In reference to issue #725, we modified kube-router to send
heartbeats before starting policy sync to prevent missing
heartbeats while running iptables commands.
Signed-off-by: Jérôme Poulin <jeromepoulin@gmail.com>
* update netlink
* update libnetwork to get ipvs stats
* update gopkg.lock for libnetwork update
* update libnetwork
* add cli options
* make endpoints delete gracefully
* move conntrack flusher
* get some order in the mainloop
* update to alpine 3.9 & go 1.11.1
* revert to 1.10.3 just update alpine
* and revert travis.yml
* lock version
* test 1.12
* test
* prevent host services from being accessible through service IPs
- on startup create ipsets and firewall rules
- on sync update ipsets
- on cleanup remove firewall rules and ipsets
Fixes#282.
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* ensure iptables rules are also available during cleanup
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* first check if chain exists
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* err not a new variable
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* more redeclared vars
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* maintain a ipset for local addresses and exclude those from our default deny rule
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* copy/paste errors
Signed-off-by: Steven Armstrong <steven.armstrong@id.ethz.ch>
* update metrics docs & dashboard
* renamed `namespace` label to `svc_namespace` for service metrics as it would be overwritten by most Prometheus setups
* Made histograms for all the controller sync times for better visualization
* added `controller_routes_sync_time`, `controller_bgp_advertisements_sent` & `controller_policy_chains_sync_time` metrics
* make IPVS proxier set net/ipv4/vs/conn_reuse_mode to 0 by default, which will fix the IPVS low throughput issue
* better error message
* check and inform if to old kernel to use feature
* Add to set ip_vs_mh scheduler and flags
Signed-off-by: Inju Song <inju.song@navercorp.com>
* Use scheduler flags when adding or updating service
Signed-off-by: Inju Song <inju.song@navercorp.com>
* Refactor with gofmt, generate moq file and fix test source
Signed-off-by: Inju Song <inju.song@navercorp.com>
`Cmd.CombinedOutput()` returns `[]byte` for the command output which, at least for `ip` commands should be a printable string. The output is now printed as string.
Furthermore the constant `KUBE_DUMMY_IF` is used for the interface name to reduce multiple definitions of the interface name.
Signed-off-by: Mathias Kaufmann <me@stei.gr>
