Remove vendored files unnecessary after Kube hostport removal

Signed-off-by: Matthew Heon <matthew.heon@gmail.com>

Closes: #189
Approved by: mheon

13 files changed, 0 insertions, 1820 deletions

diff --git a/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go b/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go
deleted file mode 100644
index da6fc2a4f..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/async/bounded_frequency_runner.go
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package async
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"k8s.io/client-go/util/flowcontrol"
-
-	"github.com/golang/glog"
-)
-
-// BoundedFrequencyRunner manages runs of a user-provided function.
-// See NewBoundedFrequencyRunner for examples.
-type BoundedFrequencyRunner struct {
-	name        string        // the name of this instance
-	minInterval time.Duration // the min time between runs, modulo bursts
-	maxInterval time.Duration // the max time between runs
-
-	run chan struct{} // try an async run
-
-	mu      sync.Mutex  // guards runs of fn and all mutations
-	fn      func()      // function to run
-	lastRun time.Time   // time of last run
-	timer   timer       // timer for deferred runs
-	limiter rateLimiter // rate limiter for on-demand runs
-}
-
-// designed so that flowcontrol.RateLimiter satisfies
-type rateLimiter interface {
-	TryAccept() bool
-	Stop()
-}
-
-type nullLimiter struct{}
-
-func (nullLimiter) TryAccept() bool {
-	return true
-}
-
-func (nullLimiter) Stop() {}
-
-var _ rateLimiter = nullLimiter{}
-
-// for testing
-type timer interface {
-	// C returns the timer's selectable channel.
-	C() <-chan time.Time
-
-	// See time.Timer.Reset.
-	Reset(d time.Duration) bool
-
-	// See time.Timer.Stop.
-	Stop() bool
-
-	// See time.Now.
-	Now() time.Time
-
-	// See time.Since.
-	Since(t time.Time) time.Duration
-
-	// See time.Sleep.
-	Sleep(d time.Duration)
-}
-
-// implement our timer in terms of std time.Timer.
-type realTimer struct {
-	*time.Timer
-}
-
-func (rt realTimer) C() <-chan time.Time {
-	return rt.Timer.C
-}
-
-func (rt realTimer) Now() time.Time {
-	return time.Now()
-}
-
-func (rt realTimer) Since(t time.Time) time.Duration {
-	return time.Since(t)
-}
-
-func (rt realTimer) Sleep(d time.Duration) {
-	time.Sleep(d)
-}
-
-var _ timer = realTimer{}
-
-// NewBoundedFrequencyRunner creates a new BoundedFrequencyRunner instance,
-// which will manage runs of the specified function.
-//
-// All runs will be async to the caller of BoundedFrequencyRunner.Run, but
-// multiple runs are serialized. If the function needs to hold locks, it must
-// take them internally.
-//
-// Runs of the funtion will have at least minInterval between them (from
-// completion to next start), except that up to bursts may be allowed.  Burst
-// runs are "accumulated" over time, one per minInterval up to burstRuns total.
-// This can be used, for example, to mitigate the impact of expensive operations
-// being called in response to user-initiated operations. Run requests that
-// would violate the minInterval are coallesced and run at the next opportunity.
-//
-// The function will be run at least once per maxInterval. For example, this can
-// force periodic refreshes of state in the absence of anyone calling Run.
-//
-// Examples:
-//
-// NewBoundedFrequencyRunner("name", fn, time.Second, 5*time.Second, 1)
-// - fn will have at least 1 second between runs
-// - fn will have no more than 5 seconds between runs
-//
-// NewBoundedFrequencyRunner("name", fn, 3*time.Second, 10*time.Second, 3)
-// - fn will have at least 3 seconds between runs, with up to 3 burst runs
-// - fn will have no more than 10 seconds between runs
-//
-// The maxInterval must be greater than or equal to the minInterval,  If the
-// caller passes a maxInterval less than minInterval, this function will panic.
-func NewBoundedFrequencyRunner(name string, fn func(), minInterval, maxInterval time.Duration, burstRuns int) *BoundedFrequencyRunner {
-	timer := realTimer{Timer: time.NewTimer(0)} // will tick immediately
-	<-timer.C()                                 // consume the first tick
-	return construct(name, fn, minInterval, maxInterval, burstRuns, timer)
-}
-
-// Make an instance with dependencies injected.
-func construct(name string, fn func(), minInterval, maxInterval time.Duration, burstRuns int, timer timer) *BoundedFrequencyRunner {
-	if maxInterval < minInterval {
-		panic(fmt.Sprintf("%s: maxInterval (%v) must be >= minInterval (%v)", name, minInterval, maxInterval))
-	}
-	if timer == nil {
-		panic(fmt.Sprintf("%s: timer must be non-nil", name))
-	}
-
-	bfr := &BoundedFrequencyRunner{
-		name:        name,
-		fn:          fn,
-		minInterval: minInterval,
-		maxInterval: maxInterval,
-		run:         make(chan struct{}, 1),
-		timer:       timer,
-	}
-	if minInterval == 0 {
-		bfr.limiter = nullLimiter{}
-	} else {
-		// allow burst updates in short succession
-		qps := float32(time.Second) / float32(minInterval)
-		bfr.limiter = flowcontrol.NewTokenBucketRateLimiterWithClock(qps, burstRuns, timer)
-	}
-	return bfr
-}
-
-// Loop handles the periodic timer and run requests.  This is expected to be
-// called as a goroutine.
-func (bfr *BoundedFrequencyRunner) Loop(stop <-chan struct{}) {
-	glog.V(3).Infof("%s Loop running", bfr.name)
-	bfr.timer.Reset(bfr.maxInterval)
-	for {
-		select {
-		case <-stop:
-			bfr.stop()
-			glog.V(3).Infof("%s Loop stopping", bfr.name)
-			return
-		case <-bfr.timer.C():
-			bfr.tryRun()
-		case <-bfr.run:
-			bfr.tryRun()
-		}
-	}
-}
-
-// Run the function as soon as possible.  If this is called while Loop is not
-// running, the call may be deferred indefinitely.
-// If there is already a queued request to call the underlying function, it
-// may be dropped - it is just guaranteed that we will try calling the
-// underlying function as soon as possible starting from now.
-func (bfr *BoundedFrequencyRunner) Run() {
-	// If it takes a lot of time to run the underlying function, noone is really
-	// processing elements from <run> channel. So to avoid blocking here on the
-	// putting element to it, we simply skip it if there is already an element
-	// in it.
-	select {
-	case bfr.run <- struct{}{}:
-	default:
-	}
-}
-
-// assumes the lock is not held
-func (bfr *BoundedFrequencyRunner) stop() {
-	bfr.mu.Lock()
-	defer bfr.mu.Unlock()
-	bfr.limiter.Stop()
-	bfr.timer.Stop()
-}
-
-// assumes the lock is not held
-func (bfr *BoundedFrequencyRunner) tryRun() {
-	bfr.mu.Lock()
-	defer bfr.mu.Unlock()
-
-	if bfr.limiter.TryAccept() {
-		// We're allowed to run the function right now.
