Kubenet host-port support through iptables #25604
Merged
+500
−115
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
freehan
added
the
release-note-none
k8s-github-robot
added
the
size/XL
| execer: utilexec.New(), | ||
| podCIDRs: make(map[kubecontainer.ContainerID]string), | ||
| hostPortMap: make(map[hostport]closeable), | ||
| MTU: 1460, |
|
@thockin Ready for round 2 |
| kubenetPostroutingChain utiliptables.Chain = "KUBENET-POSTROUTING" | ||
| // the mark-for-masquerade chain | ||
| kubenetMarkChain utiliptables.Chain = "KUBENET-MARK" | ||
| // TODO: do not hard code mark |
There was a problem hiding this comment.
How do we resolve this TODO? do we need a flag to kubelet? Why is this a different bit than the kube-proxy? What is the long-term plan to manage these
freehan
force-pushed
the
kubenethostport
branch
2 times, most recently
from
ce2c777 to
86ab203
Compare
|
@thockin Ready for round 3 |
freehan
force-pushed
the
kubenethostport
branch
2 times, most recently
from
d1617d9 to
3281811
Compare
|
|
||
| // the hostport chain | ||
| kubenetHostportChain utiliptables.Chain = "KUBENET-HOSTPORT" | ||
| // prefix for kubenet hostort chains |
freehan
force-pushed
the
kubenethostport
branch
2 times, most recently
from
84a9b40 to
3846ac8
Compare
| @@ -48,6 +53,11 @@ const ( | |||
| DefaultCNIDir = "/opt/cni/bin" | |||
|
|
|||
| sysctlBridgeCallIptables = "net/bridge/bridge-nf-call-iptables" | |||
|
|
|||
| // the hostport chain | |||
| kubenetHostportChain utiliptables.Chain = "KUBENET-HOSTPORTS" | |||
|
just one name nit, then LGTM. fix and self-apply. I want to point out that this PR will close #15 - the OLDEST open bug on the project. |
thockin
added
release-note
thockin
changed the title
|
re-titled for release note. |
|
Could we eventually move most of this to a CNI plugin instead? |
freehan
added
the
lgtm
|
That is the plan. |
|
LGTM too, for what it's worth... |
|
Needs rebase :( |
k8s-github-robot
removed
the
lgtm
freehan
added
the
lgtm
|
Still failing |
|
Because submit queue is blocked, I'm going to kick off re-tests of the top 5 PRs in the queue, then merge them if they pass. |
|
@k8s-bot test this issue: #IGNORE Looks like a random failure to me |
|
GCE e2e build/test passed for commit 6a3ad1d. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@thockin @dcbw
closes #15