New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove kube-proxy userspace modes #112133
Remove kube-proxy userspace modes #112133
Conversation
cb9e949
to
e399c34
Compare
e399c34
to
92467bd
Compare
All systems that could have run the userspace can also run the iptables proxy. There is no longer any fallback-ing in the Linux proxy (#111806). So if someone is specifying |
cmd/kube-proxy/app/server.go
Outdated
@@ -160,7 +160,7 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) { | |||
fs.Var(&utilflag.IPPortVar{Val: &o.config.MetricsBindAddress}, "metrics-bind-address", "The IP address with port for the metrics server to serve on (set to '0.0.0.0:10249' for all IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to disable. This parameter is ignored if a config file is specified by --config.") | |||
fs.BoolVar(&o.config.BindAddressHardFail, "bind-address-hard-fail", o.config.BindAddressHardFail, "If true kube-proxy will treat failure to bind to a port as fatal and exit") | |||
fs.Var(utilflag.PortRangeVar{Val: &o.config.PortRange}, "proxy-port-range", "Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive) that may be consumed in order to proxy service traffic. If (unspecified, 0, or 0-0) then ports will be randomly chosen.") | |||
fs.Var(&o.config.Mode, "proxy-mode", "Which proxy mode to use: 'iptables' (Linux-only), 'ipvs' (Linux-only), 'kernelspace' (Windows-only), or 'userspace' (Linux/Windows, deprecated). The default value is 'iptables' on Linux and 'userspace' on Windows(will be 'kernelspace' in a future release). "+ | |||
fs.Var(&o.config.Mode, "proxy-mode", "Which proxy mode to use: 'iptables' (Linux-only), 'ipvs' (Linux-only), 'kernelspace' (Windows-only). The default value is 'iptables' on Linux and 'kernelspace' on Windows. "+ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe rewrite this some more now that there are no overlapping Linux/Windows modes?
"Which proxy mode to use: on Linux this can be 'iptables' (default) or 'ipvs'. On Windows the only supported value is 'kernelspace'."
?
// Always ordered as IPv4, IPv6 | ||
if primaryProtocol == utiliptables.ProtocolIPv4 { | ||
ipt[0] = iptInterface | ||
ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIPv6) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The iptinterface initialization stuff could be rewritten to make more sense now. eg, you can remove iptInterface
(and ProxyServer.IptInterface
) and only have ipt
, and you don't even need to figure out primaryProtocol
unless dualStack
gets set false
(Maybe do this as an additional refactoring commit to make it more obvious that this commit is just removing userspace and nothign else.)
(Oh, I see you left a "todo" about EndpointSlices so maybe you're planning on doing another PR later?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@danwinship I would prefer to refactor this part on a separated commit and let this interface as is for now, wdyt?
On this PR already cleaned the UseEndpointSlices
and forced the modes to use it by default.
for _, perFamilyIpt := range ipt { | ||
if !perFamilyIpt.Present() { | ||
klog.V(0).InfoS("kube-proxy running in single-stack mode, this ipFamily is not supported", "ipFamily", perFamilyIpt.Protocol()) | ||
dualStack = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(lol, this doesn't actually check that primaryProtocol
is the one that's supported...)
cmd/kube-proxy/app/server_others.go
Outdated
@@ -367,7 +338,7 @@ func newProxyServer( | |||
OOMScoreAdj: config.OOMScoreAdj, | |||
ConfigSyncPeriod: config.ConfigSyncPeriod.Duration, | |||
HealthzServer: healthzServer, | |||
UseEndpointSlices: useEndpointSlices, | |||
UseEndpointSlices: true, // todo (knabben) change all places |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TODO
or FIXME
is more standard
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My intent is to remove the options and keep the true code path, going to fix the todo yet on this PR.
cmd/kube-proxy/app/server_others.go
Outdated
@@ -571,7 +542,7 @@ func cleanupAndExit() error { | |||
|
|||
var encounteredError bool | |||
for _, ipt := range ipts { | |||
encounteredError = userspace.CleanupLeftovers(ipt) || encounteredError | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
possibly we should leave this for a while longer? (but if not, then you shouldn't leave a blank line behind)
cmd/kube-proxy/app/server_windows.go
Outdated
} | ||
|
||
winkernel.RegisterMetrics() | ||
klog.V(0).InfoS("Using Kernelspace Proxier.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure this is necessary to say any more since it's the only option?
@@ -196,7 +193,7 @@ type KubeProxyConfiguration struct { | |||
// In Linux platform, if proxy mode is blank, use the best-available proxy (currently iptables, but may change in the | |||
// future). If the iptables proxy is selected, regardless of how, but the system's kernel or iptables versions are | |||
// insufficient, this always falls back to the userspace proxy. IPVS mode will be enabled when proxy mode is set to 'ipvs', | |||
// and the fall back path is firstly iptables and then userspace. | |||
// and the fall back path is firstly iptables. | |||
// | |||
// In Windows platform, if proxy mode is blank, use the best-available proxy (currently userspace, but may change in the | |||
// future). If winkernel proxy is selected, regardless of how, but the Windows kernel can't support this mode of proxy, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like you failed to remove the docs text about windows userspace
/remove-sig api-machinery |
@daschott just fyi for headsup userspace is going awayyyy |
@ibabou FYI |
cc @sbangari FYI |
92467bd
to
5f6db85
Compare
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
Enable windows proxyall feature by default because the kube-proxy userspace datapath has been removed since kubernetes 1.26. (kubernetes/kubernetes#112133) Signed-off-by: Shuyang Xin <gavinx@vmware.com>
What type of PR is this?
/sig network
/sig windows
/kind cleanup
/kind api-change
What this PR does / why we need it:
Remove both Linux and Windows userspace deprecated Kube-proxy modes.
Remove the
UDPIdleTimeout
config used only on this mode.Which issue(s) this PR fixes:
Fixes #103860
Special notes for your reviewer:
A few points:
UDPIdleTimeout
config is gone since only used on userspaceDoes this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: