Add glide.yaml and vendor deps

vendor/k8s.io/kubernetes/pkg/proxy/BUILD

@@ -0,0 +1,24 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "doc.go",
+        "types.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/types:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/OWNERS

@@ -0,0 +1,14 @@
+approvers:
+- thockin
+- bprashanth
+- matchstick
+reviewers:
+- thockin
+- lavalamp
+- smarterclayton
+- brendandburns
+- vishh
+- bprashanth
+- justinsb
+- freehan
+- dcbw

vendor/k8s.io/kubernetes/pkg/proxy/config/BUILD

@@ -0,0 +1,55 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "api.go",
+        "config.go",
+        "doc.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/client/cache:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/config:go_default_library",
+        "//vendor:github.com/davecgh/go-spew/spew",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["api_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/api/v1:go_default_library",
+        "//pkg/client/cache:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/watch:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_xtest",
+    srcs = ["config_test.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy/config:go_default_library",
+        "//pkg/util/wait:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/config/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+- thockin
+- lavalamp
+- smarterclayton
+- brendandburns
+- bprashanth
+- freehan

vendor/k8s.io/kubernetes/pkg/proxy/config/api.go

@@ -0,0 +1,74 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"time"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/client/cache"
+	"k8s.io/kubernetes/pkg/fields"
+)
+
+// NewSourceAPI creates config source that watches for changes to the services and endpoints.
+func NewSourceAPI(c cache.Getter, period time.Duration, servicesChan chan<- ServiceUpdate, endpointsChan chan<- EndpointsUpdate) {
+	servicesLW := cache.NewListWatchFromClient(c, "services", api.NamespaceAll, fields.Everything())
+	cache.NewReflector(servicesLW, &api.Service{}, NewServiceStore(nil, servicesChan), period).Run()
+
+	endpointsLW := cache.NewListWatchFromClient(c, "endpoints", api.NamespaceAll, fields.Everything())
+	cache.NewReflector(endpointsLW, &api.Endpoints{}, NewEndpointsStore(nil, endpointsChan), period).Run()
+}
+
+// NewServiceStore creates an undelta store that expands updates to the store into
+// ServiceUpdate events on the channel. If no store is passed, a default store will
+// be initialized. Allows reuse of a cache store across multiple components.
+func NewServiceStore(store cache.Store, ch chan<- ServiceUpdate) cache.Store {
+	fn := func(objs []interface{}) {
+		var services []api.Service
+		for _, o := range objs {
+			services = append(services, *(o.(*api.Service)))
+		}
+		ch <- ServiceUpdate{Op: SET, Services: services}
+	}
+	if store == nil {
+		store = cache.NewStore(cache.MetaNamespaceKeyFunc)
+	}
+	return &cache.UndeltaStore{
+		Store:    store,
+		PushFunc: fn,
+	}
+}
+
+// NewEndpointsStore creates an undelta store that expands updates to the store into
+// EndpointsUpdate events on the channel. If no store is passed, a default store will
+// be initialized. Allows reuse of a cache store across multiple components.
+func NewEndpointsStore(store cache.Store, ch chan<- EndpointsUpdate) cache.Store {
+	fn := func(objs []interface{}) {
+		var endpoints []api.Endpoints
+		for _, o := range objs {
+			endpoints = append(endpoints, *(o.(*api.Endpoints)))
+		}
+		ch <- EndpointsUpdate{Op: SET, Endpoints: endpoints}
+	}
+	if store == nil {
+		store = cache.NewStore(cache.MetaNamespaceKeyFunc)
+	}
+	return &cache.UndeltaStore{
+		Store:    store,
+		PushFunc: fn,
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/config/api_test.go

