scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-04 04:08:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make kube-proxy default to iptables (regression)

Browse Source 
This was accidentally introduced as part of the component config changes.
This commit is contained in:
Tim Hockin
2016-02-01 17:34:47 -08:00
parent ba13454430
commit 7ed83ad4f9
6 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/kube-proxy/app/options/options.go
View File

@@ -57,7 +57,6 @@ func NewProxyConfig() *ProxyServerConfig {
ResourceContainer: "/kube-proxy", ResourceContainer: "/kube-proxy",
IPTablesSyncPeriod: unversioned.Duration{30 * time.Second}, IPTablesSyncPeriod: unversioned.Duration{30 * time.Second},
UDPIdleTimeout: unversioned.Duration{250 * time.Millisecond}, UDPIdleTimeout: unversioned.Duration{250 * time.Millisecond},
Mode: componentconfig.ProxyModeUserspace,
ConntrackMax: 256 * 1024, // 4x default (64k) ConntrackMax: 256 * 1024, // 4x default (64k)
ConntrackTCPEstablishedTimeout: unversioned.Duration{Duration: 24 * time.Hour}, // 1 day (1/5 default) ConntrackTCPEstablishedTimeout: unversioned.Duration{Duration: 24 * time.Hour}, // 1 day (1/5 default)
}, },

11
cmd/kube-proxy/app/server.go
View File

@@ -20,6 +20,7 @@ package app
import ( import (
"errors" "errors"
"fmt"
"net" "net"
"net/http" "net/http"
_ "net/http/pprof" _ "net/http/pprof"
@@ -58,6 +59,7 @@ type ProxyServer struct {
Broadcaster record.EventBroadcaster Broadcaster record.EventBroadcaster
Recorder record.EventRecorder Recorder record.EventRecorder
Conntracker Conntracker // if nil, ignored Conntracker Conntracker // if nil, ignored
ProxyMode string
} }
const ( const (
@@ -83,6 +85,7 @@ func NewProxyServer(
broadcaster record.EventBroadcaster, broadcaster record.EventBroadcaster,
recorder record.EventRecorder, recorder record.EventRecorder,
conntracker Conntracker, conntracker Conntracker,
proxyMode string,
) (*ProxyServer, error) { ) (*ProxyServer, error) {
return &ProxyServer{ return &ProxyServer{
Client: client, Client: client,
@@ -92,6 +95,7 @@ func NewProxyServer(
Broadcaster: broadcaster, Broadcaster: broadcaster,
Recorder: recorder, Recorder: recorder,
Conntracker: conntracker, Conntracker: conntracker,
ProxyMode: proxyMode,
}, nil }, nil
} }
@@ -248,7 +252,7 @@ func NewProxyServerDefault(config *options.ProxyServerConfig) (*ProxyServer, err
conntracker := realConntracker{} conntracker := realConntracker{}
return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker) return NewProxyServer(client, config, iptInterface, proxier, eventBroadcaster, recorder, conntracker, proxyMode)
} }
// Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set). // Run runs the specified ProxyServer. This should never exit (unless CleanupAndExit is set).
@@ -265,8 +269,11 @@ func (s *ProxyServer) Run() error {
s.Broadcaster.StartRecordingToSink(s.Client.Events("")) s.Broadcaster.StartRecordingToSink(s.Client.Events(""))
// Start up Healthz service if requested // Start up a webserver if requested
if s.Config.HealthzPort > 0 { if s.Config.HealthzPort > 0 {
http.HandleFunc("/proxyMode", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%s", s.ProxyMode)
})
go util.Until(func() { go util.Until(func() {
err := http.ListenAndServe(s.Config.HealthzBindAddress+":"+strconv.Itoa(s.Config.HealthzPort), nil) err := http.ListenAndServe(s.Config.HealthzBindAddress+":"+strconv.Itoa(s.Config.HealthzPort), nil)
if err != nil { if err != nil {

