├── .github └── PULL_REQUEST_TEMPLATE.md ├── CONTRIBUTING.md ├── LICENSE ├── OWNERS ├── README.md ├── SECURITY_CONTACTS ├── code-of-conduct.md ├── config ├── OWNERS └── v1alpha1 │ ├── doc.go │ ├── register.go │ ├── register_test.go │ ├── types.go │ └── zz_generated.deepcopy.go ├── doc.go ├── go.mod └── go.sum /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Sorry, we do not accept changes directly against this repository. Please see 2 | CONTRIBUTING.md for information on where and how to contribute instead. 3 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing guidelines 2 | 3 | Do not open pull requests directly against this repository, they will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes. 4 | 5 | This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/kube-proxy](https://git.k8s.io/kubernetes/staging/src/k8s.io/kube-proxy) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot). 6 | 7 | Please see [Staging Directory and Publishing](https://git.k8s.io/community/contributors/devel/sig-architecture/staging.md) for more information 8 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - sig-network-approvers 5 | - sttts 6 | - luxas 7 | reviewers: 8 | - sig-network-reviewers 9 | - luxas 10 | - sttts 11 | labels: 12 | - sig/network 13 | - area/kube-proxy 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # kube-proxy 2 | ## Coming Soon! 3 | 4 | Implements https://github.com/luxas/community/blob/master/keps/sig-cluster-lifecycle/0014-20180707-componentconfig-api-types-to-staging.md#kube-proxy-changes 5 | 6 | It provides 7 | * Provide a versioned API for configuring kube-proxy. 8 | 9 | ## Compatibility 10 | 11 | HEAD of this repo will match HEAD of k8s.io/apiserver, k8s.io/apimachinery, and k8s.io/client-go. 12 | 13 | ## Where does it come from? 14 | 15 | `kube-proxy` is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kube-proxy. 16 | Code changes are made in that location, merged into `k8s.io/kubernetes` and later synced here. 17 | 18 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | andrewsykim 14 | danwinship 15 | dcbw 16 | lachie83 17 | thockin 18 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /config/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | # Disable inheritance as this is an api owners file 4 | options: 5 | no_parent_owners: true 6 | approvers: 7 | - api-approvers 8 | - danwinship 9 | reviewers: 10 | - api-reviewers 11 | - sig-network-reviewers 12 | labels: 13 | - kind/api-change 14 | -------------------------------------------------------------------------------- /config/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package 18 | // +k8s:openapi-gen=true 19 | // +groupName=kubeproxy.config.k8s.io 20 | 21 | package v1alpha1 22 | -------------------------------------------------------------------------------- /config/v1alpha1/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2018 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime" 21 | "k8s.io/apimachinery/pkg/runtime/schema" 22 | ) 23 | 24 | // GroupName is the group name used in this package 25 | const GroupName = "kubeproxy.config.k8s.io" 26 | 27 | // SchemeGroupVersion is group version used to register these objects 28 | var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} 29 | 30 | var ( 31 | // SchemeBuilder is the scheme builder with scheme init functions to run for this API package 32 | SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) 33 | // AddToScheme is a global function that registers this API group & version to a scheme 34 | AddToScheme = SchemeBuilder.AddToScheme 35 | ) 36 | 37 | // addKnownTypes registers known types to the given scheme 38 | func addKnownTypes(scheme *runtime.Scheme) error { 39 | scheme.AddKnownTypes(SchemeGroupVersion, 40 | &KubeProxyConfiguration{}, 41 | ) 42 | return nil 43 | } 44 | -------------------------------------------------------------------------------- /config/v1alpha1/register_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "testing" 21 | 22 | componentconfigtesting "k8s.io/component-base/config/testing" 23 | ) 24 | 25 | func TestComponentConfigSetup(t *testing.T) { 26 | pkginfo := &componentconfigtesting.ComponentConfigPackage{ 27 | ComponentName: "kube-proxy", 28 | GroupName: GroupName, 29 | SchemeGroupVersion: SchemeGroupVersion, 30 | AddToScheme: AddToScheme, 31 | } 32 | 33 | if err := componentconfigtesting.VerifyExternalTypePackage(pkginfo); err != nil { 34 | t.Errorf("failed TestComponentConfigSetup: %v", err) 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /config/v1alpha1/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2017 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | componentbaseconfigv1alpha1 "k8s.io/component-base/config/v1alpha1" 22 | logsapi "k8s.io/component-base/logs/api/v1" 23 | ) 24 | 25 | // KubeProxyIPTablesConfiguration contains iptables-related configuration 26 | // details for the Kubernetes proxy server. 