-		bfr.fn()
-		bfr.lastRun = bfr.timer.Now()
-		bfr.timer.Stop()
-		bfr.timer.Reset(bfr.maxInterval)
-		glog.V(3).Infof("%s: ran, next possible in %v, periodic in %v", bfr.name, bfr.minInterval, bfr.maxInterval)
-		return
-	}
-
-	// It can't run right now, figure out when it can run next.
-
-	elapsed := bfr.timer.Since(bfr.lastRun)    // how long since last run
-	nextPossible := bfr.minInterval - elapsed  // time to next possible run
-	nextScheduled := bfr.maxInterval - elapsed // time to next periodic run
-	glog.V(4).Infof("%s: %v since last run, possible in %v, scheduled in %v", bfr.name, elapsed, nextPossible, nextScheduled)
-
-	if nextPossible < nextScheduled {
-		// Set the timer for ASAP, but don't drain here.  Assuming Loop is running,
-		// it might get a delivery in the mean time, but that is OK.
-		bfr.timer.Stop()
-		bfr.timer.Reset(nextPossible)
-		glog.V(3).Infof("%s: throttled, scheduling run in %v", bfr.name, nextPossible)
-	}
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/async/runner.go b/vendor/k8s.io/kubernetes/pkg/util/async/runner.go
deleted file mode 100644
index 924f1d168..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/async/runner.go
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package async
-
-import (
-	"sync"
-)
-
-// Runner is an abstraction to make it easy to start and stop groups of things that can be
-// described by a single function which waits on a channel close to exit.
-type Runner struct {
-	lock      sync.Mutex
-	loopFuncs []func(stop chan struct{})
-	stop      *chan struct{}
-}
-
-// NewRunner makes a runner for the given function(s). The function(s) should loop until
-// the channel is closed.
-func NewRunner(f ...func(stop chan struct{})) *Runner {
-	return &Runner{loopFuncs: f}
-}
-
-// Start begins running.
-func (r *Runner) Start() {
-	r.lock.Lock()
-	defer r.lock.Unlock()
-	if r.stop == nil {
-		c := make(chan struct{})
-		r.stop = &c
-		for i := range r.loopFuncs {
-			go r.loopFuncs[i](*r.stop)
-		}
-	}
-}
-
-// Stop stops running.
-func (r *Runner) Stop() {
-	r.lock.Lock()
-	defer r.lock.Unlock()
-	if r.stop != nil {
-		close(*r.stop)
-		r.stop = nil
-	}
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/dbus/dbus.go b/vendor/k8s.io/kubernetes/pkg/util/dbus/dbus.go
deleted file mode 100644
index 702d16e5d..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/dbus/dbus.go
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	godbus "github.com/godbus/dbus"
-)
-
-// Interface is an interface that presents a subset of the godbus/dbus API.  Use this
-// when you want to inject fakeable/mockable D-Bus behavior.
-type Interface interface {
-	// SystemBus returns a connection to the system bus, connecting to it
-	// first if necessary
-	SystemBus() (Connection, error)
-	// SessionBus returns a connection to the session bus, connecting to it
-	// first if necessary
-	SessionBus() (Connection, error)
-}
-
-// Connection represents a D-Bus connection
-type Connection interface {
-	// Returns an Object representing the bus itself
-	BusObject() Object
-
-	// Object creates a representation of a remote D-Bus object
-	Object(name, path string) Object
-
-	// Signal registers or unregisters a channel to receive D-Bus signals
-	Signal(ch chan<- *godbus.Signal)
-}
-
-// Object represents a remote D-Bus object
-type Object interface {
-	// Call synchronously calls a D-Bus method
-	Call(method string, flags godbus.Flags, args ...interface{}) Call
-}
-
-// Call represents a pending or completed D-Bus method call
-type Call interface {
-	// Store returns a completed call's return values, or an error
-	Store(retvalues ...interface{}) error
-}
-
-// Implements Interface in terms of actually talking to D-Bus
-type dbusImpl struct {
-	systemBus  *connImpl
-	sessionBus *connImpl
-}
-
-// Implements Connection as a godbus.Conn
-type connImpl struct {
-	conn *godbus.Conn
-}
-
-// Implements Object as a godbus.Object
-type objectImpl struct {
-	object godbus.BusObject
-}
-
-// Implements Call as a godbus.Call
-type callImpl struct {
-	call *godbus.Call
-}
-
-// New returns a new Interface which will use godbus to talk to D-Bus
-func New() Interface {
-	return &dbusImpl{}
-}
-
-// SystemBus is part of Interface
-func (db *dbusImpl) SystemBus() (Connection, error) {
-	if db.systemBus == nil {
-		bus, err := godbus.SystemBus()
-		if err != nil {
-			return nil, err
-		}
-		db.systemBus = &connImpl{bus}
-	}
-
-	return db.systemBus, nil
-}
-
-// SessionBus is part of Interface
-func (db *dbusImpl) SessionBus() (Connection, error) {
-	if db.sessionBus == nil {
-		bus, err := godbus.SessionBus()
-		if err != nil {
-			return nil, err
-		}
-		db.sessionBus = &connImpl{bus}
-	}
-
-	return db.sessionBus, nil
-}
-
-// BusObject is part of the Connection interface
-func (conn *connImpl) BusObject() Object {
-	return &objectImpl{conn.conn.BusObject()}
-}
-
-// Object is part of the Connection interface
-func (conn *connImpl) Object(name, path string) Object {
-	return &objectImpl{conn.conn.Object(name, godbus.ObjectPath(path))}
-}
-
-// Signal is part of the Connection interface
-func (conn *connImpl) Signal(ch chan<- *godbus.Signal) {
-	conn.conn.Signal(ch)
-}
-
-// Call is part of the Object interface
-func (obj *objectImpl) Call(method string, flags godbus.Flags, args ...interface{}) Call {
-	return &callImpl{obj.object.Call(method, flags, args...)}
-}
-
-// Store is part of the Call interface
-func (call *callImpl) Store(retvalues ...interface{}) error {
-	return call.call.Store(retvalues...)
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/dbus/doc.go b/vendor/k8s.io/kubernetes/pkg/util/dbus/doc.go
deleted file mode 100644
index b07da628d..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/dbus/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package dbus provides an injectable interface and implementations for D-Bus communication
-package dbus // import "k8s.io/kubernetes/pkg/util/dbus"
diff --git a/vendor/k8s.io/kubernetes/pkg/util/dbus/fake_dbus.go b/vendor/k8s.io/kubernetes/pkg/util/dbus/fake_dbus.go
deleted file mode 100644
index 44131272e..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/dbus/fake_dbus.go
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package dbus
-
-import (
-	"fmt"
-
-	godbus "github.com/godbus/dbus"
-)
-
-// DBusFake is a simple fake Interface type.
