-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kube-proxy: remove port opener #108496
kube-proxy: remove port opener #108496
Conversation
@khenidak: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
e329700
to
5b70760
Compare
5b70760
to
e521f16
Compare
/test pull-kubernetes-e2e-gci-gce-ipvs |
other than this (it is a mistake, i will fix) https://github.com/kubernetes/kubernetes/pull/108496/files#diff-1f2043db3a45960023376d03e4dd43762d1382ad7ea94e3f26c956410b749c97L1455 i didn't remove anything that interacts with conntrack. |
/hold it seems it only fails in this PR 🤔 , we have to be sure |
Oh, I see Kal beat me to it :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good riddance to bad rubbish!
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: khenidak, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@danwinship is ok to unhold or do you still have concerns? |
/hold cancel let's use silence as no disagreement |
The Kubernetes project has merge-blocking tests that are currently too flaky to consistently pass. This bot retests PRs for certain kubernetes repos according to the following rules:
You can:
/retest |
/retest |
…496-upstream-release-1.22 Automated cherry pick of #108496: iptables: remove port opener
…496-upstream-release-1.23 Automated cherry pick of #108496: iptables: remove port opener
…496-upstream-release-1.21 Automated cherry pick of #108496: iptables: remove port opener
What type of PR is this?
/kind bug
/kind cleanup
What this PR does / why we need it:
kube-proxy holds service node ports open (
Listen()
withoutRead()/Receive()
pump). The original idea was to stop users from mistakenly create a listener on the node that listens to a node port which would have created debugging problems. It is important to note that if the opener failed we just log and keep going. However port-opener introduced more problems than value. The problems can be be briefly described as the following:further discussions can be found here: #100643
Which issue(s) this PR fixes:
Fixes #
#100643
#106713
Special notes for your reviewer:
N/A
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/sig network