Remove vendored files unnecessary after Kube hostport removal

Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #189 Approved by: mheon
author: Matthew Heon <matthew.heon@gmail.com> 2018-01-04 16:56:51 -0500
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-01-08 20:48:31 +0000
commit: 21881679099491049db367504d09f9a48d3e5fa7 (patch)
tree: 2e9595d44d510bed28730893a9fd3b969a2c8bb4 /vendor/k8s.io/kubernetes/pkg/kubelet
parent: 5c5c024e80a9c78e94f8d3d7d13755b27dd9a8bf (diff)
download: podman-21881679099491049db367504d09f9a48d3e5fa7.tar.gz
podman-21881679099491049db367504d09f9a48d3e5fa7.tar.bz2
podman-21881679099491049db367504d09f9a48d3e5fa7.zip
4 files changed, 0 insertions, 1166 deletions
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/fake_iptables.go b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/fake_iptables.go
deleted file mode 100644
index 42f7c6811..000000000
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/fake_iptables.go
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package hostport
-
-import (
-	"bytes"
-	"fmt"
-	"net"
-	"strings"
-
-	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
-)
-
-type fakeChain struct {
-	name  utiliptables.Chain
-	rules []string
-}
-
-type fakeTable struct {
-	name   utiliptables.Table
-	chains map[string]*fakeChain
-}
-
-type fakeIPTables struct {
-	tables map[string]*fakeTable
-}
-
-func NewFakeIPTables() *fakeIPTables {
-	return &fakeIPTables{
-		tables: make(map[string]*fakeTable, 0),
-	}
-}
-
-func (f *fakeIPTables) GetVersion() (string, error) {
-	return "1.4.21", nil
-}
-
-func (f *fakeIPTables) getTable(tableName utiliptables.Table) (*fakeTable, error) {
-	table, ok := f.tables[string(tableName)]
-	if !ok {
-		return nil, fmt.Errorf("Table %s does not exist", tableName)
-	}
-	return table, nil
-}
-
-func (f *fakeIPTables) getChain(tableName utiliptables.Table, chainName utiliptables.Chain) (*fakeTable, *fakeChain, error) {
-	table, err := f.getTable(tableName)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	chain, ok := table.chains[string(chainName)]
-	if !ok {
-		return table, nil, fmt.Errorf("Chain %s/%s does not exist", tableName, chainName)
-	}
-
-	return table, chain, nil
-}
-
-func (f *fakeIPTables) ensureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, *fakeChain) {
-	table, chain, err := f.getChain(tableName, chainName)
-	if err != nil {
-		// either table or table+chain don't exist yet
-		if table == nil {
-			table = &fakeTable{
-				name:   tableName,
-				chains: make(map[string]*fakeChain),
-			}
-			f.tables[string(tableName)] = table
-		}
-		chain := &fakeChain{
-			name:  chainName,
-			rules: make([]string, 0),
-		}
-		table.chains[string(chainName)] = chain
-		return false, chain
-	}
-	return true, chain
-}
-
-func (f *fakeIPTables) EnsureChain(tableName utiliptables.Table, chainName utiliptables.Chain) (bool, error) {
-	existed, _ := f.ensureChain(tableName, chainName)
-	return existed, nil
-}
-
-func (f *fakeIPTables) FlushChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
-	_, chain, err := f.getChain(tableName, chainName)
-	if err != nil {
-		return err
-	}
-	chain.rules = make([]string, 0)
-	return nil
-}
-
-func (f *fakeIPTables) DeleteChain(tableName utiliptables.Table, chainName utiliptables.Chain) error {
-	table, _, err := f.getChain(tableName, chainName)
-	if err != nil {
-		return err
-	}
-	delete(table.chains, string(chainName))
-	return nil
-}
-
-// Returns index of rule in array; < 0 if rule is not found
-func findRule(chain *fakeChain, rule string) int {
-	for i, candidate := range chain.rules {
-		if rule == candidate {
-			return i
-		}
-	}
-	return -1
-}
-
-func (f *fakeIPTables) ensureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, rule string) (bool, error) {
-	_, chain, err := f.getChain(tableName, chainName)
-	if err != nil {
-		_, chain = f.ensureChain(tableName, chainName)
-	}
-
-	rule, err = normalizeRule(rule)
-	if err != nil {
-		return false, err
-	}
-	ruleIdx := findRule(chain, rule)
-	if ruleIdx >= 0 {
-		return true, nil
-	}
-
-	if position == utiliptables.Prepend {
-		chain.rules = append([]string{rule}, chain.rules...)