27 | type KubeProxyIPTablesConfiguration struct { 28 | // masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using 29 | // the iptables or ipvs proxy mode. Values must be within the range [0, 31]. 30 | MasqueradeBit *int32 `json:"masqueradeBit"` 31 | // masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs, 32 | // when using the iptables or ipvs proxy mode. This may be required with some CNI 33 | // plugins. 34 | MasqueradeAll bool `json:"masqueradeAll"` 35 | // localhostNodePorts, if false, tells kube-proxy to disable the legacy behavior 36 | // of allowing NodePort services to be accessed via localhost. (Applies only to 37 | // iptables mode and IPv4; localhost NodePorts are never allowed with other proxy 38 | // modes or with IPv6.) 39 | LocalhostNodePorts *bool `json:"localhostNodePorts"` 40 | // syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently 41 | // various re-synchronizing and cleanup operations are performed. Must be greater 42 | // than 0. 43 | SyncPeriod metav1.Duration `json:"syncPeriod"` 44 | // minSyncPeriod is the minimum period between iptables rule resyncs (e.g. '5s', 45 | // '1m', '2h22m'). A value of 0 means every Service or EndpointSlice change will 46 | // result in an immediate iptables resync. 47 | MinSyncPeriod metav1.Duration `json:"minSyncPeriod"` 48 | } 49 | 50 | // KubeProxyIPVSConfiguration contains ipvs-related configuration 51 | // details for the Kubernetes proxy server. 52 | type KubeProxyIPVSConfiguration struct { 53 | // syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently 54 | // various re-synchronizing and cleanup operations are performed. Must be greater 55 | // than 0. 56 | SyncPeriod metav1.Duration `json:"syncPeriod"` 57 | // minSyncPeriod is the minimum period between IPVS rule resyncs (e.g. '5s', '1m', 58 | // '2h22m'). A value of 0 means every Service or EndpointSlice change will result 59 | // in an immediate IPVS resync. 60 | MinSyncPeriod metav1.Duration `json:"minSyncPeriod"` 61 | // scheduler is the IPVS scheduler to use 62 | Scheduler string `json:"scheduler"` 63 | // excludeCIDRs is a list of CIDRs which the ipvs proxier should not touch 64 | // when cleaning up ipvs services. 65 | ExcludeCIDRs []string `json:"excludeCIDRs"` 66 | // strictARP configures arp_ignore and arp_announce to avoid answering ARP queries 67 | // from kube-ipvs0 interface 68 | StrictARP bool `json:"strictARP"` 69 | // tcpTimeout is the timeout value used for idle IPVS TCP sessions. 70 | // The default value is 0, which preserves the current timeout value on the system. 71 | TCPTimeout metav1.Duration `json:"tcpTimeout"` 72 | // tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN. 73 | // The default value is 0, which preserves the current timeout value on the system. 74 | TCPFinTimeout metav1.Duration `json:"tcpFinTimeout"` 75 | // udpTimeout is the timeout value used for IPVS UDP packets. 76 | // The default value is 0, which preserves the current timeout value on the system. 77 | UDPTimeout metav1.Duration `json:"udpTimeout"` 78 | } 79 | 80 | // KubeProxyNFTablesConfiguration contains nftables-related configuration 81 | // details for the Kubernetes proxy server. 82 | type KubeProxyNFTablesConfiguration struct { 83 | // masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using 84 | // the nftables proxy mode. Values must be within the range [0, 31]. 85 | MasqueradeBit *int32 `json:"masqueradeBit"` 86 | // masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs, 87 | // when using the nftables mode. This may be required with some CNI plugins. 88 | MasqueradeAll bool `json:"masqueradeAll"` 89 | // syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently 90 | // various re-synchronizing and cleanup operations are performed. Must be greater 91 | // than 0. 92 | SyncPeriod metav1.Duration `json:"syncPeriod"` 93 | // minSyncPeriod is the minimum period between iptables rule resyncs (e.g. '5s', 94 | // '1m', '2h22m'). A value of 0 means every Service or EndpointSlice change will 95 | // result in an immediate iptables resync. 