*: initial update to kube 1.8

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-26 16:23:09 +02:00 · 2017-09-26 16:23:09 +02:00 · d6e819133d
commit d6e819133d
parent 2453222695
1237 changed files with 84117 additions and 564982 deletions
--- a/vendor/k8s.io/kubernetes/pkg/proxy/util/conntrack.go
+++ b/vendor/k8s.io/kubernetes/pkg/proxy/util/conntrack.go
@ -18,30 +18,27 @@ package util

 import (
 	"fmt"
+	"strconv"
 	"strings"

-	"k8s.io/kubernetes/pkg/util/exec"
-
-	"github.com/golang/glog"
+	"k8s.io/utils/exec"
 )

 // Utilities for dealing with conntrack

 const noConnectionToDelete = "0 flow entries have been deleted"

-// DeleteServiceConnection uses the conntrack tool to delete the conntrack entries
-// for the UDP connections specified by the given service IPs
-func DeleteServiceConnections(execer exec.Interface, svcIPs []string) {
-	for _, ip := range svcIPs {
-		glog.V(2).Infof("Deleting connection tracking state for service IP %s", ip)
-		err := ExecConntrackTool(execer, "-D", "--orig-dst", ip, "-p", "udp")
-		if err != nil && !strings.Contains(err.Error(), noConnectionToDelete) {
-			// TODO: Better handling for deletion failure. When failure occur, stale udp connection may not get flushed.
-			// These stale udp connection will keep black hole traffic. Making this a best effort operation for now, since it
-			// is expensive to baby-sit all udp connections to kubernetes services.
-			glog.Errorf("conntrack returned error: %v", err)
-		}
+// DeleteServiceConnections uses the conntrack tool to delete the conntrack entries
+// for the UDP connections specified by the given service IP
+func ClearUDPConntrackForIP(execer exec.Interface, ip string) error {
+	err := ExecConntrackTool(execer, "-D", "--orig-dst", ip, "-p", "udp")
+	if err != nil && !strings.Contains(err.Error(), noConnectionToDelete) {
+		// TODO: Better handling for deletion failure. When failure occur, stale udp connection may not get flushed.
+		// These stale udp connection will keep black hole traffic. Making this a best effort operation for now, since it
+		// is expensive to baby-sit all udp connections to kubernetes services.
+		return fmt.Errorf("error deleting connection tracking state for UDP service IP: %s, error: %v", ip, err)
 	}
+	return nil
 }

 // ExecConntrackTool executes the conntrack tool using the given parameters
@ -56,3 +53,33 @@ func ExecConntrackTool(execer exec.Interface, parameters ...string) error {
 	}
 	return nil
 }
+
+// ClearUDPConntrackForPort uses the conntrack tool to delete the conntrack entries
+// for the UDP connections specified by the port.
+// When a packet arrives, it will not go through NAT table again, because it is not "the first" packet.
+// The solution is clearing the conntrack. Known issues:
+// https://github.com/docker/docker/issues/8795
+// https://github.com/kubernetes/kubernetes/issues/31983
+func ClearUDPConntrackForPort(execer exec.Interface, port int) error {
+	if port <= 0 {
+		return fmt.Errorf("Wrong port number. The port number must be greater than zero")
+	}
+	err := ExecConntrackTool(execer, "-D", "-p", "udp", "--dport", strconv.Itoa(port))
+	if err != nil && !strings.Contains(err.Error(), noConnectionToDelete) {
+		return fmt.Errorf("error deleting conntrack entries for UDP port: %d, error: %v", port, err)
+	}
+	return nil
+}
+
+// ClearUDPConntrackForPeers uses the conntrack tool to delete the conntrack entries
+// for the UDP connections specified by the {origin, dest} IP pair.
+func ClearUDPConntrackForPeers(execer exec.Interface, origin, dest string) error {
+	err := ExecConntrackTool(execer, "-D", "--orig-dst", origin, "--dst-nat", dest, "-p", "udp")
+	if err != nil && !strings.Contains(err.Error(), noConnectionToDelete) {
+		// TODO: Better handling for deletion failure. When failure occur, stale udp connection may not get flushed.
+		// These stale udp connection will keep black hole traffic. Making this a best effort operation for now, since it
+		// is expensive to baby sit all udp connections to kubernetes services.
+		return fmt.Errorf("error deleting conntrack entries for UDP peer {%s, %s}, error: %v", origin, dest, err)
+	}
+	return nil
+}
--- a/vendor/k8s.io/kubernetes/pkg/proxy/util/port.go
+++ b/vendor/k8s.io/kubernetes/pkg/proxy/util/port.go
@ -0,0 +1,64 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+
+	"github.com/golang/glog"
+)
+
+// LocalPort describes a port on specific IP address and protocol
+type LocalPort struct {
+	// Description is the identity message of a given local port.
+	Description string
+	// IP is the IP address part of a given local port.
+	// If this string is empty, the port binds to all local IP addresses.
+	IP string
+	// Port is the port part of a given local port.
+	Port int
+	// Protocol is the protocol part of a given local port.
+	// The value is assumed to be lower-case. For example, "udp" not "UDP", "tcp" not "TCP".
+	Protocol string
+}
+
+func (lp *LocalPort) String() string {
+	return fmt.Sprintf("%q (%s:%d/%s)", lp.Description, lp.IP, lp.Port, lp.Protocol)
+}
+
+// Closeable is an interface around closing an port.
+type Closeable interface {
+	Close() error
+}
+
+// PortOpener is an interface around port opening/closing.
+// Abstracted out for testing.
+type PortOpener interface {
+	OpenLocalPort(lp *LocalPort) (Closeable, error)
+}
+
+// RevertPorts is closing ports in replacementPortsMap but not in originalPortsMap. In other words, it only
+// closes the ports opened in this sync.
+func RevertPorts(replacementPortsMap, originalPortsMap map[LocalPort]Closeable) {
+	for k, v := range replacementPortsMap {
+		// Only close newly opened local ports - leave ones that were open before this update
+		if originalPortsMap[k] == nil {
+			glog.V(2).Infof("Closing local port %s", k.String())
+			v.Close()
+		}
+	}
+}
--- a/vendor/k8s.io/kubernetes/pkg/proxy/util/utils.go
+++ b/vendor/k8s.io/kubernetes/pkg/proxy/util/utils.go
@ -0,0 +1,58 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"net"
+
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/helper"
+
+	"github.com/golang/glog"
+)
+
+func IsLocalIP(ip string) (bool, error) {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return false, err
+	}
+	for i := range addrs {
+		intf, _, err := net.ParseCIDR(addrs[i].String())
+		if err != nil {
+			return false, err
+		}
+		if net.ParseIP(ip).Equal(intf) {
+			return true, nil
+		}
+	}
+	return false, nil
+}
+
+func ShouldSkipService(svcName types.NamespacedName, service *api.Service) bool {
+	// if ClusterIP is "None" or empty, skip proxying
+	if !helper.IsServiceIPSet(service) {
+		glog.V(3).Infof("Skipping service %s due to clusterIP = %q", svcName, service.Spec.ClusterIP)
+		return true
+	}
+	// Even if ClusterIP is set, ServiceTypeExternalName services don't get proxied
+	if service.Spec.Type == api.ServiceTypeExternalName {
+		glog.V(3).Infof("Skipping service %s due to Type=ExternalName", svcName)
+		return true
+	}
+	return false
+}