Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not call NewFlannelServer() unless flannel overlay is enabled #26264

Merged
merged 1 commit into from May 29, 2016
Merged

Do not call NewFlannelServer() unless flannel overlay is enabled #26264

merged 1 commit into from May 29, 2016

Conversation

luxas
Copy link
Member

@luxas luxas commented May 25, 2016

Ref: #26093

This makes so kubelet does not warn the user that iptables isn't in PATH, although the user didn't enable the flannel overlay.

@vishh @freehan @bprashanth

@luxas luxas added this to the v1.3 milestone May 25, 2016
@k8s-github-robot k8s-github-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. release-note-label-needed labels May 25, 2016
@luxas luxas added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels May 25, 2016
@bprashanth
Copy link
Contributor

you probably want to warn the user about iptables anway, because the kubelet installs a masquerade rule:

kubernetes/pkg/kubelet/container_bridge.go

Line 145 in dae5ac4

func ensureIPTablesMasqRule(nonMasqueradeCIDR string) error {

@luxas
Copy link
Member Author

luxas commented May 25, 2016

Ah, I missed that one.
It's a quite large project, so when one is researching like in #26093, there will be some things that fall out of scope.

Great, I'll add that one.

@bprashanth So the question is, is this masquerade rule really necessary in all cases, or just when enabling some functions? It would be really great if we found a way where kubelet didn't depend on iptables, because iptables depends on glibc, and that's quite heavy...

@bprashanth
Copy link
Contributor

Kube-proxy requires iptables anway. I feel iptables is basic enough to require on every node, perhaps @kubernetes/sig-network has thoughts.

@luxas
Copy link
Member Author

luxas commented May 25, 2016

Yes, but the intention was to package kubelet in a small container (busybox would be the dream) that includes as few deps as possible statically linked (ethtool, socat, nsenter). kube-proxy will run in a daemonset on every node (maybe in a buildrooted base image or something)

So it would be great to not depend on iptables in that case, but I don't know if it's technically possible...

@thockin
Copy link
Member

thockin commented May 25, 2016

I think iptables is effectively required

On Wed, May 25, 2016 at 1:06 PM, Lucas Käldström notifications@github.com
wrote:

Yes, but the intention was to package kubelet in a small container (
busybox would be the dream) that includes as few deps as possible
statically linked (ethtool, socat, nsenter). kube-proxy will run in a
daemonset on every node (maybe in a buildrooted base image or something)

So it would be great to not depend on iptables in that case, but I don't
know if it's technically possible...


You are receiving this because you are on a team that was mentioned.
Reply to this email directly or view it on GitHub
#26264 (comment)

@luxas
Copy link
Member Author

luxas commented May 29, 2016

Okay, iptables is required for now.
But anyway, I think it's unnecessary to call NewFlannelServer() when we're not using it.
It might save a little memory at least.

@dchen1107 Should we proceed on this anyway?

@luxas
Copy link
Member Author

luxas commented May 29, 2016

@k8s-bot e2e test this please github issue: #IGNORE

@bprashanth
Copy link
Contributor

Sure, lgtm but removing 1.3 milestone

@bprashanth bprashanth removed this from the v1.3 milestone May 29, 2016
@bprashanth bprashanth added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 29, 2016
@k8s-bot
Copy link

k8s-bot commented May 29, 2016

GCE e2e build/test passed for commit fdff659.

@luxas
Copy link
Member Author

luxas commented May 29, 2016
edited

removing 1.3 milestone

Yes, absolutely! Iit shouldn't have any specific priority anymore...

@wojtek-t wojtek-t added this to the v1.3 milestone May 29, 2016
@k8s-github-robot
Copy link

@k8s-bot test this [submit-queue is verifying that this PR is safe to merge]

@k8s-bot
Copy link

k8s-bot commented May 29, 2016

GCE e2e build/test passed for commit fdff659.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 32da727 into kubernetes:master May 29, 2016
@luxas luxas mentioned this pull request Jun 3, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dchen1107 dchen1107

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@luxas @bprashanth @thockin @k8s-bot @k8s-github-robot @googlebot @dchen1107 @wojtek-t