-	} else if position == utiliptables.Append {
-		chain.rules = append(chain.rules, rule)
-	} else {
-		return false, fmt.Errorf("Unknown position argument %q", position)
-	}
-
-	return false, nil
-}
-
-func normalizeRule(rule string) (string, error) {
-	normalized := ""
-	remaining := strings.TrimSpace(rule)
-	for {
-		var end int
-
-		if strings.HasPrefix(remaining, "--to-destination=") {
-			remaining = strings.Replace(remaining, "=", " ", 1)
-		}
-
-		if remaining[0] == '"' {
-			end = strings.Index(remaining[1:], "\"")
-			if end < 0 {
-				return "", fmt.Errorf("Invalid rule syntax: mismatched quotes")
-			}
-			end += 2
-		} else {
-			end = strings.Index(remaining, " ")
-			if end < 0 {
-				end = len(remaining)
-			}
-		}
-		arg := remaining[:end]
-
-		// Normalize un-prefixed IP addresses like iptables does
-		if net.ParseIP(arg) != nil {
-			arg = arg + "/32"
-		}
-
-		if len(normalized) > 0 {
-			normalized += " "
-		}
-		normalized += strings.TrimSpace(arg)
-		if len(remaining) == end {
-			break
-		}
-		remaining = remaining[end+1:]
-	}
-	return normalized, nil
-}
-
-func (f *fakeIPTables) EnsureRule(position utiliptables.RulePosition, tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) (bool, error) {
-	ruleArgs := make([]string, 0)
-	for _, arg := range args {
-		// quote args with internal spaces (like comments)
-		if strings.Index(arg, " ") >= 0 {
-			arg = fmt.Sprintf("\"%s\"", arg)
-		}
-		ruleArgs = append(ruleArgs, arg)
-	}
-	return f.ensureRule(position, tableName, chainName, strings.Join(ruleArgs, " "))
-}
-
-func (f *fakeIPTables) DeleteRule(tableName utiliptables.Table, chainName utiliptables.Chain, args ...string) error {
-	_, chain, err := f.getChain(tableName, chainName)
-	if err == nil {
-		rule := strings.Join(args, " ")
-		ruleIdx := findRule(chain, rule)
-		if ruleIdx < 0 {
-			return nil
-		}
-		chain.rules = append(chain.rules[:ruleIdx], chain.rules[ruleIdx+1:]...)
-	}
-	return nil
-}
-
-func (f *fakeIPTables) IsIpv6() bool {
-	return false
-}
-
-func saveChain(chain *fakeChain, data *bytes.Buffer) {
-	for _, rule := range chain.rules {
-		data.WriteString(fmt.Sprintf("-A %s %s\n", chain.name, rule))
-	}
-}
-
-func (f *fakeIPTables) SaveInto(tableName utiliptables.Table, buffer *bytes.Buffer) error {
-	table, err := f.getTable(tableName)
-	if err != nil {
-		return err
-	}
-
-	buffer.WriteString(fmt.Sprintf("*%s\n", table.name))
-
-	rules := bytes.NewBuffer(nil)
-	for _, chain := range table.chains {
-		buffer.WriteString(fmt.Sprintf(":%s - [0:0]\n", string(chain.name)))
-		saveChain(chain, rules)
-	}
-	buffer.Write(rules.Bytes())
-	buffer.WriteString("COMMIT\n")
-	return nil
-}
-
-func (f *fakeIPTables) restore(restoreTableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag) error {
-	buf := bytes.NewBuffer(data)
-	var tableName utiliptables.Table
-	for {
-		line, err := buf.ReadString('\n')
-		if err != nil {
-			break
-		}
-		if line[0] == '#' {
-			continue
-		}
-
-		line = strings.TrimSuffix(line, "\n")
-		if strings.HasPrefix(line, "*") {
-			tableName = utiliptables.Table(line[1:])
-		}
-		if tableName != "" {
-			if restoreTableName != "" && restoreTableName != tableName {
-				continue
-			}
-			if strings.HasPrefix(line, ":") {
-				chainName := utiliptables.Chain(strings.Split(line[1:], " ")[0])
-				if flush == utiliptables.FlushTables {
-					table, chain, _ := f.getChain(tableName, chainName)
-					if chain != nil {
-						delete(table.chains, string(chainName))
-					}
-				}
-				_, _ = f.ensureChain(tableName, chainName)
-			} else if strings.HasPrefix(line, "-A") {
-				parts := strings.Split(line, " ")
-				if len(parts) < 3 {
-					return fmt.Errorf("Invalid iptables rule '%s'", line)
-				}
-				chainName := utiliptables.Chain(parts[1])
-				rule := strings.TrimPrefix(line, fmt.Sprintf("-A %s ", chainName))
-				_, err := f.ensureRule(utiliptables.Append, tableName, chainName, rule)
-				if err != nil {
-					return err
-				}
-			} else if strings.HasPrefix(line, "-I") {
-				parts := strings.Split(line, " ")
-				if len(parts) < 3 {
-					return fmt.Errorf("Invalid iptables rule '%s'", line)
-				}
-				chainName := utiliptables.Chain(parts[1])
-				rule := strings.TrimPrefix(line, fmt.Sprintf("-I %s ", chainName))
-				_, err := f.ensureRule(utiliptables.Prepend, tableName, chainName, rule)
-				if err != nil {
-					return err
-				}
-			} else if strings.HasPrefix(line, "-X") {
-				parts := strings.Split(line, " ")
-				if len(parts) < 2 {
-					return fmt.Errorf("Invalid iptables rule '%s'", line)
-				}
-				if err := f.DeleteChain(tableName, utiliptables.Chain(parts[1])); err != nil {
-					return err
-				}
-			} else if line == "COMMIT" {
-				if restoreTableName == tableName {
-					return nil
-				}
-				tableName = ""
-			}
-		}
-	}
-
-	return nil
-}
-
-func (f *fakeIPTables) Restore(tableName utiliptables.Table, data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
-	return f.restore(tableName, data, flush)
-}
-
-func (f *fakeIPTables) RestoreAll(data []byte, flush utiliptables.FlushFlag, counters utiliptables.RestoreCountersFlag) error {
-	return f.restore("", data, flush)
-}
-
-func (f *fakeIPTables) AddReloadFunc(reloadFunc func()) {
-}
-
-func (f *fakeIPTables) Destroy() {
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport.go b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport.go
deleted file mode 100644
index c14c750ba..000000000
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport.go
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package hostport
-
-import (
-	"fmt"
-	"net"
-	"strings"
-
-	"github.com/golang/glog"
-
-	"k8s.io/kubernetes/pkg/api/v1"
-	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
-)
-
-const (
-	// the hostport chain
-	kubeHostportsChain utiliptables.Chain = "KUBE-HOSTPORTS"
-	// prefix for hostport chains
-	kubeHostportChainPrefix string = "KUBE-HP-"
-)
-
-// PortMapping represents a network port in a container
-type PortMapping struct {
-	Name          string
-	HostPort      int32
-	ContainerPort int32
-	Protocol      v1.Protocol
-	HostIP        string
-}
-
-// PodPortMapping represents a pod's network state and associated container port mappings
-type PodPortMapping struct {
-	Namespace    string
-	Name         string
-	PortMappings []*PortMapping
-	HostNetwork  bool
-	IP           net.IP
-}
-
-// ConstructPodPortMapping creates a PodPortMapping from the ports specified in the pod's
-// containers.