@@ -0,0 +1,246 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"testing"
+	"time"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/v1"
+	"k8s.io/kubernetes/pkg/client/cache"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/watch"
+)
+
+type fakeLW struct {
+	listResp  runtime.Object
+	watchResp watch.Interface
+}
+
+func (lw fakeLW) List(options v1.ListOptions) (runtime.Object, error) {
+	return lw.listResp, nil
+}
+
+func (lw fakeLW) Watch(options v1.ListOptions) (watch.Interface, error) {
+	return lw.watchResp, nil
+}
+
+var _ cache.ListerWatcher = fakeLW{}
+
+func TestNewServicesSourceApi_UpdatesAndMultipleServices(t *testing.T) {
+	service1v1 := &api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "s1"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 10}}}}
+	service1v2 := &api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "s1"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 20}}}}
+	service2 := &api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "s2"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 30}}}}
+
+	// Setup fake api client.
+	fakeWatch := watch.NewFake()
+	lw := fakeLW{
+		listResp:  &api.ServiceList{Items: []api.Service{}},
+		watchResp: fakeWatch,
+	}
+
+	ch := make(chan ServiceUpdate)
+
+	cache.NewReflector(lw, &api.Service{}, NewServiceStore(nil, ch), 30*time.Second).Run()
+
+	got, ok := <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected := ServiceUpdate{Op: SET, Services: []api.Service{}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v; Got %#v", expected, got)
+	}
+
+	// Add the first service
+	fakeWatch.Add(service1v1)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = ServiceUpdate{Op: SET, Services: []api.Service{*service1v1}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v; Got %#v", expected, got)
+	}
+
+	// Add another service
+	fakeWatch.Add(service2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	// Could be sorted either of these two ways:
+	expectedA := ServiceUpdate{Op: SET, Services: []api.Service{*service1v1, *service2}}
+	expectedB := ServiceUpdate{Op: SET, Services: []api.Service{*service2, *service1v1}}
+
+	if !api.Semantic.DeepEqual(expectedA, got) && !api.Semantic.DeepEqual(expectedB, got) {
+		t.Errorf("Expected %#v or %#v, Got %#v", expectedA, expectedB, got)
+	}
+
+	// Modify service1
+	fakeWatch.Modify(service1v2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expectedA = ServiceUpdate{Op: SET, Services: []api.Service{*service1v2, *service2}}
+	expectedB = ServiceUpdate{Op: SET, Services: []api.Service{*service2, *service1v2}}
+
+	if !api.Semantic.DeepEqual(expectedA, got) && !api.Semantic.DeepEqual(expectedB, got) {
+		t.Errorf("Expected %#v or %#v, Got %#v", expectedA, expectedB, got)
+	}
+
+	// Delete service1
+	fakeWatch.Delete(service1v2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = ServiceUpdate{Op: SET, Services: []api.Service{*service2}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v, Got %#v", expected, got)
+	}
+
+	// Delete service2
+	fakeWatch.Delete(service2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = ServiceUpdate{Op: SET, Services: []api.Service{}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v, Got %#v", expected, got)
+	}
+}
+
+func TestNewEndpointsSourceApi_UpdatesAndMultipleEndpoints(t *testing.T) {
+	endpoints1v1 := &api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "e1"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{
+				{IP: "1.2.3.4"},
+			},
+			Ports: []api.EndpointPort{{Port: 8080, Protocol: "TCP"}},
+		}},
+	}
+	endpoints1v2 := &api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "e1"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{
+				{IP: "1.2.3.4"},
+				{IP: "4.3.2.1"},
+			},
+			Ports: []api.EndpointPort{{Port: 8080, Protocol: "TCP"}},
+		}},
+	}
+	endpoints2 := &api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "e2"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{
+				{IP: "5.6.7.8"},
+			},
+			Ports: []api.EndpointPort{{Port: 80, Protocol: "TCP"}},
+		}},
+	}
+
+	// Setup fake api client.
+	fakeWatch := watch.NewFake()
+	lw := fakeLW{
+		listResp:  &api.EndpointsList{Items: []api.Endpoints{}},
+		watchResp: fakeWatch,
+	}
+
+	ch := make(chan EndpointsUpdate)
+
+	cache.NewReflector(lw, &api.Endpoints{}, NewEndpointsStore(nil, ch), 30*time.Second).Run()
+
+	got, ok := <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected := EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v; Got %#v", expected, got)
+	}
+
+	// Add the first endpoints
+	fakeWatch.Add(endpoints1v1)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints1v1}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v; Got %#v", expected, got)
+	}
+
+	// Add another endpoints
+	fakeWatch.Add(endpoints2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	// Could be sorted either of these two ways:
+	expectedA := EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints1v1, *endpoints2}}
+	expectedB := EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints2, *endpoints1v1}}
+
+	if !api.Semantic.DeepEqual(expectedA, got) && !api.Semantic.DeepEqual(expectedB, got) {
+		t.Errorf("Expected %#v or %#v, Got %#v", expectedA, expectedB, got)
+	}
+
+	// Modify endpoints1
+	fakeWatch.Modify(endpoints1v2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expectedA = EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints1v2, *endpoints2}}
+	expectedB = EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints2, *endpoints1v2}}
+
+	if !api.Semantic.DeepEqual(expectedA, got) && !api.Semantic.DeepEqual(expectedB, got) {
+		t.Errorf("Expected %#v or %#v, Got %#v", expectedA, expectedB, got)
+	}
+
+	// Delete endpoints1
+	fakeWatch.Delete(endpoints1v2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{*endpoints2}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v, Got %#v", expected, got)
+	}
+
+	// Delete endpoints2
+	fakeWatch.Delete(endpoints2)
+	got, ok = <-ch
+	if !ok {
+		t.Errorf("Unable to read from channel when expected")
+	}
+	expected = EndpointsUpdate{Op: SET, Endpoints: []api.Endpoints{}}
+	if !api.Semantic.DeepEqual(expected, got) {
+		t.Errorf("Expected %#v, Got %#v", expected, got)
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/config/config.go