-type DBusFake struct {
-	systemBus  *DBusFakeConnection
-	sessionBus *DBusFakeConnection
-}
-
-// DBusFakeConnection represents a fake D-Bus connection
-type DBusFakeConnection struct {
-	busObject      *fakeObject
-	objects        map[string]*fakeObject
-	signalHandlers []chan<- *godbus.Signal
-}
-
-// DBusFakeHandler is used to handle fake D-Bus method calls
-type DBusFakeHandler func(method string, args ...interface{}) ([]interface{}, error)
-
-type fakeObject struct {
-	handler DBusFakeHandler
-}
-
-type fakeCall struct {
-	ret []interface{}
-	err error
-}
-
-// NewFake returns a new Interface which will fake talking to D-Bus
-func NewFake(systemBus *DBusFakeConnection, sessionBus *DBusFakeConnection) *DBusFake {
-	return &DBusFake{systemBus, sessionBus}
-}
-
-func NewFakeConnection() *DBusFakeConnection {
-	return &DBusFakeConnection{
-		objects: make(map[string]*fakeObject),
-	}
-}
-
-// SystemBus is part of Interface
-func (db *DBusFake) SystemBus() (Connection, error) {
-	if db.systemBus != nil {
-		return db.systemBus, nil
-	} else {
-		return nil, fmt.Errorf("DBus is not running")
-	}
-}
-
-// SessionBus is part of Interface
-func (db *DBusFake) SessionBus() (Connection, error) {
-	if db.sessionBus != nil {
-		return db.sessionBus, nil
-	} else {
-		return nil, fmt.Errorf("DBus is not running")
-	}
-}
-
-// BusObject is part of the Connection interface
-func (conn *DBusFakeConnection) BusObject() Object {
-	return conn.busObject
-}
-
-// Object is part of the Connection interface
-func (conn *DBusFakeConnection) Object(name, path string) Object {
-	return conn.objects[name+path]
-}
-
-// Signal is part of the Connection interface
-func (conn *DBusFakeConnection) Signal(ch chan<- *godbus.Signal) {
-	for i := range conn.signalHandlers {
-		if conn.signalHandlers[i] == ch {
-			conn.signalHandlers = append(conn.signalHandlers[:i], conn.signalHandlers[i+1:]...)
-			return
-		}
-	}
-	conn.signalHandlers = append(conn.signalHandlers, ch)
-}
-
-// SetBusObject sets the handler for the BusObject of conn
-func (conn *DBusFakeConnection) SetBusObject(handler DBusFakeHandler) {
-	conn.busObject = &fakeObject{handler}
-}
-
-// AddObject adds a handler for the Object at name and path
-func (conn *DBusFakeConnection) AddObject(name, path string, handler DBusFakeHandler) {
-	conn.objects[name+path] = &fakeObject{handler}
-}
-
-// EmitSignal emits a signal on conn
-func (conn *DBusFakeConnection) EmitSignal(name, path, iface, signal string, args ...interface{}) {
-	sig := &godbus.Signal{
-		Sender: name,
-		Path:   godbus.ObjectPath(path),
-		Name:   iface + "." + signal,
-		Body:   args,
-	}
-	for _, ch := range conn.signalHandlers {
-		ch <- sig
-	}
-}
-
-// Call is part of the Object interface
-func (obj *fakeObject) Call(method string, flags godbus.Flags, args ...interface{}) Call {
-	ret, err := obj.handler(method, args...)
-	return &fakeCall{ret, err}
-}
-
-// Store is part of the Call interface
-func (call *fakeCall) Store(retvalues ...interface{}) error {
-	if call.err != nil {
-		return call.err
-	}
-	return godbus.Store(call.ret, retvalues...)
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/iptables/doc.go b/vendor/k8s.io/kubernetes/pkg/util/iptables/doc.go
deleted file mode 100644
index f26498293..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/iptables/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package iptables provides an interface and implementations for running iptables commands.
-package iptables // import "k8s.io/kubernetes/pkg/util/iptables"
diff --git a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables.go b/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables.go
deleted file mode 100644
index b6c08fa37..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables.go
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package iptables
-
-import (
-	"bytes"
-	"fmt"
-	"regexp"
-	"strings"
-	"sync"
-
-	godbus "github.com/godbus/dbus"
-	"github.com/golang/glog"
-	"k8s.io/apimachinery/pkg/util/sets"
-	utildbus "k8s.io/kubernetes/pkg/util/dbus"
-	utilexec "k8s.io/kubernetes/pkg/util/exec"
-	utilversion "k8s.io/kubernetes/pkg/util/version"
-)
-
-type RulePosition string
-
-const (
-	Prepend RulePosition = "-I"
-	Append  RulePosition = "-A"
-)
-
-// An injectable interface for running iptables commands.  Implementations must be goroutine-safe.
-type Interface interface {
-	// GetVersion returns the "X.Y.Z" version string for iptables.
-	GetVersion() (string, error)
-	// EnsureChain checks if the specified chain exists and, if not, creates it.  If the chain existed, return true.
-	EnsureChain(table Table, chain Chain) (bool, error)
-	// FlushChain clears the specified chain.  If the chain did not exist, return error.
-	FlushChain(table Table, chain Chain) error
-	// DeleteChain deletes the specified chain.  If the chain did not exist, return error.
-	DeleteChain(table Table, chain Chain) error
-	// EnsureRule checks if the specified rule is present and, if not, creates it.  If the rule existed, return true.
-	EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error)
-	// DeleteRule checks if the specified rule is present and, if so, deletes it.
-	DeleteRule(table Table, chain Chain, args ...string) error
-	// IsIpv6 returns true if this is managing ipv6 tables
-	IsIpv6() bool
-	// SaveInto calls `iptables-save` for table and stores result in a given buffer.
-	SaveInto(table Table, buffer *bytes.Buffer) error
-	// Restore runs `iptables-restore` passing data through []byte.
-	// table is the Table to restore
-	// data should be formatted like the output of SaveInto()
-	// flush sets the presence of the "--noflush" flag. see: FlushFlag
-	// counters sets the "--counters" flag. see: RestoreCountersFlag
-	Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error
-	// RestoreAll is the same as Restore except that no table is specified.
-	RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error
-	// AddReloadFunc adds a function to call on iptables reload
-	AddReloadFunc(reloadFunc func())
-	// Destroy cleans up resources used by the Interface
-	Destroy()
-}
-
-type Protocol byte
-
-const (
-	ProtocolIpv4 Protocol = iota + 1
-	ProtocolIpv6
-)
-
-type Table string
-
-const (
-	TableNAT    Table = "nat"
-	TableFilter Table = "filter"
-)
-
-type Chain string
-
-const (
-	ChainPostrouting Chain = "POSTROUTING"
-	ChainPrerouting  Chain = "PREROUTING"
-	ChainOutput      Chain = "OUTPUT"
-	ChainInput       Chain = "INPUT"
-)
-
-const (
-	cmdIPTablesSave    string = "iptables-save"
-	cmdIPTablesRestore string = "iptables-restore"
-	cmdIPTables        string = "iptables"
-	cmdIp6tables       string = "ip6tables"
-)
-
-// Option flag for Restore
-type RestoreCountersFlag bool
-
-const RestoreCounters RestoreCountersFlag = true
-const NoRestoreCounters RestoreCountersFlag = false
-
-// Option flag for Flush
-type FlushFlag bool
-
-const FlushTables FlushFlag = true
-const NoFlushTables FlushFlag = false
-
-// Versions of iptables less than this do not support the -C / --check flag
-// (test whether a rule exists).
-const MinCheckVersion = "1.4.11"
-
-// Minimum iptables versions supporting the -w and -w2 flags
-const MinWaitVersion = "1.4.20"
-const MinWait2Version = "1.4.22"
-
-const LockfilePath16x = "/run/xtables.lock"
-
-// runner implements Interface in terms of exec("iptables").