96 | MinSyncPeriod metav1.Duration `json:"minSyncPeriod"` 97 | } 98 | 99 | // KubeProxyConntrackConfiguration contains conntrack settings for 100 | // the Kubernetes proxy server. 101 | type KubeProxyConntrackConfiguration struct { 102 | // maxPerCore is the maximum number of NAT connections to track 103 | // per CPU core (0 to leave the limit as-is and ignore min). 104 | MaxPerCore *int32 `json:"maxPerCore"` 105 | // min is the minimum value of connect-tracking records to allocate, 106 | // regardless of maxPerCore (set maxPerCore=0 to leave the limit as-is). 107 | Min *int32 `json:"min"` 108 | // tcpEstablishedTimeout is how long an idle TCP connection will be kept open 109 | // (e.g. '2s'). Must be greater than 0 to set. 110 | TCPEstablishedTimeout *metav1.Duration `json:"tcpEstablishedTimeout"` 111 | // tcpCloseWaitTimeout is how long an idle conntrack entry 112 | // in CLOSE_WAIT state will remain in the conntrack 113 | // table. (e.g. '60s'). Must be greater than 0 to set. 114 | TCPCloseWaitTimeout *metav1.Duration `json:"tcpCloseWaitTimeout"` 115 | // tcpBeLiberal, if true, kube-proxy will configure conntrack 116 | // to run in liberal mode for TCP connections and packets with 117 | // out-of-window sequence numbers won't be marked INVALID. 118 | TCPBeLiberal bool `json:"tcpBeLiberal"` 119 | // udpTimeout is how long an idle UDP conntrack entry in 120 | // UNREPLIED state will remain in the conntrack table 121 | // (e.g. '30s'). Must be greater than 0 to set. 122 | UDPTimeout metav1.Duration `json:"udpTimeout"` 123 | // udpStreamTimeout is how long an idle UDP conntrack entry in 124 | // ASSURED state will remain in the conntrack table 125 | // (e.g. '300s'). Must be greater than 0 to set. 126 | UDPStreamTimeout metav1.Duration `json:"udpStreamTimeout"` 127 | } 128 | 129 | // KubeProxyWinkernelConfiguration contains Windows/HNS settings for 130 | // the Kubernetes proxy server. 131 | type KubeProxyWinkernelConfiguration struct { 132 | // networkName is the name of the network kube-proxy will use 133 | // to create endpoints and policies 134 | NetworkName string `json:"networkName"` 135 | // sourceVip is the IP address of the source VIP endpoint used for 136 | // NAT when loadbalancing 137 | SourceVip string `json:"sourceVip"` 138 | // enableDSR tells kube-proxy whether HNS policies should be created 139 | // with DSR 140 | EnableDSR bool `json:"enableDSR"` 141 | // rootHnsEndpointName is the name of hnsendpoint that is attached to 142 | // l2bridge for root network namespace 143 | RootHnsEndpointName string `json:"rootHnsEndpointName"` 144 | // forwardHealthCheckVip forwards service VIP for health check port on 145 | // Windows 146 | ForwardHealthCheckVip bool `json:"forwardHealthCheckVip"` 147 | } 148 | 149 | // DetectLocalConfiguration contains optional settings related to DetectLocalMode option 150 | type DetectLocalConfiguration struct { 151 | // bridgeInterface is a bridge interface name. When DetectLocalMode is set to 152 | // LocalModeBridgeInterface, kube-proxy will consider traffic to be local if 153 | // it originates from this bridge. 154 | BridgeInterface string `json:"bridgeInterface"` 155 | // interfaceNamePrefix is an interface name prefix. When DetectLocalMode is set to 156 | // LocalModeInterfaceNamePrefix, kube-proxy will consider traffic to be local if 157 | // it originates from any interface whose name begins with this prefix. 158 | InterfaceNamePrefix string `json:"interfaceNamePrefix"` 159 | } 160 | 161 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 162 | 163 | // KubeProxyConfiguration contains everything necessary to configure the 164 | // Kubernetes proxy server. 165 | type KubeProxyConfiguration struct { 166 | metav1.TypeMeta `json:",inline"` 167 | 168 | // featureGates is a map of feature names to bools that enable or disable alpha/experimental features. 169 | FeatureGates map[string]bool `json:"featureGates,omitempty"` 170 | 171 | // clientConnection specifies the kubeconfig file and client connection settings for the proxy 172 | // server to use when communicating with the apiserver. 173 | ClientConnection componentbaseconfigv1alpha1.ClientConnectionConfiguration `json:"clientConnection"` 174 | // logging specifies the options of logging. 175 | // Refer to [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go) 176 | // for more information. 