4
docs/admin/kube-proxy.md
View File

@@ -71,12 +71,12 @@ kube-proxy
--masquerade-all[=false]: If using the pure iptables proxy, SNAT everything --masquerade-all[=false]: If using the pure iptables proxy, SNAT everything
--master="": The address of the Kubernetes API server (overrides any value in kubeconfig) --master="": The address of the Kubernetes API server (overrides any value in kubeconfig)
--oom-score-adj=-999: The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000] --oom-score-adj=-999: The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
--proxy-mode=userspace: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy. --proxy-mode=: Which proxy mode to use: 'userspace' (older) or 'iptables' (faster). If blank, look at the Node object on the Kubernetes API and respect the 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the best-available proxy (currently iptables). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
--proxy-port-range=: Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen. --proxy-port-range=: Range of host ports (beginPort-endPort, inclusive) that may be consumed in order to proxy service traffic. If unspecified (0-0) then ports will be randomly chosen.
--udp-timeout=250ms: How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace --udp-timeout=250ms: How long an idle UDP connection will be kept open (e.g. '250ms', '2s'). Must be greater than 0. Only applicable for proxy-mode=userspace
``` ```
###### Auto generated by spf13/cobra on 27-Jan-2016 ###### Auto generated by spf13/cobra on 1-Feb-2016
<!-- BEGIN MUNGE: GENERATED_ANALYTICS --> <!-- BEGIN MUNGE: GENERATED_ANALYTICS -->

4
pkg/apis/componentconfig/types.go
View File

@@ -63,9 +63,9 @@ type KubeProxyConfiguration struct {
} }
// Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables' // Currently two modes of proxying are available: 'userspace' (older, stable) or 'iptables'
// (experimental). If blank, look at the Node object on the Kubernetes API and respect the // (newer, faster). If blank, look at the Node object on the Kubernetes API and respect the
// 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the // 'net.experimental.kubernetes.io/proxy-mode' annotation if provided. Otherwise use the
// best-available proxy (currently userspace, but may change in future versions). If the // best-available proxy (currently iptables, but may change in future versions). If the
// iptables proxy is selected, regardless of how, but the system's kernel or iptables // iptables proxy is selected, regardless of how, but the system's kernel or iptables
// versions are insufficient, this always falls back to the userspace proxy. // versions are insufficient, this always falls back to the userspace proxy.
type ProxyMode string type ProxyMode string

2
pkg/kubemark/hollow_proxy.go
View File

@@ -75,7 +75,7 @@ func NewHollowProxyOrDie(
endpointsConfig.Channel("api"), endpointsConfig.Channel("api"),
) )
hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil) hollowProxy, err := proxyapp.NewProxyServer(client, config, iptInterface, &FakeProxier{}, broadcaster, recorder, nil, "fake")
if err != nil { if err != nil {
glog.Fatalf("Error while creating ProxyServer: %v\n", err) glog.Fatalf("Error while creating ProxyServer: %v\n", err)
} }

11
test/e2e/kubeproxy.go
View File

@@ -197,6 +197,10 @@ func (config *KubeProxyTestConfig) hitNodePort(epCount int) {
config.dialFromNode("udp", node2_IP, nodeUdpPort, tries, epCount) config.dialFromNode("udp", node2_IP, nodeUdpPort, tries, epCount)
By("dialing(http) node1 --> node2:nodeHttpPort") By("dialing(http) node1 --> node2:nodeHttpPort")
config.dialFromNode("http", node2_IP, nodeHttpPort, tries, epCount) config.dialFromNode("http", node2_IP, nodeHttpPort, tries, epCount)
By("checking kube-proxy URLs")
config.getSelfURL("/healthz", "ok")
config.getSelfURL("/proxyMode", "iptables") // the default
} }
func (config *KubeProxyTestConfig) hitEndpoints() { func (config *KubeProxyTestConfig) hitEndpoints() {
@@ -252,6 +256,13 @@ func (config *KubeProxyTestConfig) dialFromNode(protocol, targetIP string, targe
Expect(strconv.Atoi(strings.TrimSpace(stdout))).To(BeNumerically("==", expectedCount)) Expect(strconv.Atoi(strings.TrimSpace(stdout))).To(BeNumerically("==", expectedCount))
} }
func (config *KubeProxyTestConfig) getSelfURL(path string, expected string) {
cmd := fmt.Sprintf("curl -s --connect-timeout 1 http://localhost:10249%s", path)
By(fmt.Sprintf("Getting kube-proxy self URL %s", path))
stdout := RunHostCmdOrDie(config.f.Namespace.Name, config.hostTestContainerPod.Name, cmd)
Expect(strings.Contains(stdout, expected)).To(BeTrue())
}
func (config *KubeProxyTestConfig) createNetShellPodSpec(podName string, node string) *api.Pod { func (config *KubeProxyTestConfig) createNetShellPodSpec(podName string, node string) *api.Pod {
pod := &api.Pod{ pod := &api.Pod{
TypeMeta: unversioned.TypeMeta{ TypeMeta: unversioned.TypeMeta{