-type runner struct {
-	mu              sync.Mutex
-	exec            utilexec.Interface
-	dbus            utildbus.Interface
-	protocol        Protocol
-	hasCheck        bool
-	waitFlag        []string
-	restoreWaitFlag []string
-	lockfilePath    string
-
-	reloadFuncs []func()
-	signal      chan *godbus.Signal
-}
-
-// newInternal returns a new Interface which will exec iptables, and allows the
-// caller to change the iptables-restore lockfile path
-func newInternal(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol, lockfilePath string) Interface {
-	vstring, err := getIPTablesVersionString(exec)
-	if err != nil {
-		glog.Warningf("Error checking iptables version, assuming version at least %s: %v", MinCheckVersion, err)
-		vstring = MinCheckVersion
-	}
-
-	if lockfilePath == "" {
-		lockfilePath = LockfilePath16x
-	}
-
-	runner := &runner{
-		exec:            exec,
-		dbus:            dbus,
-		protocol:        protocol,
-		hasCheck:        getIPTablesHasCheckCommand(vstring),
-		waitFlag:        getIPTablesWaitFlag(vstring),
-		restoreWaitFlag: getIPTablesRestoreWaitFlag(exec),
-		lockfilePath:    lockfilePath,
-	}
-	// TODO this needs to be moved to a separate Start() or Run() function so that New() has zero side
-	// effects.
-	runner.connectToFirewallD()
-	return runner
-}
-
-// New returns a new Interface which will exec iptables.
-func New(exec utilexec.Interface, dbus utildbus.Interface, protocol Protocol) Interface {
-	return newInternal(exec, dbus, protocol, "")
-}
-
-// Destroy is part of Interface.
-func (runner *runner) Destroy() {
-	if runner.signal != nil {
-		runner.signal <- nil
-	}
-}
-
-const (
-	firewalldName      = "org.fedoraproject.FirewallD1"
-	firewalldPath      = "/org/fedoraproject/FirewallD1"
-	firewalldInterface = "org.fedoraproject.FirewallD1"
-)
-
-// Connects to D-Bus and listens for FirewallD start/restart. (On non-FirewallD-using
-// systems, this is effectively a no-op; we listen for the signals, but they will never be
-// emitted, so reload() will never be called.)
-func (runner *runner) connectToFirewallD() {
-	bus, err := runner.dbus.SystemBus()
-	if err != nil {
-		glog.V(1).Infof("Could not connect to D-Bus system bus: %s", err)
-		return
-	}
-
-	rule := fmt.Sprintf("type='signal',sender='%s',path='%s',interface='%s',member='Reloaded'", firewalldName, firewalldPath, firewalldInterface)
-	bus.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
-
-	rule = fmt.Sprintf("type='signal',interface='org.freedesktop.DBus',member='NameOwnerChanged',path='/org/freedesktop/DBus',sender='org.freedesktop.DBus',arg0='%s'", firewalldName)
-	bus.BusObject().Call("org.freedesktop.DBus.AddMatch", 0, rule)
-
-	runner.signal = make(chan *godbus.Signal, 10)
-	bus.Signal(runner.signal)
-
-	go runner.dbusSignalHandler(bus)
-}
-
-// GetVersion returns the version string.
-func (runner *runner) GetVersion() (string, error) {
-	return getIPTablesVersionString(runner.exec)
-}
-
-// EnsureChain is part of Interface.
-func (runner *runner) EnsureChain(table Table, chain Chain) (bool, error) {
-	fullArgs := makeFullArgs(table, chain)
-
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	out, err := runner.run(opCreateChain, fullArgs)
-	if err != nil {
-		if ee, ok := err.(utilexec.ExitError); ok {
-			if ee.Exited() && ee.ExitStatus() == 1 {
-				return true, nil
-			}
-		}
-		return false, fmt.Errorf("error creating chain %q: %v: %s", chain, err, out)
-	}
-	return false, nil
-}
-
-// FlushChain is part of Interface.
-func (runner *runner) FlushChain(table Table, chain Chain) error {
-	fullArgs := makeFullArgs(table, chain)
-
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	out, err := runner.run(opFlushChain, fullArgs)
-	if err != nil {
-		return fmt.Errorf("error flushing chain %q: %v: %s", chain, err, out)
-	}
-	return nil
-}
-
-// DeleteChain is part of Interface.
-func (runner *runner) DeleteChain(table Table, chain Chain) error {
-	fullArgs := makeFullArgs(table, chain)
-
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	// TODO: we could call iptables -S first, ignore the output and check for non-zero return (more like DeleteRule)
-	out, err := runner.run(opDeleteChain, fullArgs)
-	if err != nil {
-		return fmt.Errorf("error deleting chain %q: %v: %s", chain, err, out)
-	}
-	return nil
-}
-
-// EnsureRule is part of Interface.
-func (runner *runner) EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error) {
-	fullArgs := makeFullArgs(table, chain, args...)
-
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	exists, err := runner.checkRule(table, chain, args...)
-	if err != nil {
-		return false, err
-	}
-	if exists {
-		return true, nil
-	}
-	out, err := runner.run(operation(position), fullArgs)
-	if err != nil {
-		return false, fmt.Errorf("error appending rule: %v: %s", err, out)
-	}
-	return false, nil
-}
-
-// DeleteRule is part of Interface.
-func (runner *runner) DeleteRule(table Table, chain Chain, args ...string) error {
-	fullArgs := makeFullArgs(table, chain, args...)
-
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	exists, err := runner.checkRule(table, chain, args...)
-	if err != nil {
-		return err
-	}
-	if !exists {
-		return nil
-	}
-	out, err := runner.run(opDeleteRule, fullArgs)
-	if err != nil {
-		return fmt.Errorf("error deleting rule: %v: %s", err, out)
-	}
-	return nil
-}
-
-func (runner *runner) IsIpv6() bool {
-	return runner.protocol == ProtocolIpv6
-}
-
-// SaveInto is part of Interface.
-func (runner *runner) SaveInto(table Table, buffer *bytes.Buffer) error {
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	// run and return
-	args := []string{"-t", string(table)}
-	glog.V(4).Infof("running iptables-save %v", args)
-	cmd := runner.exec.Command(cmdIPTablesSave, args...)
-	// Since CombinedOutput() doesn't support redirecting it to a buffer,
-	// we need to workaround it by redirecting stdout and stderr to buffer
-	// and explicitly calling Run() [CombinedOutput() underneath itself
-	// creates a new buffer, redirects stdout and stderr to it and also
-	// calls Run()].
-	cmd.SetStdout(buffer)
-	cmd.SetStderr(buffer)
-	return cmd.Run()
-}
-
-// Restore is part of Interface.
-func (runner *runner) Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error {
-	// setup args
-	args := []string{"-T", string(table)}
-	return runner.restoreInternal(args, data, flush, counters)
-}
-
-// RestoreAll is part of Interface.