177 | Logging logsapi.LoggingConfiguration `json:"logging,omitempty"` 178 | 179 | // hostnameOverride, if non-empty, will be used as the name of the Node that 180 | // kube-proxy is running on. If unset, the node name is assumed to be the same as 181 | // the node's hostname. 182 | HostnameOverride string `json:"hostnameOverride"` 183 | // bindAddress can be used to override kube-proxy's idea of what its node's 184 | // primary IP is. Note that the name is a historical artifact, and kube-proxy does 185 | // not actually bind any sockets to this IP. 186 | BindAddress string `json:"bindAddress"` 187 | // healthzBindAddress is the IP address and port for the health check server to 188 | // serve on, defaulting to "0.0.0.0:10256" (if bindAddress is unset or IPv4), or 189 | // "[::]:10256" (if bindAddress is IPv6). 190 | HealthzBindAddress string `json:"healthzBindAddress"` 191 | // metricsBindAddress is the IP address and port for the metrics server to serve 192 | // on, defaulting to "127.0.0.1:10249" (if bindAddress is unset or IPv4), or 193 | // "[::1]:10249" (if bindAddress is IPv6). (Set to "0.0.0.0:10249" / "[::]:10249" 194 | // to bind on all interfaces.) 195 | MetricsBindAddress string `json:"metricsBindAddress"` 196 | // bindAddressHardFail, if true, tells kube-proxy to treat failure to bind to a 197 | // port as fatal and exit 198 | BindAddressHardFail bool `json:"bindAddressHardFail"` 199 | // enableProfiling enables profiling via web interface on /debug/pprof handler. 200 | // Profiling handlers will be handled by metrics server. 201 | EnableProfiling bool `json:"enableProfiling"` 202 | // showHiddenMetricsForVersion is the version for which you want to show hidden metrics. 203 | ShowHiddenMetricsForVersion string `json:"showHiddenMetricsForVersion"` 204 | 205 | // mode specifies which proxy mode to use. 206 | Mode ProxyMode `json:"mode"` 207 | // iptables contains iptables-related configuration options. 208 | IPTables KubeProxyIPTablesConfiguration `json:"iptables"` 209 | // ipvs contains ipvs-related configuration options. 210 | IPVS KubeProxyIPVSConfiguration `json:"ipvs"` 211 | // nftables contains nftables-related configuration options. 212 | NFTables KubeProxyNFTablesConfiguration `json:"nftables"` 213 | // winkernel contains winkernel-related configuration options. 214 | Winkernel KubeProxyWinkernelConfiguration `json:"winkernel"` 215 | 216 | // detectLocalMode determines mode to use for detecting local traffic, defaults to ClusterCIDR 217 | DetectLocalMode LocalMode `json:"detectLocalMode"` 218 | // detectLocal contains optional configuration settings related to DetectLocalMode. 219 | DetectLocal DetectLocalConfiguration `json:"detectLocal"` 220 | // clusterCIDR is the CIDR range of the pods in the cluster. (For dual-stack 221 | // clusters, this can be a comma-separated dual-stack pair of CIDR ranges.). When 222 | // DetectLocalMode is set to ClusterCIDR, kube-proxy will consider 223 | // traffic to be local if its source IP is in this range. (Otherwise it is not 224 | // used.) 225 | ClusterCIDR string `json:"clusterCIDR"` 226 | 227 | // nodePortAddresses is a list of CIDR ranges that contain valid node IPs, or 228 | // alternatively, the single string 'primary'. If set to a list of CIDRs, 229 | // connections to NodePort services will only be accepted on node IPs in one of 230 | // the indicated ranges. If set to 'primary', NodePort services will only be 231 | // accepted on the node's primary IPv4 and/or IPv6 address according to the Node 232 | // object. If unset, NodePort connections will be accepted on all local IPs. 233 | NodePortAddresses []string `json:"nodePortAddresses"` 234 | 235 | // oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within 236 | // the range [-1000, 1000] 237 | OOMScoreAdj *int32 `json:"oomScoreAdj"` 238 | // conntrack contains conntrack-related configuration options. 239 | Conntrack KubeProxyConntrackConfiguration `json:"conntrack"` 240 | // configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater 241 | // than 0. 242 | ConfigSyncPeriod metav1.Duration `json:"configSyncPeriod"` 243 | 244 | // portRange was previously used to configure the userspace proxy, but is now unused. 245 | PortRange string `json:"portRange"` 246 | 247 | // windowsRunAsService, if true, enables Windows service control manager API integration. 248 | WindowsRunAsService bool `json:"windowsRunAsService,omitempty"` 249 | } 250 | 251 | // ProxyMode represents modes used by the Kubernetes proxy server. 