@@ -0,0 +1,297 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"sync"
+
+	"github.com/davecgh/go-spew/spew"
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/config"
+)
+
+// Operation is a type of operation of services or endpoints.
+type Operation int
+
+// These are the available operation types.
+const (
+	SET Operation = iota
+	ADD
+	REMOVE
+)
+
+// ServiceUpdate describes an operation of services, sent on the channel.
+// You can add or remove single services by sending an array of size one and Op == ADD|REMOVE.
+// For setting the state of the system to a given state for this source configuration, set Services as desired and Op to SET,
+// which will reset the system state to that specified in this operation for this source channel.
+// To remove all services, set Services to empty array and Op to SET
+type ServiceUpdate struct {
+	Services []api.Service
+	Op       Operation
+}
+
+// EndpointsUpdate describes an operation of endpoints, sent on the channel.
+// You can add or remove single endpoints by sending an array of size one and Op == ADD|REMOVE.
+// For setting the state of the system to a given state for this source configuration, set Endpoints as desired and Op to SET,
+// which will reset the system state to that specified in this operation for this source channel.
+// To remove all endpoints, set Endpoints to empty array and Op to SET
+type EndpointsUpdate struct {
+	Endpoints []api.Endpoints
+	Op        Operation
+}
+
+// ServiceConfigHandler is an abstract interface of objects which receive update notifications for the set of services.
+type ServiceConfigHandler interface {
+	// OnServiceUpdate gets called when a configuration has been changed by one of the sources.
+	// This is the union of all the configuration sources.
+	OnServiceUpdate(services []api.Service)
+}
+
+// EndpointsConfigHandler is an abstract interface of objects which receive update notifications for the set of endpoints.
+type EndpointsConfigHandler interface {
+	// OnEndpointsUpdate gets called when endpoints configuration is changed for a given
+	// service on any of the configuration sources. An example is when a new
+	// service comes up, or when containers come up or down for an existing service.
+	OnEndpointsUpdate(endpoints []api.Endpoints)
+}
+
+// EndpointsConfig tracks a set of endpoints configurations.
+// It accepts "set", "add" and "remove" operations of endpoints via channels, and invokes registered handlers on change.
+type EndpointsConfig struct {
+	mux     *config.Mux
+	bcaster *config.Broadcaster
+	store   *endpointsStore
+}
+
+// NewEndpointsConfig creates a new EndpointsConfig.
+// It immediately runs the created EndpointsConfig.
+func NewEndpointsConfig() *EndpointsConfig {
+	// The updates channel is used to send interrupts to the Endpoints handler.
+	// It's buffered because we never want to block for as long as there is a
+	// pending interrupt, but don't want to drop them if the handler is doing
+	// work.
+	updates := make(chan struct{}, 1)
+	store := &endpointsStore{updates: updates, endpoints: make(map[string]map[types.NamespacedName]api.Endpoints)}
+	mux := config.NewMux(store)
+	bcaster := config.NewBroadcaster()
+	go watchForUpdates(bcaster, store, updates)
+	return &EndpointsConfig{mux, bcaster, store}
+}
+
+func (c *EndpointsConfig) RegisterHandler(handler EndpointsConfigHandler) {
+	c.bcaster.Add(config.ListenerFunc(func(instance interface{}) {
+		glog.V(3).Infof("Calling handler.OnEndpointsUpdate()")
+		handler.OnEndpointsUpdate(instance.([]api.Endpoints))
+	}))
+}
+
+func (c *EndpointsConfig) Channel(source string) chan EndpointsUpdate {
+	ch := c.mux.Channel(source)
+	endpointsCh := make(chan EndpointsUpdate)
+	go func() {
+		for update := range endpointsCh {
+			ch <- update
+		}
+	}()
+	return endpointsCh
+}
+
+func (c *EndpointsConfig) Config() []api.Endpoints {
+	return c.store.MergedState().([]api.Endpoints)
+}
+
+type endpointsStore struct {
+	endpointLock sync.RWMutex
+	endpoints    map[string]map[types.NamespacedName]api.Endpoints
+	updates      chan<- struct{}
+}
+
+func (s *endpointsStore) Merge(source string, change interface{}) error {
+	s.endpointLock.Lock()
+	endpoints := s.endpoints[source]
+	if endpoints == nil {
+		endpoints = make(map[types.NamespacedName]api.Endpoints)
+	}
+	update := change.(EndpointsUpdate)
+	switch update.Op {
+	case ADD:
+		glog.V(5).Infof("Adding new endpoint from source %s : %s", source, spew.Sdump(update.Endpoints))
+		for _, value := range update.Endpoints {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			endpoints[name] = value
+		}
+	case REMOVE:
+		glog.V(5).Infof("Removing an endpoint %s", spew.Sdump(update))
+		for _, value := range update.Endpoints {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			delete(endpoints, name)
+		}
+	case SET:
+		glog.V(5).Infof("Setting endpoints %s", spew.Sdump(update))