-func ConstructPodPortMapping(pod *v1.Pod, podIP net.IP) *PodPortMapping {
-	portMappings := make([]*PortMapping, 0)
-	for _, c := range pod.Spec.Containers {
-		for _, port := range c.Ports {
-			portMappings = append(portMappings, &PortMapping{
-				Name:          port.Name,
-				HostPort:      port.HostPort,
-				ContainerPort: port.ContainerPort,
-				Protocol:      port.Protocol,
-				HostIP:        port.HostIP,
-			})
-		}
-	}
-
-	return &PodPortMapping{
-		Namespace:    pod.Namespace,
-		Name:         pod.Name,
-		PortMappings: portMappings,
-		HostNetwork:  pod.Spec.HostNetwork,
-		IP:           podIP,
-	}
-}
-
-type hostport struct {
-	port     int32
-	protocol string
-}
-
-type hostportOpener func(*hostport) (closeable, error)
-
-type closeable interface {
-	Close() error
-}
-
-func openLocalPort(hp *hostport) (closeable, error) {
-	// For ports on node IPs, open the actual port and hold it, even though we
-	// use iptables to redirect traffic.
-	// This ensures a) that it's safe to use that port and b) that (a) stays
-	// true.  The risk is that some process on the node (e.g. sshd or kubelet)
-	// is using a port and we give that same port out to a Service.  That would
-	// be bad because iptables would silently claim the traffic but the process
-	// would never know.
-	// NOTE: We should not need to have a real listen()ing socket - bind()
-	// should be enough, but I can't figure out a way to e2e test without
-	// it.  Tools like 'ss' and 'netstat' do not show sockets that are
-	// bind()ed but not listen()ed, and at least the default debian netcat
-	// has no way to avoid about 10 seconds of retries.
-	var socket closeable
-	switch hp.protocol {
-	case "tcp":
-		listener, err := net.Listen("tcp", fmt.Sprintf(":%d", hp.port))
-		if err != nil {
-			return nil, err
-		}
-		socket = listener
-	case "udp":
-		addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf(":%d", hp.port))
-		if err != nil {
-			return nil, err
-		}
-		conn, err := net.ListenUDP("udp", addr)
-		if err != nil {
-			return nil, err
-		}
-		socket = conn
-	default:
-		return nil, fmt.Errorf("unknown protocol %q", hp.protocol)
-	}
-	glog.V(3).Infof("Opened local port %s", hp.String())
-	return socket, nil
-}
-
-// openHostports opens all given hostports using the given hostportOpener
-// If encounter any error, clean up and return the error
-// If all ports are opened successfully, return the hostport and socket mapping
-// TODO: move openHostports and closeHostports into a common struct
-func openHostports(portOpener hostportOpener, podPortMapping *PodPortMapping) (map[hostport]closeable, error) {
-	var retErr error
-	ports := make(map[hostport]closeable)
-	for _, pm := range podPortMapping.PortMappings {
-		if pm.HostPort <= 0 {
-			continue
-		}
-		hp := portMappingToHostport(pm)
-		socket, err := portOpener(&hp)
-		if err != nil {
-			retErr = fmt.Errorf("cannot open hostport %d for pod %s: %v", pm.HostPort, getPodFullName(podPortMapping), err)
-			break
-		}
-		ports[hp] = socket
-	}
-
-	// If encounter any error, close all hostports that just got opened.
-	if retErr != nil {
-		for hp, socket := range ports {
-			if err := socket.Close(); err != nil {
-				glog.Errorf("Cannot clean up hostport %d for pod %s: %v", hp.port, getPodFullName(podPortMapping), err)
-			}
-		}
-		return nil, retErr
-	}
-	return ports, nil
-}
-
-// portMappingToHostport creates hostport structure based on input portmapping
-func portMappingToHostport(portMapping *PortMapping) hostport {
-	return hostport{
-		port:     portMapping.HostPort,
-		protocol: strings.ToLower(string(portMapping.Protocol)),
-	}
-}
-
-// ensureKubeHostportChains ensures the KUBE-HOSTPORTS chain is setup correctly
-func ensureKubeHostportChains(iptables utiliptables.Interface, natInterfaceName string) error {
-	glog.V(4).Info("Ensuring kubelet hostport chains")
-	// Ensure kubeHostportChain
-	if _, err := iptables.EnsureChain(utiliptables.TableNAT, kubeHostportsChain); err != nil {
-		return fmt.Errorf("Failed to ensure that %s chain %s exists: %v", utiliptables.TableNAT, kubeHostportsChain, err)
-	}
-	tableChainsNeedJumpServices := []struct {
-		table utiliptables.Table
-		chain utiliptables.Chain
-	}{
-		{utiliptables.TableNAT, utiliptables.ChainOutput},
-		{utiliptables.TableNAT, utiliptables.ChainPrerouting},
-	}
-	args := []string{"-m", "comment", "--comment", "kube hostport portals",
-		"-m", "addrtype", "--dst-type", "LOCAL",
-		"-j", string(kubeHostportsChain)}
-	for _, tc := range tableChainsNeedJumpServices {
-		// KUBE-HOSTPORTS chain needs to be appended to the system chains.