-func (runner *runner) RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error {
-	// setup args
-	args := make([]string, 0)
-	return runner.restoreInternal(args, data, flush, counters)
-}
-
-type iptablesLocker interface {
-	Close()
-}
-
-// restoreInternal is the shared part of Restore/RestoreAll
-func (runner *runner) restoreInternal(args []string, data []byte, flush FlushFlag, counters RestoreCountersFlag) error {
-	runner.mu.Lock()
-	defer runner.mu.Unlock()
-
-	if !flush {
-		args = append(args, "--noflush")
-	}
-	if counters {
-		args = append(args, "--counters")
-	}
-
-	// Grab the iptables lock to prevent iptables-restore and iptables
-	// from stepping on each other.  iptables-restore 1.6.2 will have
-	// a --wait option like iptables itself, but that's not widely deployed.
-	if len(runner.restoreWaitFlag) == 0 {
-		locker, err := grabIptablesLocks(runner.lockfilePath)
-		if err != nil {
-			return err
-		}
-		defer locker.Close()
-	}
-
-	// run the command and return the output or an error including the output and error
-	fullArgs := append(runner.restoreWaitFlag, args...)
-	glog.V(4).Infof("running iptables-restore %v", fullArgs)
-	cmd := runner.exec.Command(cmdIPTablesRestore, fullArgs...)
-	cmd.SetStdin(bytes.NewBuffer(data))
-	b, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("%v (%s)", err, b)
-	}
-	return nil
-}
-
-func (runner *runner) iptablesCommand() string {
-	if runner.IsIpv6() {
-		return cmdIp6tables
-	} else {
-		return cmdIPTables
-	}
-}
-
-func (runner *runner) run(op operation, args []string) ([]byte, error) {
-	iptablesCmd := runner.iptablesCommand()
-
-	fullArgs := append(runner.waitFlag, string(op))
-	fullArgs = append(fullArgs, args...)
-	glog.V(5).Infof("running iptables %s %v", string(op), args)
-	return runner.exec.Command(iptablesCmd, fullArgs...).CombinedOutput()
-	// Don't log err here - callers might not think it is an error.
-}
-
-// Returns (bool, nil) if it was able to check the existence of the rule, or
-// (<undefined>, error) if the process of checking failed.
-func (runner *runner) checkRule(table Table, chain Chain, args ...string) (bool, error) {
-	if runner.hasCheck {
-		return runner.checkRuleUsingCheck(makeFullArgs(table, chain, args...))
-	} else {
-		return runner.checkRuleWithoutCheck(table, chain, args...)
-	}
-}
-
-var hexnumRE = regexp.MustCompile("0x0+([0-9])")
-
-func trimhex(s string) string {
-	return hexnumRE.ReplaceAllString(s, "0x$1")
-}
-
-// Executes the rule check without using the "-C" flag, instead parsing iptables-save.
-// Present for compatibility with <1.4.11 versions of iptables.  This is full
-// of hack and half-measures.  We should nix this ASAP.
-func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...string) (bool, error) {
-	glog.V(1).Infof("running iptables-save -t %s", string(table))
-	out, err := runner.exec.Command(cmdIPTablesSave, "-t", string(table)).CombinedOutput()
-	if err != nil {
-		return false, fmt.Errorf("error checking rule: %v", err)
-	}
-
-	// Sadly, iptables has inconsistent quoting rules for comments. Just remove all quotes.
-	// Also, quoted multi-word comments (which are counted as a single arg)
-	// will be unpacked into multiple args,
-	// in order to compare against iptables-save output (which will be split at whitespace boundary)
-	// e.g. a single arg('"this must be before the NodePort rules"') will be unquoted and unpacked into 7 args.
-	var argsCopy []string
-	for i := range args {
-		tmpField := strings.Trim(args[i], "\"")
-		tmpField = trimhex(tmpField)
-		argsCopy = append(argsCopy, strings.Fields(tmpField)...)
-	}
-	argset := sets.NewString(argsCopy...)
-
-	for _, line := range strings.Split(string(out), "\n") {
-		var fields = strings.Fields(line)
-
-		// Check that this is a rule for the correct chain, and that it has
-		// the correct number of argument (+2 for "-A <chain name>")
-		if !strings.HasPrefix(line, fmt.Sprintf("-A %s", string(chain))) || len(fields) != len(argsCopy)+2 {
-			continue
-		}
-
-		// Sadly, iptables has inconsistent quoting rules for comments.
-		// Just remove all quotes.
-		for i := range fields {
-			fields[i] = strings.Trim(fields[i], "\"")
-			fields[i] = trimhex(fields[i])
-		}
-
-		// TODO: This misses reorderings e.g. "-x foo ! -y bar" will match "! -x foo -y bar"
-		if sets.NewString(fields...).IsSuperset(argset) {
-			return true, nil
-		}
-		glog.V(5).Infof("DBG: fields is not a superset of args: fields=%v  args=%v", fields, args)
-	}
-
-	return false, nil
-}
-
-// Executes the rule check using the "-C" flag
-func (runner *runner) checkRuleUsingCheck(args []string) (bool, error) {
-	out, err := runner.run(opCheckRule, args)
-	if err == nil {
-		return true, nil
-	}
-	if ee, ok := err.(utilexec.ExitError); ok {
-		// iptables uses exit(1) to indicate a failure of the operation,
-		// as compared to a malformed commandline, for example.
-		if ee.Exited() && ee.ExitStatus() == 1 {
-			return false, nil
-		}
-	}
-	return false, fmt.Errorf("error checking rule: %v: %s", err, out)
-}
-
-type operation string
-
-const (
-	opCreateChain operation = "-N"
-	opFlushChain  operation = "-F"
-	opDeleteChain operation = "-X"
-	opAppendRule  operation = "-A"
-	opCheckRule   operation = "-C"
-	opDeleteRule  operation = "-D"
-)
-
-func makeFullArgs(table Table, chain Chain, args ...string) []string {
-	return append([]string{string(chain), "-t", string(table)}, args...)