252 | // 253 | // Three modes of proxy are available on Linux platforms: `iptables`, `ipvs`, and 254 | // `nftables`. One mode of proxy is available on Windows platforms: `kernelspace`. 255 | // 256 | // If the proxy mode is unspecified, a default proxy mode will be used (currently this 257 | // is `iptables` on Linux and `kernelspace` on Windows). If the selected proxy mode cannot be 258 | // used (due to lack of kernel support, missing userspace components, etc) then kube-proxy 259 | // will exit with an error. 260 | type ProxyMode string 261 | 262 | // LocalMode represents modes to detect local traffic from the node 263 | type LocalMode string 264 | -------------------------------------------------------------------------------- /config/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | //go:build !ignore_autogenerated 2 | // +build !ignore_autogenerated 3 | 4 | /* 5 | Copyright The Kubernetes Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // Code generated by deepcopy-gen. DO NOT EDIT. 21 | 22 | package v1alpha1 23 | 24 | import ( 25 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | runtime "k8s.io/apimachinery/pkg/runtime" 27 | ) 28 | 29 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 30 | func (in *DetectLocalConfiguration) DeepCopyInto(out *DetectLocalConfiguration) { 31 | *out = *in 32 | return 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DetectLocalConfiguration. 36 | func (in *DetectLocalConfiguration) DeepCopy() *DetectLocalConfiguration { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(DetectLocalConfiguration) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 46 | func (in *KubeProxyConfiguration) DeepCopyInto(out *KubeProxyConfiguration) { 47 | *out = *in 48 | out.TypeMeta = in.TypeMeta 49 | if in.FeatureGates != nil { 50 | in, out := &in.FeatureGates, &out.FeatureGates 51 | *out = make(map[string]bool, len(*in)) 52 | for key, val := range *in { 53 | (*out)[key] = val 54 | } 55 | } 56 | out.ClientConnection = in.ClientConnection 57 | in.Logging.DeepCopyInto(&out.Logging) 58 | in.IPTables.DeepCopyInto(&out.IPTables) 59 | in.IPVS.DeepCopyInto(&out.IPVS) 60 | in.NFTables.DeepCopyInto(&out.NFTables) 61 | out.Winkernel = in.Winkernel 62 | out.DetectLocal = in.DetectLocal 63 | if in.NodePortAddresses != nil { 64 | in, out := &in.NodePortAddresses, &out.NodePortAddresses 65 | *out = make([]string, len(*in)) 66 | copy(*out, *in) 67 | } 68 | if in.OOMScoreAdj != nil { 69 | in, out := &in.OOMScoreAdj, &out.OOMScoreAdj 70 | *out = new(int32) 71 | **out = **in 72 | } 73 | in.Conntrack.DeepCopyInto(&out.Conntrack) 74 | out.ConfigSyncPeriod = in.ConfigSyncPeriod 75 | return 76 | } 77 | 78 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyConfiguration. 79 | func (in *KubeProxyConfiguration) DeepCopy() *KubeProxyConfiguration { 80 | if in == nil { 81 | return nil 82 | } 83 | out := new(KubeProxyConfiguration) 84 | in.DeepCopyInto(out) 85 | return out 86 | } 87 | 88 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 89 | func (in *KubeProxyConfiguration) DeepCopyObject() runtime.Object { 90 | if c := in.DeepCopy(); c != nil { 91 | return c 92 | } 93 | return nil 94 | } 95 | 96 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 97 | func (in *KubeProxyConntrackConfiguration) DeepCopyInto(out *KubeProxyConntrackConfiguration) { 98 | *out = *in 99 | if in.MaxPerCore != nil { 100 | in, out := &in.MaxPerCore, &out.MaxPerCore 101 | *out = new(int32) 102 | **out = **in 103 | } 104 | if in.Min != nil { 105 | in, out := &in.Min, &out.Min 106 | *out = new(int32) 107 | **out = **in 108 | } 109 | if in.TCPEstablishedTimeout != nil { 110 | in, out := &in.TCPEstablishedTimeout, &out.TCPEstablishedTimeout 111 | *out = new(v1.Duration) 112 | **out = **in 113 | } 114 | if in.TCPCloseWaitTimeout != nil { 115 | in, out := &in.TCPCloseWaitTimeout, &out.TCPCloseWaitTimeout 116 | *out = new(v1.Duration) 117 | **out = **in 118 | } 119 | out.UDPTimeout = in.UDPTimeout 120 | out.UDPStreamTimeout = in.UDPStreamTimeout 121 | return 122 | } 123 | 124 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyConntrackConfiguration. 