-		// This ensures KUBE-SERVICES chain gets processed first.
-		// Since rules in KUBE-HOSTPORTS chain matches broader cases, allow the more specific rules to be processed first.
-		if _, err := iptables.EnsureRule(utiliptables.Append, tc.table, tc.chain, args...); err != nil {
-			return fmt.Errorf("Failed to ensure that %s chain %s jumps to %s: %v", tc.table, tc.chain, kubeHostportsChain, err)
-		}
-	}
-	// Need to SNAT traffic from localhost
-	args = []string{"-m", "comment", "--comment", "SNAT for localhost access to hostports", "-o", natInterfaceName, "-s", "127.0.0.0/8", "-j", "MASQUERADE"}
-	if _, err := iptables.EnsureRule(utiliptables.Append, utiliptables.TableNAT, utiliptables.ChainPostrouting, args...); err != nil {
-		return fmt.Errorf("Failed to ensure that %s chain %s jumps to MASQUERADE: %v", utiliptables.TableNAT, utiliptables.ChainPostrouting, err)
-	}
-	return nil
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_manager.go b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_manager.go
deleted file mode 100644
index 1499ff9c6..000000000
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_manager.go
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package hostport
-
-import (
-	"bytes"
-	"crypto/sha256"
-	"encoding/base32"
-	"fmt"
-	"strings"
-	"sync"
-
-	"github.com/golang/glog"
-	utilerrors "k8s.io/apimachinery/pkg/util/errors"
-	iptablesproxy "k8s.io/kubernetes/pkg/proxy/iptables"
-	utildbus "k8s.io/kubernetes/pkg/util/dbus"
-	utilexec "k8s.io/kubernetes/pkg/util/exec"
-	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
-)
-
-// HostPortManager is an interface for adding and removing hostport for a given pod sandbox.
-type HostPortManager interface {
-	// Add implements port mappings.
-	// id should be a unique identifier for a pod, e.g. podSandboxID.
-	// podPortMapping is the associated port mapping information for the pod.
-	// natInterfaceName is the interface that localhost used to talk to the given pod.
-	Add(id string, podPortMapping *PodPortMapping, natInterfaceName string) error
-	// Remove cleans up matching port mappings
-	// Remove must be able to clean up port mappings without pod IP
-	Remove(id string, podPortMapping *PodPortMapping) error
-}
-
-type hostportManager struct {
-	hostPortMap map[hostport]closeable
-	iptables    utiliptables.Interface
-	portOpener  hostportOpener
-	mu          sync.Mutex
-}
-
-func NewHostportManager() HostPortManager {
-	iptInterface := utiliptables.New(utilexec.New(), utildbus.New(), utiliptables.ProtocolIpv4)
-	return &hostportManager{
-		hostPortMap: make(map[hostport]closeable),
-		iptables:    iptInterface,
-		portOpener:  openLocalPort,
-	}
-}
-
-func (hm *hostportManager) Add(id string, podPortMapping *PodPortMapping, natInterfaceName string) (err error) {
-	if podPortMapping == nil || podPortMapping.HostNetwork {
-		return nil
-	}
-	podFullName := getPodFullName(podPortMapping)
-
-	// skip if there is no hostport needed
-	hostportMappings := gatherHostportMappings(podPortMapping)
-	if len(hostportMappings) == 0 {
-		return nil
-	}
-
-	if podPortMapping.IP.To4() == nil {
-		return fmt.Errorf("invalid or missing IP of pod %s", podFullName)
-	}
-	podIP := podPortMapping.IP.String()
-
-	if err = ensureKubeHostportChains(hm.iptables, natInterfaceName); err != nil {
-		return err
-	}
-
-	// Ensure atomicity for port opening and iptables operations
-	hm.mu.Lock()
-	defer hm.mu.Unlock()
-
-	// try to open hostports
-	ports, err := openHostports(hm.portOpener, podPortMapping)
-	if err != nil {
-		return err
-	}
-	for hostport, socket := range ports {
-		hm.hostPortMap[hostport] = socket
-	}
-
-	natChains := bytes.NewBuffer(nil)
-	natRules := bytes.NewBuffer(nil)
-	writeLine(natChains, "*nat")
-
-	existingChains, existingRules, err := getExistingHostportIPTablesRules(hm.iptables)
-	if err != nil {
-		// clean up opened host port if encounter any error
-		return utilerrors.NewAggregate([]error{err, hm.closeHostports(hostportMappings)})
-	}
-
-	newChains := []utiliptables.Chain{}
-	for _, pm := range hostportMappings {
-		protocol := strings.ToLower(string(pm.Protocol))
-		chain := getHostportChain(id, pm)
-		newChains = append(newChains, chain)
-
-		// Add new hostport chain
-		writeLine(natChains, utiliptables.MakeChainLine(chain))
-
-		// Prepend the new chain to KUBE-HOSTPORTS
-		// This avoids any leaking iptables rule that takes up the same port
-		writeLine(natRules, "-I", string(kubeHostportsChain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, podFullName, pm.HostPort),