+		// Clear the old map entries by just creating a new map
+		endpoints = make(map[types.NamespacedName]api.Endpoints)
+		for _, value := range update.Endpoints {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			endpoints[name] = value
+		}
+	default:
+		glog.V(4).Infof("Received invalid update type: %s", spew.Sdump(update))
+	}
+	s.endpoints[source] = endpoints
+	s.endpointLock.Unlock()
+	if s.updates != nil {
+		// Since we record the snapshot before sending this signal, it's
+		// possible that the consumer ends up performing an extra update.
+		select {
+		case s.updates <- struct{}{}:
+		default:
+			glog.V(4).Infof("Endpoints handler already has a pending interrupt.")
+		}
+	}
+	return nil
+}
+
+func (s *endpointsStore) MergedState() interface{} {
+	s.endpointLock.RLock()
+	defer s.endpointLock.RUnlock()
+	endpoints := make([]api.Endpoints, 0)
+	for _, sourceEndpoints := range s.endpoints {
+		for _, value := range sourceEndpoints {
+			endpoints = append(endpoints, value)
+		}
+	}
+	return endpoints
+}
+
+// ServiceConfig tracks a set of service configurations.
+// It accepts "set", "add" and "remove" operations of services via channels, and invokes registered handlers on change.
+type ServiceConfig struct {
+	mux     *config.Mux
+	bcaster *config.Broadcaster
+	store   *serviceStore
+}
+
+// NewServiceConfig creates a new ServiceConfig.
+// It immediately runs the created ServiceConfig.
+func NewServiceConfig() *ServiceConfig {
+	// The updates channel is used to send interrupts to the Services handler.
+	// It's buffered because we never want to block for as long as there is a
+	// pending interrupt, but don't want to drop them if the handler is doing
+	// work.
+	updates := make(chan struct{}, 1)
+	store := &serviceStore{updates: updates, services: make(map[string]map[types.NamespacedName]api.Service)}
+	mux := config.NewMux(store)
+	bcaster := config.NewBroadcaster()
+	go watchForUpdates(bcaster, store, updates)
+	return &ServiceConfig{mux, bcaster, store}
+}
+
+func (c *ServiceConfig) RegisterHandler(handler ServiceConfigHandler) {
+	c.bcaster.Add(config.ListenerFunc(func(instance interface{}) {
+		glog.V(3).Infof("Calling handler.OnServiceUpdate()")
+		handler.OnServiceUpdate(instance.([]api.Service))
+	}))
+}
+
+func (c *ServiceConfig) Channel(source string) chan ServiceUpdate {
+	ch := c.mux.Channel(source)
+	serviceCh := make(chan ServiceUpdate)
+	go func() {
+		for update := range serviceCh {
+			ch <- update
+		}
+	}()
+	return serviceCh
+}
+
+func (c *ServiceConfig) Config() []api.Service {
+	return c.store.MergedState().([]api.Service)
+}
+
+type serviceStore struct {
+	serviceLock sync.RWMutex
+	services    map[string]map[types.NamespacedName]api.Service
+	updates     chan<- struct{}
+}
+
+func (s *serviceStore) Merge(source string, change interface{}) error {
+	s.serviceLock.Lock()
+	services := s.services[source]
+	if services == nil {
+		services = make(map[types.NamespacedName]api.Service)
+	}
+	update := change.(ServiceUpdate)
+	switch update.Op {
+	case ADD:
+		glog.V(5).Infof("Adding new service from source %s : %s", source, spew.Sdump(update.Services))
+		for _, value := range update.Services {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			services[name] = value
+		}
+	case REMOVE:
+		glog.V(5).Infof("Removing a service %s", spew.Sdump(update))
+		for _, value := range update.Services {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			delete(services, name)
+		}
+	case SET:
+		glog.V(5).Infof("Setting services %s", spew.Sdump(update))
+		// Clear the old map entries by just creating a new map
+		services = make(map[types.NamespacedName]api.Service)
+		for _, value := range update.Services {
+			name := types.NamespacedName{Namespace: value.Namespace, Name: value.Name}
+			services[name] = value
+		}
+	default:
+		glog.V(4).Infof("Received invalid update type: %s", spew.Sdump(update))
+	}
+	s.services[source] = services
+	s.serviceLock.Unlock()
+	if s.updates != nil {
+		// Since we record the snapshot before sending this signal, it's
+		// possible that the consumer ends up performing an extra update.
+		select {
+		case s.updates <- struct{}{}:
+		default:
+			glog.V(4).Infof("Service handler already has a pending interrupt.")
+		}
+	}
+	return nil
+}
+
+func (s *serviceStore) MergedState() interface{} {
+	s.serviceLock.RLock()
+	defer s.serviceLock.RUnlock()
+	services := make([]api.Service, 0)
+	for _, sourceServices := range s.services {
+		for _, value := range sourceServices {
+			services = append(services, value)
+		}
+	}
+	return services
+}
+
+// watchForUpdates invokes bcaster.Notify() with the latest version of an object
+// when changes occur.
+func watchForUpdates(bcaster *config.Broadcaster, accessor config.Accessor, updates <-chan struct{}) {
+	for true {
+		<-updates
+		bcaster.Notify(accessor.MergedState())
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/config/config_test.go