-}
-
-// Checks if iptables has the "-C" flag
-func getIPTablesHasCheckCommand(vstring string) bool {
-	minVersion, err := utilversion.ParseGeneric(MinCheckVersion)
-	if err != nil {
-		glog.Errorf("MinCheckVersion (%s) is not a valid version string: %v", MinCheckVersion, err)
-		return true
-	}
-	version, err := utilversion.ParseGeneric(vstring)
-	if err != nil {
-		glog.Errorf("vstring (%s) is not a valid version string: %v", vstring, err)
-		return true
-	}
-	return version.AtLeast(minVersion)
-}
-
-// Checks if iptables version has a "wait" flag
-func getIPTablesWaitFlag(vstring string) []string {
-	version, err := utilversion.ParseGeneric(vstring)
-	if err != nil {
-		glog.Errorf("vstring (%s) is not a valid version string: %v", vstring, err)
-		return nil
-	}
-
-	minVersion, err := utilversion.ParseGeneric(MinWaitVersion)
-	if err != nil {
-		glog.Errorf("MinWaitVersion (%s) is not a valid version string: %v", MinWaitVersion, err)
-		return nil
-	}
-	if version.LessThan(minVersion) {
-		return nil
-	}
-
-	minVersion, err = utilversion.ParseGeneric(MinWait2Version)
-	if err != nil {
-		glog.Errorf("MinWait2Version (%s) is not a valid version string: %v", MinWait2Version, err)
-		return nil
-	}
-	if version.LessThan(minVersion) {
-		return []string{"-w"}
-	} else {
-		return []string{"-w2"}
-	}
-}
-
-// getIPTablesVersionString runs "iptables --version" to get the version string
-// in the form "X.X.X"
-func getIPTablesVersionString(exec utilexec.Interface) (string, error) {
-	// this doesn't access mutable state so we don't need to use the interface / runner
-	bytes, err := exec.Command(cmdIPTables, "--version").CombinedOutput()
-	if err != nil {
-		return "", err
-	}
-	versionMatcher := regexp.MustCompile("v([0-9]+(\\.[0-9]+)+)")
-	match := versionMatcher.FindStringSubmatch(string(bytes))
-	if match == nil {
-		return "", fmt.Errorf("no iptables version found in string: %s", bytes)
-	}
-	return match[1], nil
-}
-
-// Checks if iptables-restore has a "wait" flag
-// --wait support landed in v1.6.1+ right before --version support, so
-// any version of iptables-restore that supports --version will also
-// support --wait
-func getIPTablesRestoreWaitFlag(exec utilexec.Interface) []string {
-	vstring, err := getIPTablesRestoreVersionString(exec)
-	if err != nil || vstring == "" {
-		glog.V(3).Infof("couldn't get iptables-restore version; assuming it doesn't support --wait")
-		return nil
-	}
-	if _, err := utilversion.ParseGeneric(vstring); err != nil {
-		glog.V(3).Infof("couldn't parse iptables-restore version; assuming it doesn't support --wait")
-		return nil
-	}
-
-	return []string{"--wait=2"}
-}
-
-// getIPTablesRestoreVersionString runs "iptables-restore --version" to get the version string
-// in the form "X.X.X"
-func getIPTablesRestoreVersionString(exec utilexec.Interface) (string, error) {
-	// this doesn't access mutable state so we don't need to use the interface / runner
-
-	// iptables-restore hasn't always had --version, and worse complains
-	// about unrecognized commands but doesn't exit when it gets them.
-	// Work around that by setting stdin to nothing so it exits immediately.
-	cmd := exec.Command(cmdIPTablesRestore, "--version")
-	cmd.SetStdin(bytes.NewReader([]byte{}))
-	bytes, err := cmd.CombinedOutput()
-	if err != nil {
-		return "", err
-	}
-	versionMatcher := regexp.MustCompile("v([0-9]+(\\.[0-9]+)+)")
-	match := versionMatcher.FindStringSubmatch(string(bytes))
-	if match == nil {
-		return "", fmt.Errorf("no iptables version found in string: %s", bytes)
-	}
-	return match[1], nil
-}
-
-// goroutine to listen for D-Bus signals
-func (runner *runner) dbusSignalHandler(bus utildbus.Connection) {
-	firewalld := bus.Object(firewalldName, firewalldPath)
-
-	for s := range runner.signal {
-		if s == nil {
-			// Unregister
-			bus.Signal(runner.signal)
-			return
-		}
-
-		switch s.Name {
-		case "org.freedesktop.DBus.NameOwnerChanged":
-			name := s.Body[0].(string)
-			new_owner := s.Body[2].(string)
-
-			if name != firewalldName || len(new_owner) == 0 {
-				continue
-			}
-
-			// FirewallD startup (specifically the part where it deletes
-			// all existing iptables rules) may not yet be complete when
-			// we get this signal, so make a dummy request to it to
-			// synchronize.
-			firewalld.Call(firewalldInterface+".getDefaultZone", 0)
-
-			runner.reload()
-		case firewalldInterface + ".Reloaded":
-			runner.reload()
-		}
-	}
-}
-
-// AddReloadFunc is part of Interface
-func (runner *runner) AddReloadFunc(reloadFunc func()) {
-	runner.reloadFuncs = append(runner.reloadFuncs, reloadFunc)
-}
-
-// runs all reload funcs to re-sync iptables rules
-func (runner *runner) reload() {
-	glog.V(1).Infof("reloading iptables rules")
-
-	for _, f := range runner.reloadFuncs {
-		f()
-	}
-}
-
-// IsNotFoundError returns true if the error indicates "not found".  It parses
-// the error string looking for known values, which is imperfect but works in
-// practice.
-func IsNotFoundError(err error) bool {
-	es := err.Error()
-	if strings.Contains(es, "No such file or directory") {
-		return true
-	}
-	if strings.Contains(es, "No chain/target/match by that name") {
-		return true
-	}
-	return false
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_linux.go b/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_linux.go
deleted file mode 100644
index 4f614cb52..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_linux.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// +build linux
-
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package iptables
-
-import (
-	"fmt"
-	"net"
-	"os"
-	"time"
-
-	"golang.org/x/sys/unix"
-	"k8s.io/apimachinery/pkg/util/wait"
-)
-
-type locker struct {
-	lock16 *os.File
-	lock14 *net.UnixListener
-}
-
-func (l *locker) Close() {
-	if l.lock16 != nil {
-		l.lock16.Close()
-	}
-	if l.lock14 != nil {
-		l.lock14.Close()
-	}
-}
-
-func grabIptablesLocks(lockfilePath string) (iptablesLocker, error) {
-	var err error
-	var success bool
-
-	l := &locker{}
-	defer func(l *locker) {
-		// Clean up immediately on failure
-		if !success {
-			l.Close()
-		}
-	}(l)
-
-	// Grab both 1.6.x and 1.4.x-style locks; we don't know what the
-	// iptables-restore version is if it doesn't support --wait, so we
-	// can't assume which lock method it'll use.
-
-	// Roughly duplicate iptables 1.6.x xtables_lock() function.
-	l.lock16, err = os.OpenFile(lockfilePath, os.O_CREATE, 0600)
-	if err != nil {
-		return nil, fmt.Errorf("failed to open iptables lock %s: %v", lockfilePath, err)
-	}
-
-	if err := wait.PollImmediate(200*time.Millisecond, 2*time.Second, func() (bool, error) {
-		if err := grabIptablesFileLock(l.lock16); err != nil {
-			return false, nil
-		}
-		return true, nil
-	}); err != nil {
-		return nil, fmt.Errorf("failed to acquire new iptables lock: %v", err)
-	}
-
-	// Roughly duplicate iptables 1.4.x xtables_lock() function.
-	if err := wait.PollImmediate(200*time.Millisecond, 2*time.Second, func() (bool, error) {
-		l.lock14, err = net.ListenUnix("unix", &net.UnixAddr{Name: "@xtables", Net: "unix"})
-		if err != nil {
-			return false, nil
-		}
-		return true, nil
-	}); err != nil {
-		return nil, fmt.Errorf("failed to acquire old iptables lock: %v", err)
-	}
-
-	success = true
-	return l, nil
-}
-
-func grabIptablesFileLock(f *os.File) error {
-	return unix.Flock(int(f.Fd()), unix.LOCK_EX|unix.LOCK_NB)
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_unsupported.go b/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_unsupported.go
deleted file mode 100644
index c6a5f0d7d..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/iptables/iptables_unsupported.go
+++ /dev/null
@@ -1,32 +0,0 @@
-// +build !linux
-
-/*
-Copyright 2017 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package iptables
-
-import (
-	"fmt"
-	"os"
-)
-
-func grabIptablesLocks(lockfilePath string) (iptablesLocker, error) {
-	return nil, fmt.Errorf("iptables unsupported on this platform")
-}
-
-func grabIptablesFileLock(f *os.File) error {
-	return fmt.Errorf("iptables unsupported on this platform")
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/iptables/save_restore.go b/vendor/k8s.io/kubernetes/pkg/util/iptables/save_restore.go
deleted file mode 100644
index 6f4eacaca..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/iptables/save_restore.go
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
-Copyright 2014 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package iptables
-
-import (
-	"fmt"
-	"strings"
-)
-
-// MakeChainLine return an iptables-save/restore formatted chain line given a Chain
-func MakeChainLine(chain Chain) string {
-	return fmt.Sprintf(":%s - [0:0]", chain)
-}
-
-// GetChainLines parses a table's iptables-save data to find chains in the table.