-			"-m", protocol, "-p", protocol, "--dport", fmt.Sprintf("%d", pm.HostPort),
-			"-j", string(chain),
-		)
-
-		// SNAT if the traffic comes from the pod itself
-		writeLine(natRules, "-A", string(chain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, podFullName, pm.HostPort),
-			"-s", podIP,
-			"-j", string(iptablesproxy.KubeMarkMasqChain))
-
-		// DNAT to the podIP:containerPort
-		writeLine(natRules, "-A", string(chain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, podFullName, pm.HostPort),
-			"-m", protocol, "-p", protocol,
-			"-j", "DNAT", fmt.Sprintf("--to-destination=%s:%d", podIP, pm.ContainerPort))
-	}
-
-	// getHostportChain should be able to provide unique hostport chain name using hash
-	// if there is a chain conflict or multiple Adds have been triggered for a single pod,
-	// filtering should be able to avoid further problem
-	filterChains(existingChains, newChains)
-	existingRules = filterRules(existingRules, newChains)
-
-	for _, chain := range existingChains {
-		writeLine(natChains, chain)
-	}
-	for _, rule := range existingRules {
-		writeLine(natRules, rule)
-	}
-	writeLine(natRules, "COMMIT")
-
-	if err = hm.syncIPTables(append(natChains.Bytes(), natRules.Bytes()...)); err != nil {
-		// clean up opened host port if encounter any error
-		return utilerrors.NewAggregate([]error{err, hm.closeHostports(hostportMappings)})
-	}
-	return nil
-}
-
-func (hm *hostportManager) Remove(id string, podPortMapping *PodPortMapping) (err error) {
-	if podPortMapping == nil || podPortMapping.HostNetwork {
-		return nil
-	}
-
-	hostportMappings := gatherHostportMappings(podPortMapping)
-	if len(hostportMappings) <= 0 {
-		return nil
-	}
-
-	// Ensure atomicity for port closing and iptables operations
-	hm.mu.Lock()
-	defer hm.mu.Unlock()
-
-	var existingChains map[utiliptables.Chain]string
-	var existingRules []string
-	existingChains, existingRules, err = getExistingHostportIPTablesRules(hm.iptables)
-	if err != nil {
-		return err
-	}
-
-	// Gather target hostport chains for removal
-	chainsToRemove := []utiliptables.Chain{}
-	for _, pm := range hostportMappings {
-		chainsToRemove = append(chainsToRemove, getHostportChain(id, pm))
-
-		// To preserve backward compatibility for k8s 1.5 or earlier.
-		// Need to remove hostport chains added by hostportSyncer if there is any
-		// TODO: remove this in 1.7
-		chainsToRemove = append(chainsToRemove, hostportChainName(pm, getPodFullName(podPortMapping)))
-	}
-
-	// remove rules that consists of target chains
-	remainingRules := filterRules(existingRules, chainsToRemove)
-
-	// gather target hostport chains that exists in iptables-save result
-	existingChainsToRemove := []utiliptables.Chain{}
-	for _, chain := range chainsToRemove {
-		if _, ok := existingChains[chain]; ok {
-			existingChainsToRemove = append(existingChainsToRemove, chain)
-		}
-	}
-
-	natChains := bytes.NewBuffer(nil)
-	natRules := bytes.NewBuffer(nil)
-	writeLine(natChains, "*nat")
-	for _, chain := range existingChains {
-		writeLine(natChains, chain)
-	}
-	for _, rule := range remainingRules {
-		writeLine(natRules, rule)
-	}
-	for _, chain := range existingChainsToRemove {
-		writeLine(natRules, "-X", string(chain))
-	}
-	writeLine(natRules, "COMMIT")
-
-	if err = hm.syncIPTables(append(natChains.Bytes(), natRules.Bytes()...)); err != nil {
-		return err
-	}
-
-	// clean up opened pod host ports
-	return hm.closeHostports(hostportMappings)
-}
-
-// syncIPTables executes iptables-restore with given lines
-func (hm *hostportManager) syncIPTables(lines []byte) error {
-	glog.V(3).Infof("Restoring iptables rules: %s", lines)
-	err := hm.iptables.RestoreAll(lines, utiliptables.NoFlushTables, utiliptables.RestoreCounters)
-	if err != nil {
-		return fmt.Errorf("Failed to execute iptables-restore: %v", err)
-	}
-	return nil
-}
-
-// closeHostports tries to close all the listed host ports
-// TODO: move closeHostports and openHostports into a common struct
-func (hm *hostportManager) closeHostports(hostportMappings []*PortMapping) error {
-	errList := []error{}
-	for _, pm := range hostportMappings {
-		hp := portMappingToHostport(pm)
-		if socket, ok := hm.hostPortMap[hp]; ok {
-			glog.V(2).Infof("Closing host port %s", hp.String())
-			if err := socket.Close(); err != nil {
-				errList = append(errList, fmt.Errorf("failed to close host port %s: %v", hp.String(), err))
-				continue
-			}
-			delete(hm.hostPortMap, hp)
-		}
-	}
-	return utilerrors.NewAggregate(errList)
-}
-
-// getHostportChain takes id, hostport and protocol for a pod and returns associated iptables chain.