@@ -0,0 +1,343 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config_test
+
+import (
+	"reflect"
+	"sort"
+	"testing"
+	"time"
+
+	"k8s.io/kubernetes/pkg/api"
+	. "k8s.io/kubernetes/pkg/proxy/config"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+const TomcatPort int = 8080
+const TomcatName = "tomcat"
+
+var TomcatEndpoints = map[string]string{"c0": "1.1.1.1:18080", "c1": "2.2.2.2:18081"}
+
+const MysqlPort int = 3306
+const MysqlName = "mysql"
+
+var MysqlEndpoints = map[string]string{"c0": "1.1.1.1:13306", "c3": "2.2.2.2:13306"}
+
+type sortedServices []api.Service
+
+func (s sortedServices) Len() int {
+	return len(s)
+}
+func (s sortedServices) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+func (s sortedServices) Less(i, j int) bool {
+	return s[i].Name < s[j].Name
+}
+
+type ServiceHandlerMock struct {
+	updated chan []api.Service
+	waits   int
+}
+
+func NewServiceHandlerMock() *ServiceHandlerMock {
+	return &ServiceHandlerMock{updated: make(chan []api.Service, 5)}
+}
+
+func (h *ServiceHandlerMock) OnServiceUpdate(services []api.Service) {
+	sort.Sort(sortedServices(services))
+	h.updated <- services
+}
+
+func (h *ServiceHandlerMock) ValidateServices(t *testing.T, expectedServices []api.Service) {
+	// We might get 1 or more updates for N service updates, because we
+	// over write older snapshots of services from the producer go-routine
+	// if the consumer falls behind.
+	var services []api.Service
+	for {
+		select {
+		case services = <-h.updated:
+			if reflect.DeepEqual(services, expectedServices) {
+				return
+			}
+		// Unittests will hard timeout in 5m with a stack trace, prevent that
+		// and surface a clearer reason for failure.
+		case <-time.After(wait.ForeverTestTimeout):
+			t.Errorf("Timed out. Expected %#v, Got %#v", expectedServices, services)
+			return
+		}
+	}
+}
+
+type sortedEndpoints []api.Endpoints
+
+func (s sortedEndpoints) Len() int {
+	return len(s)
+}
+func (s sortedEndpoints) Swap(i, j int) {
+	s[i], s[j] = s[j], s[i]
+}
+func (s sortedEndpoints) Less(i, j int) bool {
+	return s[i].Name < s[j].Name
+}
+
+type EndpointsHandlerMock struct {
+	updated chan []api.Endpoints
+	waits   int
+}
+
+func NewEndpointsHandlerMock() *EndpointsHandlerMock {
+	return &EndpointsHandlerMock{updated: make(chan []api.Endpoints, 5)}
+}
+
+func (h *EndpointsHandlerMock) OnEndpointsUpdate(endpoints []api.Endpoints) {
+	sort.Sort(sortedEndpoints(endpoints))
+	h.updated <- endpoints
+}
+
+func (h *EndpointsHandlerMock) ValidateEndpoints(t *testing.T, expectedEndpoints []api.Endpoints) {
+	// We might get 1 or more updates for N endpoint updates, because we
+	// over write older snapshots of endpoints from the producer go-routine
+	// if the consumer falls behind. Unittests will hard timeout in 5m.
+	var endpoints []api.Endpoints
+	for {
+		select {
+		case endpoints = <-h.updated:
+			if reflect.DeepEqual(endpoints, expectedEndpoints) {
+				return
+			}
+		// Unittests will hard timeout in 5m with a stack trace, prevent that
+		// and surface a clearer reason for failure.
+		case <-time.After(wait.ForeverTestTimeout):
+			t.Errorf("Timed out. Expected %#v, Got %#v", expectedEndpoints, endpoints)
+			return
+		}
+	}
+}
+
+func CreateServiceUpdate(op Operation, services ...api.Service) ServiceUpdate {
+	ret := ServiceUpdate{Op: op}
+	ret.Services = make([]api.Service, len(services))
+	for i, value := range services {
+		ret.Services[i] = value
+	}
+	return ret
+}
+
+func CreateEndpointsUpdate(op Operation, endpoints ...api.Endpoints) EndpointsUpdate {
+	ret := EndpointsUpdate{Op: op}
+	ret.Endpoints = make([]api.Endpoints, len(endpoints))
+	for i, value := range endpoints {
+		ret.Endpoints[i] = value
+	}
+	return ret
+}
+
+func TestNewServiceAddedAndNotified(t *testing.T) {
+	config := NewServiceConfig()
+	channel := config.Channel("one")
+	handler := NewServiceHandlerMock()
+	config.RegisterHandler(handler)
+	serviceUpdate := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 10}}},
+	})
+	channel <- serviceUpdate
+	handler.ValidateServices(t, serviceUpdate.Services)
+
+}
+
+func TestServiceAddedRemovedSetAndNotified(t *testing.T) {
+	config := NewServiceConfig()
+	channel := config.Channel("one")
+	handler := NewServiceHandlerMock()
+	config.RegisterHandler(handler)
+	serviceUpdate := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 10}}},
+	})
+	channel <- serviceUpdate
+	handler.ValidateServices(t, serviceUpdate.Services)
+
+	serviceUpdate2 := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 20}}},
+	})
+	channel <- serviceUpdate2
+	services := []api.Service{serviceUpdate2.Services[0], serviceUpdate.Services[0]}
+	handler.ValidateServices(t, services)
+
+	serviceUpdate3 := CreateServiceUpdate(REMOVE, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+	})
+	channel <- serviceUpdate3
+	services = []api.Service{serviceUpdate2.Services[0]}
+	handler.ValidateServices(t, services)
+
+	serviceUpdate4 := CreateServiceUpdate(SET, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foobar"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 99}}},
+	})
+	channel <- serviceUpdate4
+	services = []api.Service{serviceUpdate4.Services[0]}
