detectors to the proxiers as a map rather
than an array.
* Remove the rest of Test_getDualStackLocalDetectorTuple
Immediately exit on receiving an unexpected response, we currently
wait for all the attempts to be exhausted and then return an error.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
This is to mitigate CVE-2023-44487
until the Go standard library and golang.org/x/net
are fully fixed.
Signed-off-by: Jayapriya Pai <janantha@redhat.com>
Track packets dropped by proxy which were marked invalid by conntrack
using nfacct netfilter extended accounting infrastructure.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
nfacct is netfilter's accounting subsystem. This utility allows
interactions with the subsystem using lower level netlink API.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