-// This is computed by hashing (sha256) then encoding to base32 and truncating with the prefix
-// "KUBE-HP-". We do this because IPTables Chain Names must be <= 28 chars long, and the longer
-// they are the harder they are to read.
-// WARNING: Please do not change this function. Otherwise, HostportManager may not be able to
-// identify existing iptables chains.
-func getHostportChain(id string, pm *PortMapping) utiliptables.Chain {
-	hash := sha256.Sum256([]byte(id + string(pm.HostPort) + string(pm.Protocol)))
-	encoded := base32.StdEncoding.EncodeToString(hash[:])
-	return utiliptables.Chain(kubeHostportChainPrefix + encoded[:16])
-}
-
-// gatherHostportMappings returns all the PortMappings which has hostport for a pod
-func gatherHostportMappings(podPortMapping *PodPortMapping) []*PortMapping {
-	mappings := []*PortMapping{}
-	for _, pm := range podPortMapping.PortMappings {
-		if pm.HostPort <= 0 {
-			continue
-		}
-		mappings = append(mappings, pm)
-	}
-	return mappings
-}
-
-// getExistingHostportIPTablesRules retrieves raw data from iptables-save, parse it,
-// return all the hostport related chains and rules
-func getExistingHostportIPTablesRules(iptables utiliptables.Interface) (map[utiliptables.Chain]string, []string, error) {
-	iptablesData := bytes.NewBuffer(nil)
-	err := iptables.SaveInto(utiliptables.TableNAT, iptablesData)
-	if err != nil { // if we failed to get any rules
-		return nil, nil, fmt.Errorf("failed to execute iptables-save: %v", err)
-	}
-	existingNATChains := utiliptables.GetChainLines(utiliptables.TableNAT, iptablesData.Bytes())
-
-	existingHostportChains := make(map[utiliptables.Chain]string)
-	existingHostportRules := []string{}
-
-	for chain := range existingNATChains {
-		if strings.HasPrefix(string(chain), string(kubeHostportsChain)) || strings.HasPrefix(string(chain), kubeHostportChainPrefix) {
-			existingHostportChains[chain] = existingNATChains[chain]
-		}
-	}
-
-	for _, line := range strings.Split(string(iptablesData.Bytes()), "\n") {
-		if strings.HasPrefix(line, fmt.Sprintf("-A %s", kubeHostportChainPrefix)) ||
-			strings.HasPrefix(line, fmt.Sprintf("-A %s", string(kubeHostportsChain))) {
-			existingHostportRules = append(existingHostportRules, line)
-		}
-	}
-	return existingHostportChains, existingHostportRules, nil
-}
-
-// filterRules filters input rules with input chains. Rules that did not involve any filter chain will be returned.
-// The order of the input rules is important and is preserved.
-func filterRules(rules []string, filters []utiliptables.Chain) []string {
-	filtered := []string{}
-	for _, rule := range rules {
-		skip := false
-		for _, filter := range filters {
-			if strings.Contains(rule, string(filter)) {
-				skip = true
-				break
-			}
-		}
-		if !skip {
-			filtered = append(filtered, rule)
-		}
-	}
-	return filtered
-}
-
-// filterChains deletes all entries of filter chains from chain map
-func filterChains(chains map[utiliptables.Chain]string, filterChains []utiliptables.Chain) {
-	for _, chain := range filterChains {
-		if _, ok := chains[chain]; ok {
-			delete(chains, chain)
-		}
-	}
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_syncer.go b/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_syncer.go
deleted file mode 100644
index d1c577dbd..000000000
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/network/hostport/hostport_syncer.go
+++ /dev/null
@@ -1,306 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package hostport
-
-import (
-	"bytes"
-	"crypto/sha256"
-	"encoding/base32"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/golang/glog"
-
-	iptablesproxy "k8s.io/kubernetes/pkg/proxy/iptables"
-	utildbus "k8s.io/kubernetes/pkg/util/dbus"
-	utilexec "k8s.io/kubernetes/pkg/util/exec"
-	utiliptables "k8s.io/kubernetes/pkg/util/iptables"
-)
-
-// HostportSyncer takes a list of PodPortMappings and implements hostport all at once
-type HostportSyncer interface {
-	// SyncHostports gathers all hostports on node and setup iptables rules to enable them.
-	// On each invocation existing ports are synced and stale rules are deleted.
-	SyncHostports(natInterfaceName string, activePodPortMappings []*PodPortMapping) error
-	// OpenPodHostportsAndSync opens hostports for a new PodPortMapping, gathers all hostports on
-	// node, sets up iptables rules enable them. On each invocation existing ports are synced and stale rules are deleted.
-	// 'newPortMapping' must also be present in 'activePodPortMappings'.