-// It returns a map of iptables.Chain to string where the string is the chain line from the save (with counters etc).
-func GetChainLines(table Table, save []byte) map[Chain]string {
-	chainsMap := make(map[Chain]string)
-	tablePrefix := "*" + string(table)
-	readIndex := 0
-	// find beginning of table
-	for readIndex < len(save) {
-		line, n := ReadLine(readIndex, save)
-		readIndex = n
-		if strings.HasPrefix(line, tablePrefix) {
-			break
-		}
-	}
-	// parse table lines
-	for readIndex < len(save) {
-		line, n := ReadLine(readIndex, save)
-		readIndex = n
-		if len(line) == 0 {
-			continue
-		}
-		if strings.HasPrefix(line, "COMMIT") || strings.HasPrefix(line, "*") {
-			break
-		} else if strings.HasPrefix(line, "#") {
-			continue
-		} else if strings.HasPrefix(line, ":") && len(line) > 1 {
-			// We assume that the <line> contains space - chain lines have 3 fields,
-			// space delimited. If there is no space, this line will panic.
-			chain := Chain(line[1:strings.Index(line, " ")])
-			chainsMap[chain] = line
-		}
-	}
-	return chainsMap
-}
-
-func ReadLine(readIndex int, byteArray []byte) (string, int) {
-	currentReadIndex := readIndex
-
-	// consume left spaces
-	for currentReadIndex < len(byteArray) {
-		if byteArray[currentReadIndex] == ' ' {
-			currentReadIndex++
-		} else {
-			break
-		}
-	}
-
-	// leftTrimIndex stores the left index of the line after the line is left-trimmed
-	leftTrimIndex := currentReadIndex
-
-	// rightTrimIndex stores the right index of the line after the line is right-trimmed
-	// it is set to -1 since the correct value has not yet been determined.
-	rightTrimIndex := -1
-
-	for ; currentReadIndex < len(byteArray); currentReadIndex++ {
-		if byteArray[currentReadIndex] == ' ' {
-			// set rightTrimIndex
-			if rightTrimIndex == -1 {
-				rightTrimIndex = currentReadIndex
-			}
-		} else if (byteArray[currentReadIndex] == '\n') || (currentReadIndex == (len(byteArray) - 1)) {
-			// end of line or byte buffer is reached
-			if currentReadIndex <= leftTrimIndex {
-				return "", currentReadIndex + 1
-			}
-			// set the rightTrimIndex
-			if rightTrimIndex == -1 {
-				rightTrimIndex = currentReadIndex
-				if currentReadIndex == (len(byteArray)-1) && (byteArray[currentReadIndex] != '\n') {
-					// ensure that the last character is part of the returned string,
-					// unless the last character is '\n'
-					rightTrimIndex = currentReadIndex + 1
-				}
-			}
-			return string(byteArray[leftTrimIndex:rightTrimIndex]), currentReadIndex + 1
-		} else {
-			// unset rightTrimIndex
-			rightTrimIndex = -1
-		}
-	}
-	return "", currentReadIndex
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/sysctl/sysctl.go b/vendor/k8s.io/kubernetes/pkg/util/sysctl/sysctl.go
deleted file mode 100644
index 5c01dd88e..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/sysctl/sysctl.go
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
-Copyright 2015 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package sysctl
-
-import (
-	"io/ioutil"
-	"path"
-	"strconv"
-	"strings"
-)
-
-const (
-	sysctlBase         = "/proc/sys"
-	VmOvercommitMemory = "vm/overcommit_memory"
-	VmPanicOnOOM       = "vm/panic_on_oom"
-	KernelPanic        = "kernel/panic"
-	KernelPanicOnOops  = "kernel/panic_on_oops"
-	RootMaxKeys        = "kernel/keys/root_maxkeys"
-	RootMaxBytes       = "kernel/keys/root_maxbytes"
-
-	VmOvercommitMemoryAlways    = 1 // kernel performs no memory over-commit handling
-	VmPanicOnOOMInvokeOOMKiller = 0 // kernel calls the oom_killer function when OOM occurs
-
-	KernelPanicOnOopsAlways  = 1  // kernel panics on kernel oops
-	KernelPanicRebootTimeout = 10 // seconds after a panic for the kernel to reboot
-
-	RootMaxKeysSetting  = 1000000                 // Needed since docker creates a new key per container
-	RootMaxBytesSetting = RootMaxKeysSetting * 25 // allocate 25 bytes per key * number of MaxKeys
-)
-
-// An injectable interface for running sysctl commands.
-type Interface interface {
-	// GetSysctl returns the value for the specified sysctl setting
-	GetSysctl(sysctl string) (int, error)
-	// SetSysctl modifies the specified sysctl flag to the new value
-	SetSysctl(sysctl string, newVal int) error
-}
-
-// New returns a new Interface for accessing sysctl
-func New() Interface {
-	return &procSysctl{}
-}
-
-// procSysctl implements Interface by reading and writing files under /proc/sys
-type procSysctl struct {
-}
-
-// GetSysctl returns the value for the specified sysctl setting
-func (_ *procSysctl) GetSysctl(sysctl string) (int, error) {
-	data, err := ioutil.ReadFile(path.Join(sysctlBase, sysctl))
-	if err != nil {
-		return -1, err
-	}
-	val, err := strconv.Atoi(strings.Trim(string(data), " \n"))
-	if err != nil {
-		return -1, err
-	}
-	return val, nil
-}
-
-// SetSysctl modifies the specified sysctl flag to the new value
-func (_ *procSysctl) SetSysctl(sysctl string, newVal int) error {
-	return ioutil.WriteFile(path.Join(sysctlBase, sysctl), []byte(strconv.Itoa(newVal)), 0640)
-}
diff --git a/vendor/k8s.io/kubernetes/pkg/util/version/doc.go b/vendor/k8s.io/kubernetes/pkg/util/version/doc.go
deleted file mode 100644
index ebe43152e..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/version/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Package version provides utilities for version number comparisons
-package version // import "k8s.io/kubernetes/pkg/util/version"
diff --git a/vendor/k8s.io/kubernetes/pkg/util/version/version.go b/vendor/k8s.io/kubernetes/pkg/util/version/version.go
deleted file mode 100644
index 327f2e67f..000000000
--- a/vendor/k8s.io/kubernetes/pkg/util/version/version.go
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package version
-
-import (
-	"bytes"
-	"fmt"
-	"regexp"
-	"strconv"
-	"strings"
-)
-
-// Version is an opqaue representation of a version number
-type Version struct {
-	components    []uint
-	semver        bool
-	preRelease    string
-	buildMetadata string
-}
-
-var (
-	// versionMatchRE splits a version string into numeric and "extra" parts
-	versionMatchRE = regexp.MustCompile(`^\s*v?([0-9]+(?:\.[0-9]+)*)(.*)*$`)
-	// extraMatchRE splits the "extra" part of versionMatchRE into semver pre-release and build metadata; it does not validate the "no leading zeroes" constraint for pre-release
-	extraMatchRE = regexp.MustCompile(`^(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?\s*$`)
-)
-
-func parse(str string, semver bool) (*Version, error) {
-	parts := versionMatchRE.FindStringSubmatch(str)
-	if parts == nil {
-		return nil, fmt.Errorf("could not parse %q as version", str)
-	}
-	numbers, extra := parts[1], parts[2]
-
-	components := strings.Split(numbers, ".")
