I found that without taking a brief pause between iptables cleanup and
ipset deletion, sometimes the system still thought that there were
iptables references to the ipsets and would error instead of cleaning
the ipsets.
* remove IPVS metrics
Remove metrics for IPVS services when the IPVS service is deleted so
that the number of metrics does not grow without bound.
Fixes#734
* delete metricsMap key when IPVS service is removed
Delete the key in NetworkServicesController.metricsMap when the
respective IPVS configuration is removed.
Remove a period from a comment to conform to kube-router norms
* cleanup stale metrics in a distinct method
* remove unnecessary error return value on cleanupStaleMetrics
* fix(nsc): Overly eager IPVS updating
Switches the endpoint map comparison in OnEndpointsUpdate from being a
DeepEqual, to instead checking that all services exist, and that their
associated endpoints are similar.
Ordering is no longer considered important in regards to the IPVS
update check.
Fixes#1026
* doc(ecmp_vip.go): add info around extra withdraw
Rename getWithdraw to make it more explicit what its doing here. Also
add documentation as to why this is needed on Update and not
Create/Delete as well as why we only treat externalIPs.
* fix(ecmp_vip.go): remove superfluous AddPolicies
AddPolicies is already called downstream of nrc.OnEndpointsUpdate() so
there is no need to do it here as well, the only result is that this
expensive operation and idempotent operation is run twice.
* feat: better handling of headless services
Also introduces a consolidated Service utilities section for controller
functionality related to services that is shared.
* fix: add logging back to tryHandleServiceDelete
* feat: simple CRI implementation in addition to Docker, required for DSR functionality. CRI compliant runtimes support (e.g. containerd, cri-o, etc.)
* upd: dependencies
* cleanup
* feat: cleanup gRPC connections after we did the job
* upd: go.sum
* whitelist traffic to cluster IP and node ports in INPUT chain to bypass
netwrok policy enforcement
Fixes#905
* fix unit test failure
* ensure netpol firewall rules are configured after service proxy firewall rules