-	OpenPodHostportsAndSync(newPortMapping *PodPortMapping, natInterfaceName string, activePodPortMappings []*PodPortMapping) error
-}
-
-type hostportSyncer struct {
-	hostPortMap map[hostport]closeable
-	iptables    utiliptables.Interface
-	portOpener  hostportOpener
-}
-
-func NewHostportSyncer() HostportSyncer {
-	iptInterface := utiliptables.New(utilexec.New(), utildbus.New(), utiliptables.ProtocolIpv4)
-	return &hostportSyncer{
-		hostPortMap: make(map[hostport]closeable),
-		iptables:    iptInterface,
-		portOpener:  openLocalPort,
-	}
-}
-
-type targetPod struct {
-	podFullName string
-	podIP       string
-}
-
-func (hp *hostport) String() string {
-	return fmt.Sprintf("%s:%d", hp.protocol, hp.port)
-}
-
-//openPodHostports opens all hostport for pod and returns the map of hostport and socket
-func (h *hostportSyncer) openHostports(podHostportMapping *PodPortMapping) error {
-	var retErr error
-	ports := make(map[hostport]closeable)
-	for _, port := range podHostportMapping.PortMappings {
-		if port.HostPort <= 0 {
-			// Assume hostport is not specified in this portmapping. So skip
-			continue
-		}
-		hp := hostport{
-			port:     port.HostPort,
-			protocol: strings.ToLower(string(port.Protocol)),
-		}
-		socket, err := h.portOpener(&hp)
-		if err != nil {
-			retErr = fmt.Errorf("cannot open hostport %d for pod %s: %v", port.HostPort, getPodFullName(podHostportMapping), err)
-			break
-		}
-		ports[hp] = socket
-	}
-
-	// If encounter any error, close all hostports that just got opened.
-	if retErr != nil {
-		for hp, socket := range ports {
-			if err := socket.Close(); err != nil {
-				glog.Errorf("Cannot clean up hostport %d for pod %s: %v", hp.port, getPodFullName(podHostportMapping), err)
-			}
-		}
-		return retErr
-	}
-
-	for hostPort, socket := range ports {
-		h.hostPortMap[hostPort] = socket
-	}
-
-	return nil
-}
-
-func getPodFullName(pod *PodPortMapping) string {
-	// Use underscore as the delimiter because it is not allowed in pod name
-	// (DNS subdomain format), while allowed in the container name format.
-	return pod.Name + "_" + pod.Namespace
-}
-
-// gatherAllHostports returns all hostports that should be presented on node,
-// given the list of pods running on that node and ignoring host network
-// pods (which don't need hostport <-> container port mapping).
-func gatherAllHostports(activePodPortMappings []*PodPortMapping) (map[*PortMapping]targetPod, error) {
-	podHostportMap := make(map[*PortMapping]targetPod)
-	for _, pm := range activePodPortMappings {
-		if pm.IP.To4() == nil {
-			return nil, fmt.Errorf("Invalid or missing pod %s IP", getPodFullName(pm))
-		}
-		// should not handle hostports for hostnetwork pods
-		if pm.HostNetwork {
-			continue
-		}
-
-		for _, port := range pm.PortMappings {
-			if port.HostPort != 0 {
-				podHostportMap[port] = targetPod{podFullName: getPodFullName(pm), podIP: pm.IP.String()}
-			}
-		}
-	}
-	return podHostportMap, nil
-}
-
-// Join all words with spaces, terminate with newline and write to buf.
-func writeLine(buf *bytes.Buffer, words ...string) {
-	buf.WriteString(strings.Join(words, " ") + "\n")
-}
-
-//hostportChainName takes containerPort for a pod and returns associated iptables chain.
-// This is computed by hashing (sha256)
-// then encoding to base32 and truncating with the prefix "KUBE-SVC-".  We do
-// this because IPTables Chain Names must be <= 28 chars long, and the longer
-// they are the harder they are to read.
-func hostportChainName(pm *PortMapping, podFullName string) utiliptables.Chain {
-	hash := sha256.Sum256([]byte(string(pm.HostPort) + string(pm.Protocol) + podFullName))
-	encoded := base32.StdEncoding.EncodeToString(hash[:])
-	return utiliptables.Chain(kubeHostportChainPrefix + encoded[:16])
-}
-
-// OpenPodHostportsAndSync opens hostports for a new PodPortMapping, gathers all hostports on
-// node, sets up iptables rules enable them. And finally clean up stale hostports.
-// 'newPortMapping' must also be present in 'activePodPortMappings'.
-func (h *hostportSyncer) OpenPodHostportsAndSync(newPortMapping *PodPortMapping, natInterfaceName string, activePodPortMappings []*PodPortMapping) error {
-	// try to open pod host port if specified
-	if err := h.openHostports(newPortMapping); err != nil {
-		return err
-	}
-
-	// Add the new pod to active pods if it's not present.
-	var found bool
-	for _, pm := range activePodPortMappings {
-		if pm.Namespace == newPortMapping.Namespace && pm.Name == newPortMapping.Name {
-			found = true
-			break
-		}
-	}
-	if !found {
-		activePodPortMappings = append(activePodPortMappings, newPortMapping)
-	}
-
-	return h.SyncHostports(natInterfaceName, activePodPortMappings)
-}
-
-// SyncHostports gathers all hostports on node and setup iptables rules enable them. And finally clean up stale hostports
-func (h *hostportSyncer) SyncHostports(natInterfaceName string, activePodPortMappings []*PodPortMapping) error {
-	start := time.Now()
-	defer func() {
-		glog.V(4).Infof("syncHostportsRules took %v", time.Since(start))
-	}()
-
-	hostportPodMap, err := gatherAllHostports(activePodPortMappings)
-	if err != nil {
-		return err
-	}
-
-	// Ensure KUBE-HOSTPORTS chains
-	ensureKubeHostportChains(h.iptables, natInterfaceName)
-
-	// Get iptables-save output so we can check for existing chains and rules.