-	if (semver && len(components) != 3) || (!semver && len(components) < 2) {
-		return nil, fmt.Errorf("illegal version string %q", str)
-	}
-
-	v := &Version{
-		components: make([]uint, len(components)),
-		semver:     semver,
-	}
-	for i, comp := range components {
-		if (i == 0 || semver) && strings.HasPrefix(comp, "0") && comp != "0" {
-			return nil, fmt.Errorf("illegal zero-prefixed version component %q in %q", comp, str)
-		}
-		num, err := strconv.ParseUint(comp, 10, 0)
-		if err != nil {
-			return nil, fmt.Errorf("illegal non-numeric version component %q in %q: %v", comp, str, err)
-		}
-		v.components[i] = uint(num)
-	}
-
-	if semver && extra != "" {
-		extraParts := extraMatchRE.FindStringSubmatch(extra)
-		if extraParts == nil {
-			return nil, fmt.Errorf("could not parse pre-release/metadata (%s) in version %q", extra, str)
-		}
-		v.preRelease, v.buildMetadata = extraParts[1], extraParts[2]
-
-		for _, comp := range strings.Split(v.preRelease, ".") {
-			if _, err := strconv.ParseUint(comp, 10, 0); err == nil {
-				if strings.HasPrefix(comp, "0") && comp != "0" {
-					return nil, fmt.Errorf("illegal zero-prefixed version component %q in %q", comp, str)
-				}
-			}
-		}
-	}
-
-	return v, nil
-}
-
-// ParseGeneric parses a "generic" version string. The version string must consist of two
-// or more dot-separated numeric fields (the first of which can't have leading zeroes),
-// followed by arbitrary uninterpreted data (which need not be separated from the final
-// numeric field by punctuation). For convenience, leading and trailing whitespace is
-// ignored, and the version can be preceded by the letter "v". See also ParseSemantic.
-func ParseGeneric(str string) (*Version, error) {
-	return parse(str, false)
-}
-
-// MustParseGeneric is like ParseGeneric except that it panics on error
-func MustParseGeneric(str string) *Version {
-	v, err := ParseGeneric(str)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// ParseSemantic parses a version string that exactly obeys the syntax and semantics of
-// the "Semantic Versioning" specification (http://semver.org/) (although it ignores
-// leading and trailing whitespace, and allows the version to be preceded by "v"). For
-// version strings that are not guaranteed to obey the Semantic Versioning syntax, use
-// ParseGeneric.
-func ParseSemantic(str string) (*Version, error) {
-	return parse(str, true)
-}
-
-// MustParseSemantic is like ParseSemantic except that it panics on error
-func MustParseSemantic(str string) *Version {
-	v, err := ParseSemantic(str)
-	if err != nil {
-		panic(err)
-	}
-	return v
-}
-
-// BuildMetadata returns the build metadata, if v is a Semantic Version, or ""
-func (v *Version) BuildMetadata() string {
-	return v.buildMetadata
-}
-
-// String converts a Version back to a string; note that for versions parsed with
-// ParseGeneric, this will not include the trailing uninterpreted portion of the version
-// number.
-func (v *Version) String() string {
-	var buffer bytes.Buffer
-
-	for i, comp := range v.components {
-		if i > 0 {
-			buffer.WriteString(".")
-		}
-		buffer.WriteString(fmt.Sprintf("%d", comp))
-	}
-	if v.preRelease != "" {
-		buffer.WriteString("-")
-		buffer.WriteString(v.preRelease)
-	}
-	if v.buildMetadata != "" {
-		buffer.WriteString("+")
-		buffer.WriteString(v.buildMetadata)
-	}
-
-	return buffer.String()
-}
-
-// compareInternal returns -1 if v is less than other, 1 if it is greater than other, or 0
-// if they are equal
-func (v *Version) compareInternal(other *Version) int {
-	for i := range v.components {
-		switch {
-		case i >= len(other.components):
-			if v.components[i] != 0 {
-				return 1
-			}
-		case other.components[i] < v.components[i]:
-			return 1
-		case other.components[i] > v.components[i]:
-			return -1
-		}
-	}
-
-	if !v.semver || !other.semver {
-		return 0
-	}
-
-	switch {
-	case v.preRelease == "" && other.preRelease != "":
-		return 1
-	case v.preRelease != "" && other.preRelease == "":
-		return -1
-	case v.preRelease == other.preRelease: // includes case where both are ""
-		return 0
-	}
-
-	vPR := strings.Split(v.preRelease, ".")
-	oPR := strings.Split(other.preRelease, ".")
-	for i := range vPR {
-		if i >= len(oPR) {
-			return 1
-		}
-		vNum, err := strconv.ParseUint(vPR[i], 10, 0)
-		if err == nil {
-			oNum, err := strconv.ParseUint(oPR[i], 10, 0)
-			if err == nil {
-				switch {
-				case oNum < vNum:
-					return 1
-				case oNum > vNum:
-					return -1
-				default:
-					continue
-				}
-			}
-		}
-		if oPR[i] < vPR[i] {
-			return 1
-		} else if oPR[i] > vPR[i] {
-			return -1
-		}
-	}
-
-	return 0
-}
-
-// AtLeast tests if a version is at least equal to a given minimum version. If both
-// Versions are Semantic Versions, this will use the Semantic Version comparison
-// algorithm. Otherwise, it will compare only the numeric components, with non-present
-// components being considered "0" (ie, "1.4" is equal to "1.4.0").
-func (v *Version) AtLeast(min *Version) bool {
-	return v.compareInternal(min) != -1
-}
-
-// LessThan tests if a version is less than a given version. (It is exactly the opposite
-// of AtLeast, for situations where asking "is v too old?" makes more sense than asking
-// "is v new enough?".)
-func (v *Version) LessThan(other *Version) bool {
-	return v.compareInternal(other) == -1
-}
-
-// Compare compares v against a version string (which will be parsed as either Semantic
-// or non-Semantic depending on v). On success it returns -1 if v is less than other, 1 if
-// it is greater than other, or 0 if they are equal.
-func (v *Version) Compare(other string) (int, error) {
-	ov, err := parse(other, v.semver)
-	if err != nil {
-		return 0, err
-	}
-	return v.compareInternal(ov), nil
-}