125 | func (in *KubeProxyConntrackConfiguration) DeepCopy() *KubeProxyConntrackConfiguration { 126 | if in == nil { 127 | return nil 128 | } 129 | out := new(KubeProxyConntrackConfiguration) 130 | in.DeepCopyInto(out) 131 | return out 132 | } 133 | 134 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 135 | func (in *KubeProxyIPTablesConfiguration) DeepCopyInto(out *KubeProxyIPTablesConfiguration) { 136 | *out = *in 137 | if in.MasqueradeBit != nil { 138 | in, out := &in.MasqueradeBit, &out.MasqueradeBit 139 | *out = new(int32) 140 | **out = **in 141 | } 142 | if in.LocalhostNodePorts != nil { 143 | in, out := &in.LocalhostNodePorts, &out.LocalhostNodePorts 144 | *out = new(bool) 145 | **out = **in 146 | } 147 | out.SyncPeriod = in.SyncPeriod 148 | out.MinSyncPeriod = in.MinSyncPeriod 149 | return 150 | } 151 | 152 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyIPTablesConfiguration. 153 | func (in *KubeProxyIPTablesConfiguration) DeepCopy() *KubeProxyIPTablesConfiguration { 154 | if in == nil { 155 | return nil 156 | } 157 | out := new(KubeProxyIPTablesConfiguration) 158 | in.DeepCopyInto(out) 159 | return out 160 | } 161 | 162 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 163 | func (in *KubeProxyIPVSConfiguration) DeepCopyInto(out *KubeProxyIPVSConfiguration) { 164 | *out = *in 165 | out.SyncPeriod = in.SyncPeriod 166 | out.MinSyncPeriod = in.MinSyncPeriod 167 | if in.ExcludeCIDRs != nil { 168 | in, out := &in.ExcludeCIDRs, &out.ExcludeCIDRs 169 | *out = make([]string, len(*in)) 170 | copy(*out, *in) 171 | } 172 | out.TCPTimeout = in.TCPTimeout 173 | out.TCPFinTimeout = in.TCPFinTimeout 174 | out.UDPTimeout = in.UDPTimeout 175 | return 176 | } 177 | 178 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyIPVSConfiguration. 179 | func (in *KubeProxyIPVSConfiguration) DeepCopy() *KubeProxyIPVSConfiguration { 180 | if in == nil { 181 | return nil 182 | } 183 | out := new(KubeProxyIPVSConfiguration) 184 | in.DeepCopyInto(out) 185 | return out 186 | } 187 | 188 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 189 | func (in *KubeProxyNFTablesConfiguration) DeepCopyInto(out *KubeProxyNFTablesConfiguration) { 190 | *out = *in 191 | if in.MasqueradeBit != nil { 192 | in, out := &in.MasqueradeBit, &out.MasqueradeBit 193 | *out = new(int32) 194 | **out = **in 195 | } 196 | out.SyncPeriod = in.SyncPeriod 197 | out.MinSyncPeriod = in.MinSyncPeriod 198 | return 199 | } 200 | 201 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyNFTablesConfiguration. 202 | func (in *KubeProxyNFTablesConfiguration) DeepCopy() *KubeProxyNFTablesConfiguration { 203 | if in == nil { 204 | return nil 205 | } 206 | out := new(KubeProxyNFTablesConfiguration) 207 | in.DeepCopyInto(out) 208 | return out 209 | } 210 | 211 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 212 | func (in *KubeProxyWinkernelConfiguration) DeepCopyInto(out *KubeProxyWinkernelConfiguration) { 213 | *out = *in 214 | return 215 | } 216 | 217 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyWinkernelConfiguration. 218 | func (in *KubeProxyWinkernelConfiguration) DeepCopy() *KubeProxyWinkernelConfiguration { 219 | if in == nil { 220 | return nil 221 | } 222 | out := new(KubeProxyWinkernelConfiguration) 223 | in.DeepCopyInto(out) 224 | return out 225 | } 226 | -------------------------------------------------------------------------------- /doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package kubeproxy 18 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | // This is a generated file. Do not edit directly. 2 | 3 | module k8s.io/kube-proxy 4 | 5 | go 1.24.0 6 | 7 | godebug default=go1.24 8 | 9 | require ( 10 | k8s.io/apimachinery v0.0.0-20250527161416-09ff13941cda 11 | k8s.io/component-base v0.0.0-20250527174749-7c0fc2b55ca1 12 | ) 13 | 14 | require ( 15 | github.com/beorn7/perks v1.0.1 // indirect 16 | github.com/blang/semver/v4 v4.0.0 // indirect 17 | github.com/cespare/xxhash/v2 v2.3.0 // indirect 18 | github.com/fxamacker/cbor/v2 v2.8.0 // indirect 19 | github.com/go-logr/logr v1.4.2 // indirect 20 | github.com/gogo/protobuf v1.3.2 // indirect 21 | github.com/google/go-cmp v0.7.0 // indirect 22 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 23 | github.com/json-iterator/go v1.1.12 // indirect 24 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 25 | github.com/modern-go/reflect2 v1.0.2 // indirect 26 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 27 | github.com/prometheus/client_golang v1.22.0 // indirect 28 | github.com/prometheus/client_model v0.6.1 // indirect 29 | github.com/prometheus/common v0.62.0 // indirect 30 | github.com/prometheus/procfs v0.15.1 // indirect 31 | github.com/spf13/cobra v1.8.1 // indirect 32 | github.com/spf13/pflag v1.0.6 // indirect 33 | github.com/x448/float16 v0.8.4 // indirect 34 | go.opentelemetry.io/otel v1.35.0 // indirect 35 | go.opentelemetry.io/otel/trace v1.35.0 // indirect 36 | golang.org/x/net v0.38.0 // indirect 37 | golang.org/x/sys v0.31.0 // indirect 38 | golang.org/x/text v0.23.0 // indirect 39 | google.golang.org/protobuf v1.36.5 // indirect 40 | gopkg.in/inf.v0 v0.9.1 // indirect 41 | k8s.io/klog/v2 v2.130.1 // indirect 42 | k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 // indirect 43 | sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect 44 | sigs.k8s.io/randfill v1.0.0 // indirect 45 | sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect 46 | sigs.k8s.io/yaml v1.4.0 // indirect 47 | ) 48 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= 2 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= 3 | github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= 4 | github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= 5 | github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= 6 | github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= 7 | github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= 8 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 9 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 10 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 11 | github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU= 12 | github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= 13 | github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= 14 | github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= 15 | github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= 16 | github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= 17 | github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 18 | github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= 19 | github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= 20 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 21 | github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= 22 | github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= 23 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 24 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 25 | github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 26 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 27 | github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= 28 | github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= 29 | github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= 30 | github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= 31 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 32 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 33 | github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= 34 | github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= 35 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 36 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 37 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 38 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= 39 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 40 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= 41 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 42 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 43 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 44 | github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q= 45 | github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0= 46 | github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= 47 | github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= 48 | github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io= 49 | github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I= 50 | github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= 51 | github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= 52 | github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= 53 | github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= 54 | github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 55 | github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= 56 | github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= 57 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 58 | github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= 59 | github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 60 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 