+	handler.ValidateServices(t, services)
+}
+
+func TestNewMultipleSourcesServicesAddedAndNotified(t *testing.T) {
+	config := NewServiceConfig()
+	channelOne := config.Channel("one")
+	channelTwo := config.Channel("two")
+	if channelOne == channelTwo {
+		t.Error("Same channel handed back for one and two")
+	}
+	handler := NewServiceHandlerMock()
+	config.RegisterHandler(handler)
+	serviceUpdate1 := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 10}}},
+	})
+	serviceUpdate2 := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 20}}},
+	})
+	channelOne <- serviceUpdate1
+	channelTwo <- serviceUpdate2
+	services := []api.Service{serviceUpdate2.Services[0], serviceUpdate1.Services[0]}
+	handler.ValidateServices(t, services)
+}
+
+func TestNewMultipleSourcesServicesMultipleHandlersAddedAndNotified(t *testing.T) {
+	config := NewServiceConfig()
+	channelOne := config.Channel("one")
+	channelTwo := config.Channel("two")
+	handler := NewServiceHandlerMock()
+	handler2 := NewServiceHandlerMock()
+	config.RegisterHandler(handler)
+	config.RegisterHandler(handler2)
+	serviceUpdate1 := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 10}}},
+	})
+	serviceUpdate2 := CreateServiceUpdate(ADD, api.Service{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"},
+		Spec:       api.ServiceSpec{Ports: []api.ServicePort{{Protocol: "TCP", Port: 20}}},
+	})
+	channelOne <- serviceUpdate1
+	channelTwo <- serviceUpdate2
+	services := []api.Service{serviceUpdate2.Services[0], serviceUpdate1.Services[0]}
+	handler.ValidateServices(t, services)
+	handler2.ValidateServices(t, services)
+}
+
+func TestNewMultipleSourcesEndpointsMultipleHandlersAddedAndNotified(t *testing.T) {
+	config := NewEndpointsConfig()
+	channelOne := config.Channel("one")
+	channelTwo := config.Channel("two")
+	handler := NewEndpointsHandlerMock()
+	handler2 := NewEndpointsHandlerMock()
+	config.RegisterHandler(handler)
+	config.RegisterHandler(handler2)
+	endpointsUpdate1 := CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "1.1.1.1"}, {IP: "2.2.2.2"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	endpointsUpdate2 := CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "3.3.3.3"}, {IP: "4.4.4.4"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	channelOne <- endpointsUpdate1
+	channelTwo <- endpointsUpdate2
+
+	endpoints := []api.Endpoints{endpointsUpdate2.Endpoints[0], endpointsUpdate1.Endpoints[0]}
+	handler.ValidateEndpoints(t, endpoints)
+	handler2.ValidateEndpoints(t, endpoints)
+}
+
+func TestNewMultipleSourcesEndpointsMultipleHandlersAddRemoveSetAndNotified(t *testing.T) {
+	config := NewEndpointsConfig()
+	channelOne := config.Channel("one")
+	channelTwo := config.Channel("two")
+	handler := NewEndpointsHandlerMock()
+	handler2 := NewEndpointsHandlerMock()
+	config.RegisterHandler(handler)
+	config.RegisterHandler(handler2)
+	endpointsUpdate1 := CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "1.1.1.1"}, {IP: "2.2.2.2"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	endpointsUpdate2 := CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "3.3.3.3"}, {IP: "4.4.4.4"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	channelOne <- endpointsUpdate1
+	channelTwo <- endpointsUpdate2
+
+	endpoints := []api.Endpoints{endpointsUpdate2.Endpoints[0], endpointsUpdate1.Endpoints[0]}
+	handler.ValidateEndpoints(t, endpoints)
+	handler2.ValidateEndpoints(t, endpoints)
+
+	// Add one more
+	endpointsUpdate3 := CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foobar"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "5.5.5.5"}, {IP: "6.6.6.6"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	channelTwo <- endpointsUpdate3
+	endpoints = []api.Endpoints{endpointsUpdate2.Endpoints[0], endpointsUpdate1.Endpoints[0], endpointsUpdate3.Endpoints[0]}
+	handler.ValidateEndpoints(t, endpoints)
+	handler2.ValidateEndpoints(t, endpoints)
+
+	// Update the "foo" service with new endpoints
+	endpointsUpdate1 = CreateEndpointsUpdate(ADD, api.Endpoints{
+		ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "foo"},
+		Subsets: []api.EndpointSubset{{
+			Addresses: []api.EndpointAddress{{IP: "7.7.7.7"}},
+			Ports:     []api.EndpointPort{{Port: 80}},
+		}},
+	})
+	channelOne <- endpointsUpdate1
+	endpoints = []api.Endpoints{endpointsUpdate2.Endpoints[0], endpointsUpdate1.Endpoints[0], endpointsUpdate3.Endpoints[0]}
+	handler.ValidateEndpoints(t, endpoints)
+	handler2.ValidateEndpoints(t, endpoints)
+
+	// Remove "bar" service
+	endpointsUpdate2 = CreateEndpointsUpdate(REMOVE, api.Endpoints{ObjectMeta: api.ObjectMeta{Namespace: "testnamespace", Name: "bar"}})
+	channelTwo <- endpointsUpdate2
+
+	endpoints = []api.Endpoints{endpointsUpdate1.Endpoints[0], endpointsUpdate3.Endpoints[0]}
+	handler.ValidateEndpoints(t, endpoints)
+	handler2.ValidateEndpoints(t, endpoints)
+}
+
+// TODO: Add a unittest for interrupts getting processed in a timely manner.
+// Currently this module has a circular dependency with config, and so it's
+// named config_test, which means even test methods need to be public. This
+// is refactoring that we can avoid by resolving the dependency.

