github-personal/kubernetes
1
0
Fork 0
mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-02-22 02:41:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
191d3c568107d109cb56f1adcc8dfca877f59930
kubernetes/pkg
History
Kubernetes Submit Queue 191d3c5681 Merge pull request #62718 from Lion-Wei/ipvs-host 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Fix problem that ipvs can't work with hostPort

**What this PR does / why we need it**:
Make ipvs proxy mode can work with pods that have hostPort.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61938
#60688 and #60305 are related too.

**Special notes for your reviewer**:
IPVS proxier will create dummy device named `kube-ipvs0`, which will maintain all ipvs virtual service address. That means all ipvs maintained clusterIP/externalIP/ingress will be treat as local address.

Then if we have a pod with hostPort, cni will attach this rule to `PREROUTING` chain:
```
KUBE-HOSTPORTS  all  --  0.0.0.0/0            0.0.0.0/0            /* kube hostport portals */ ADDRTYPE match dst-type LOCAL
```
so if a service have same port with pod's hostport, then this service can't be access.

In this pr, we added `ACCESS` rule for traffic that aim to ipvs virtual service, to prevent those traffic from be blocked by other rules.

**Release note**:
```release-note
NONE
```
2018-04-27 19:50:45 -07:00
..
api
remove versioning interface
2018-04-27 07:56:42 -04:00
apis
Merge pull request #63180 from krmayankk/removcode
2018-04-27 10:45:16 -07:00
auth
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
capabilities
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
client
Merge pull request #63200 from deads2k/api-09-duplicate
2018-04-26 09:43:06 -07:00
cloudprovider
Simplify vmset acquirement logic
2018-04-27 11:05:45 +08:00
controller
remove versioning interface
2018-04-27 07:56:42 -04:00
credentialprovider
Use new clients in Azure credential provider
2018-04-26 09:38:48 +08:00
features
Merge pull request #62870 from pospispa/Bring-StorageObjectInUseProtection-feature-to-GA-2nd-attempt
2018-04-26 17:25:04 -07:00
fieldpath
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
generated
Add pointer comments
2018-04-25 09:47:14 -07:00
kubeapiserver
remove KUBE_API_VERSIONS
2018-04-26 08:27:49 -04:00
kubectl
Merge pull request #63254 from liggitt/api-resources
2018-04-27 17:43:13 -07:00
kubelet
Make kubelet ReadLogs backward compatible.
2018-04-27 16:03:29 -07:00
kubemark
add nodeport-addresses flag for kube-proxy
2018-02-26 23:48:46 +08:00
master
Merge pull request #63200 from deads2k/api-09-duplicate
2018-04-26 09:43:06 -07:00
printers
rest mappings cannot logically be object converters
2018-04-26 12:47:25 -04:00
probe
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
proxy
Merge pull request #62718 from Lion-Wei/ipvs-host
2018-04-27 19:50:45 -07:00
quota
Resources prefixed with *kubernetes.io/ should remain unscheduled if they are not exposed on the node.
2018-03-28 17:24:30 -07:00
registry
rest mappings cannot logically be object converters
2018-04-26 12:47:25 -04:00
routes
Remove /ui/ redirect
2018-02-12 10:54:33 -05:00
scheduler
Merge pull request #59735 from wgliang/master.predicates_test
2018-04-26 20:41:33 -07:00
security
Update generated files.
2018-04-11 18:35:24 +02:00
securitycontext
remove unused code in securitycontext
2018-03-29 23:32:48 -07:00
serviceaccount
fix a error in serviceaccount validate.
2018-04-24 14:48:37 +08:00
ssh
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
util
Merge pull request #62951 from dims/support-nsenter-better-in-non-systemd-envs
2018-04-25 01:08:10 -07:00
version
Require boilerplate on Bazel Skylark source files
2018-02-16 13:44:04 -08:00
volume
Merge pull request #59166 from zhangxiaoyu-zidif/clean-err-rbd
2018-04-27 10:45:09 -07:00
watch/json
remove outdate package
2018-01-15 23:17:19 +08:00
windows/service
Add support for binaries to run as Windows services
2018-03-07 00:51:36 +01:00
.import-restrictions
BUILD
pkg/api/unversioned related cleanup
2018-03-13 17:20:16 +08:00
OWNERS