61 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 62 | github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= 63 | github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 64 | github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= 65 | github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= 66 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 67 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 68 | go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ= 69 | go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= 70 | go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= 71 | go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= 72 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 73 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 74 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 75 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 76 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 77 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 78 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 79 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 80 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 81 | golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= 82 | golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= 83 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 84 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 85 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 86 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 87 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 88 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 89 | golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= 90 | golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= 91 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 92 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 93 | golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= 94 | golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= 95 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 96 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 97 | golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 98 | golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 99 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 100 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 101 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 102 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 103 | google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM= 104 | google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= 105 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 106 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 107 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 108 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 109 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 110 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 111 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 112 | k8s.io/apimachinery v0.0.0-20250527161416-09ff13941cda h1:3GHsiuK4HX0R/gZ53Q/c0Pa9pNlOL1IiY6esUBs1Ps4= 113 | k8s.io/apimachinery v0.0.0-20250527161416-09ff13941cda/go.mod h1:pJRnLHx/rdGhRBHKhKq/NczIcMw4cPylIe+hff1zJaU= 114 | k8s.io/component-base v0.0.0-20250527174749-7c0fc2b55ca1 h1:b7aAsXT+zwlsj/pcUWhZ0C+LY9SJz1Xvi4dwTmdZm74= 115 | k8s.io/component-base v0.0.0-20250527174749-7c0fc2b55ca1/go.mod h1:YMi0ON2ELXTVJJXIBNnOM545FW6+D6If/VNURlR0/gs= 116 | k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= 117 | k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= 118 | k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 h1:jgJW5IePPXLGB8e/1wvd0Ich9QE97RvvF3a8J3fP/Lg= 119 | k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= 120 | sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= 121 | sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= 122 | sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= 123 | sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= 124 | sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= 125 | sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI= 126 | sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= 127 | sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= 128 | sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= 129 | --------------------------------------------------------------------------------