vendor/k8s.io/kubernetes/pkg/proxy/config/doc.go

@@ -0,0 +1,25 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package config provides decoupling between various configuration sources (etcd, files,...) and
+// the pieces that actually care about them (loadbalancer, proxy). Config takes 1 or more
+// configuration sources and allows for incremental (add/remove) and full replace (set)
+// changes from each of the sources, then creates a union of the configuration and provides
+// a unified view for both service handlers as well as endpoint handlers. There is no attempt
+// to resolve conflicts of any sort. Basic idea is that each configuration source gets a channel
+// from the Config service and pushes updates to it via that channel. Config then keeps track of
+// incremental & replace changes and distributes them to listeners as appropriate.
+package config // import "k8s.io/kubernetes/pkg/proxy/config"

vendor/k8s.io/kubernetes/pkg/proxy/doc.go

@@ -0,0 +1,18 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package proxy implements the layer-3 network proxy.
+package proxy // import "k8s.io/kubernetes/pkg/proxy"

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/BUILD

@@ -0,0 +1,42 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "api.go",
+        "doc.go",
+        "healthcheck.go",
+        "http.go",
+        "listener.go",
+        "worker.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/client/cache:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/sets:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["healthcheck_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/types:go_default_library",
+        "//pkg/util/sets:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/OWNERS

@@ -0,0 +1,3 @@
+reviewers:
+- girishkalele
+- m1093782566

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/api.go

@@ -0,0 +1,65 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package healthcheck
+
+import (
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/sets"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+// All public API Methods for this package
+
+// UpdateEndpoints Update the set of local endpoints for a service
+func UpdateEndpoints(serviceName types.NamespacedName, endpointUids sets.String) {
+	req := &proxyMutationRequest{
+		serviceName:  serviceName,
+		endpointUids: &endpointUids,
+	}
+	healthchecker.mutationRequestChannel <- req
+}
+
+func updateServiceListener(serviceName types.NamespacedName, listenPort int, add bool) bool {
+	responseChannel := make(chan bool)
+	req := &proxyListenerRequest{
+		serviceName:     serviceName,
+		listenPort:      uint16(listenPort),
+		add:             add,
+		responseChannel: responseChannel,
+	}
+	healthchecker.listenerRequestChannel <- req
+	return <-responseChannel
+}
+
+// AddServiceListener Request addition of a listener for a service's health check
+func AddServiceListener(serviceName types.NamespacedName, listenPort int) bool {
+	return updateServiceListener(serviceName, listenPort, true)
+}
+
+// DeleteServiceListener Request deletion of a listener for a service's health check
+func DeleteServiceListener(serviceName types.NamespacedName, listenPort int) bool {
+	return updateServiceListener(serviceName, listenPort, false)
+}
+
+// Run Start the healthchecker main loop
+func Run() {
+	healthchecker = proxyHealthCheckFactory()
+	// Wrap with a wait.Forever to handle panics.
+	go wait.Forever(func() {
+		healthchecker.handlerLoop()
+	}, 0)
+}

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/doc.go

@@ -0,0 +1,18 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package healthcheck LoadBalancer Healthcheck responder library for kubernetes network proxies
+package healthcheck // import "k8s.io/kubernetes/pkg/proxy/healthcheck"

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/healthcheck.go

@@ -0,0 +1,127 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package healthcheck
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/client/cache"
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/sets"
+)
+
+// proxyMutationRequest: Message to request addition/deletion of endpoints for a service
+type proxyMutationRequest struct {
+	serviceName  types.NamespacedName
+	endpointUids *sets.String
+}
+
+// proxyListenerRequest: Message to request addition/deletion of a service responder on a listening port
+type proxyListenerRequest struct {
+	serviceName     types.NamespacedName
+	listenPort      uint16
+	add             bool
+	responseChannel chan bool
+}
+
+// serviceEndpointsList: A list of endpoints for a service
+type serviceEndpointsList struct {
+	serviceName types.NamespacedName
+	endpoints   *sets.String
+}
+
+// serviceResponder: Contains net/http datastructures necessary for responding to each Service's health check on its aux nodePort
+type serviceResponder struct {
+	serviceName types.NamespacedName
+	listenPort  uint16
+	listener    *net.Listener
+	server      *http.Server
+}
+
+// proxyHC: Handler structure for health check, endpoint add/delete and service listener add/delete requests
+type proxyHC struct {
+	serviceEndpointsMap    cache.ThreadSafeStore
+	serviceResponderMap    map[types.NamespacedName]serviceResponder
+	mutationRequestChannel chan *proxyMutationRequest
+	listenerRequestChannel chan *proxyListenerRequest
+}
+
+// handleHealthCheckRequest - received a health check request - lookup and respond to HC.
+func (h *proxyHC) handleHealthCheckRequest(rw http.ResponseWriter, serviceName string) {
+	s, ok := h.serviceEndpointsMap.Get(serviceName)
+	if !ok {
+		glog.V(4).Infof("Service %s not found or has no local endpoints", serviceName)
+		sendHealthCheckResponse(rw, http.StatusServiceUnavailable, "No Service Endpoints Found")
+		return
+	}
+	numEndpoints := len(*s.(*serviceEndpointsList).endpoints)
+	if numEndpoints > 0 {
+		sendHealthCheckResponse(rw, http.StatusOK, fmt.Sprintf("%d Service Endpoints found", numEndpoints))
+		return
+	}
+	sendHealthCheckResponse(rw, http.StatusServiceUnavailable, "0 local Endpoints are alive")
+}
+
+// handleMutationRequest - receive requests to mutate the table entry for a service
+func (h *proxyHC) handleMutationRequest(req *proxyMutationRequest) {
+	numEndpoints := len(*req.endpointUids)
+	glog.V(4).Infof("LB service health check mutation request Service: %s - %d Endpoints %v",
+		req.serviceName, numEndpoints, (*req.endpointUids).List())
+	if numEndpoints == 0 {
+		if _, ok := h.serviceEndpointsMap.Get(req.serviceName.String()); ok {
+			glog.V(4).Infof("Deleting endpoints map for service %s, all local endpoints gone", req.serviceName.String())
+			h.serviceEndpointsMap.Delete(req.serviceName.String())
+		}
+		return
+	}
+	var entry *serviceEndpointsList
+	e, exists := h.serviceEndpointsMap.Get(req.serviceName.String())
+	if exists {
+		entry = e.(*serviceEndpointsList)
+		if entry.endpoints.Equal(*req.endpointUids) {
+			return
+		}
+		// Compute differences just for printing logs about additions and removals
+		deletedEndpoints := entry.endpoints.Difference(*req.endpointUids)
+		newEndpoints := req.endpointUids.Difference(*entry.endpoints)
+		for _, e := range newEndpoints.List() {
+			glog.V(4).Infof("Adding local endpoint %s to LB health check for service %s",
+				e, req.serviceName.String())
+		}
+		for _, d := range deletedEndpoints.List() {
+			glog.V(4).Infof("Deleted endpoint %s from service %s LB health check (%d endpoints left)",
+				d, req.serviceName.String(), len(*entry.endpoints))
+		}
+	}
+	entry = &serviceEndpointsList{serviceName: req.serviceName, endpoints: req.endpointUids}
+	h.serviceEndpointsMap.Add(req.serviceName.String(), entry)
+}
+
+// proxyHealthCheckRequest - Factory method to instantiate the health check handler
+func proxyHealthCheckFactory() *proxyHC {
+	glog.V(2).Infof("Initializing kube-proxy health checker")
+	phc := &proxyHC{
+		serviceEndpointsMap:    cache.NewThreadSafeStore(cache.Indexers{}, cache.Indices{}),
+		serviceResponderMap:    make(map[types.NamespacedName]serviceResponder),
+		mutationRequestChannel: make(chan *proxyMutationRequest, 1024),
+		listenerRequestChannel: make(chan *proxyListenerRequest, 1024),
+	}
+	return phc
+}