-	// This will be a map of chain name to chain with rules as stored in iptables-save/iptables-restore
-	existingNATChains := make(map[utiliptables.Chain]string)
-	iptablesData := bytes.NewBuffer(nil)
-	err = h.iptables.SaveInto(utiliptables.TableNAT, iptablesData)
-	if err != nil { // if we failed to get any rules
-		glog.Errorf("Failed to execute iptables-save, syncing all rules: %v", err)
-	} else { // otherwise parse the output
-		existingNATChains = utiliptables.GetChainLines(utiliptables.TableNAT, iptablesData.Bytes())
-	}
-
-	natChains := bytes.NewBuffer(nil)
-	natRules := bytes.NewBuffer(nil)
-	writeLine(natChains, "*nat")
-	// Make sure we keep stats for the top-level chains, if they existed
-	// (which most should have because we created them above).
-	if chain, ok := existingNATChains[kubeHostportsChain]; ok {
-		writeLine(natChains, chain)
-	} else {
-		writeLine(natChains, utiliptables.MakeChainLine(kubeHostportsChain))
-	}
-
-	// Accumulate NAT chains to keep.
-	activeNATChains := map[utiliptables.Chain]bool{} // use a map as a set
-
-	for port, target := range hostportPodMap {
-		protocol := strings.ToLower(string(port.Protocol))
-		hostportChain := hostportChainName(port, target.podFullName)
-		if chain, ok := existingNATChains[hostportChain]; ok {
-			writeLine(natChains, chain)
-		} else {
-			writeLine(natChains, utiliptables.MakeChainLine(hostportChain))
-		}
-
-		activeNATChains[hostportChain] = true
-
-		// Redirect to hostport chain
-		args := []string{
-			"-A", string(kubeHostportsChain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, target.podFullName, port.HostPort),
-			"-m", protocol, "-p", protocol,
-			"--dport", fmt.Sprintf("%d", port.HostPort),
-			"-j", string(hostportChain),
-		}
-		writeLine(natRules, args...)
-
-		// Assuming kubelet is syncing iptables KUBE-MARK-MASQ chain
-		// If the request comes from the pod that is serving the hostport, then SNAT
-		args = []string{
-			"-A", string(hostportChain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, target.podFullName, port.HostPort),
-			"-s", target.podIP, "-j", string(iptablesproxy.KubeMarkMasqChain),
-		}
-		writeLine(natRules, args...)
-
-		// Create hostport chain to DNAT traffic to final destination
-		// IPTables will maintained the stats for this chain
-		args = []string{
-			"-A", string(hostportChain),
-			"-m", "comment", "--comment", fmt.Sprintf(`"%s hostport %d"`, target.podFullName, port.HostPort),
-			"-m", protocol, "-p", protocol,
-			"-j", "DNAT", fmt.Sprintf("--to-destination=%s:%d", target.podIP, port.ContainerPort),
-		}
-		writeLine(natRules, args...)
-	}
-
-	// Delete chains no longer in use.
-	for chain := range existingNATChains {
-		if !activeNATChains[chain] {
-			chainString := string(chain)
-			if !strings.HasPrefix(chainString, kubeHostportChainPrefix) {
-				// Ignore chains that aren't ours.
-				continue
-			}
-			// We must (as per iptables) write a chain-line for it, which has
-			// the nice effect of flushing the chain.  Then we can remove the
-			// chain.
-			writeLine(natChains, existingNATChains[chain])
-			writeLine(natRules, "-X", chainString)
-		}
-	}
-	writeLine(natRules, "COMMIT")
-
-	natLines := append(natChains.Bytes(), natRules.Bytes()...)
-	glog.V(3).Infof("Restoring iptables rules: %s", natLines)
-	err = h.iptables.RestoreAll(natLines, utiliptables.NoFlushTables, utiliptables.RestoreCounters)
-	if err != nil {
-		return fmt.Errorf("Failed to execute iptables-restore: %v", err)
-	}
-
-	h.cleanupHostportMap(hostportPodMap)
-	return nil
-}
-
-// cleanupHostportMap closes obsolete hostports
-func (h *hostportSyncer) cleanupHostportMap(containerPortMap map[*PortMapping]targetPod) {
-	// compute hostports that are supposed to be open
-	currentHostports := make(map[hostport]bool)
-	for containerPort := range containerPortMap {
-		hp := hostport{
-			port:     containerPort.HostPort,
-			protocol: strings.ToLower(string(containerPort.Protocol)),
-		}
-		currentHostports[hp] = true
-	}
-
-	// close and delete obsolete hostports
-	for hp, socket := range h.hostPortMap {
-		if _, ok := currentHostports[hp]; !ok {
-			socket.Close()
-			glog.V(3).Infof("Closed local port %s", hp.String())
-			delete(h.hostPortMap, hp)
-		}
-	}
-}
author	Matthew Heon <matthew.heon@gmail.com>	2018-01-04 16:56:51 -0500
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-01-08 20:48:31 +0000
commit	21881679099491049db367504d09f9a48d3e5fa7 (patch)
tree	2e9595d44d510bed28730893a9fd3b969a2c8bb4 /vendor/k8s.io/kubernetes/pkg/kubelet
parent	5c5c024e80a9c78e94f8d3d7d13755b27dd9a8bf (diff)
download	podman-21881679099491049db367504d09f9a48d3e5fa7.tar.gz podman-21881679099491049db367504d09f9a48d3e5fa7.tar.bz2 podman-21881679099491049db367504d09f9a48d3e5fa7.zip