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/healthcheck_test.go

@@ -0,0 +1,158 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package healthcheck
+
+import (
+	"fmt"
+	"io/ioutil"
+	"math/rand"
+	"net/http"
+	"testing"
+	"time"
+
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/sets"
+)
+
+type TestCaseData struct {
+	nodePorts    int
+	numEndpoints int
+	nodePortList []int
+	svcNames     []types.NamespacedName
+}
+
+const (
+	startPort = 20000
+	endPort   = 40000
+)
+
+var (
+	choices = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+)
+
+func generateRandomString(n int) string {
+
+	b := make([]byte, n)
+	l := len(choices)
+	for i := range b {
+		b[i] = choices[rand.Intn(l)]
+	}
+	return string(b)
+}
+
+func chooseServiceName(tc int, hint int) types.NamespacedName {
+	var svc types.NamespacedName
+	svc.Namespace = fmt.Sprintf("ns_%d", tc)
+	svc.Name = fmt.Sprintf("name_%d", hint)
+	return svc
+}
+
+func generateEndpointSet(max int) sets.String {
+	s := sets.NewString()
+	for i := 0; i < max; i++ {
+		s.Insert(fmt.Sprintf("%d%s", i, generateRandomString(8)))
+	}
+	return s
+}
+
+func verifyHealthChecks(tc *TestCaseData, t *testing.T) bool {
+	var success = true
+	time.Sleep(100 * time.Millisecond)
+	for i := 0; i < tc.nodePorts; i++ {
+		t.Logf("Validating HealthCheck works for svc %s nodePort %d\n", tc.svcNames[i], tc.nodePortList[i])
+		res, err := http.Get(fmt.Sprintf("http://127.0.0.1:%d/", tc.nodePortList[i]))
+		if err != nil {
+			t.Logf("ERROR: Failed to connect to listening port")
+			success = false
+			continue
+		}
+		robots, err := ioutil.ReadAll(res.Body)
+		if res.StatusCode == http.StatusServiceUnavailable {
+			t.Logf("ERROR: HealthCheck returned %s: %s", res.Status, string(robots))
+			success = false
+			continue
+		}
+		res.Body.Close()
+		if err != nil {
+			t.Logf("Error: reading body of response (%s)", err)
+			success = false
+			continue
+		}
+	}
+	if success {
+		t.Logf("Success: All nodePorts found active")
+	}
+	return success
+}
+
+func TestHealthChecker(t *testing.T) {
+	testcases := []TestCaseData{
+		{
+			nodePorts:    1,
+			numEndpoints: 2,
+		},
+		{
+			nodePorts:    10,
+			numEndpoints: 6,
+		},
+		{
+			nodePorts:    100,
+			numEndpoints: 1,
+		},
+	}
+
+	Run()
+
+	ports := startPort
+	for n, tc := range testcases {
+		tc.nodePortList = make([]int, tc.nodePorts)
+		tc.svcNames = make([]types.NamespacedName, tc.nodePorts)
+		for i := 0; i < tc.nodePorts; i++ {
+			tc.svcNames[i] = chooseServiceName(n, i)
+			t.Logf("Updating endpoints map for %s %d", tc.svcNames[i], tc.numEndpoints)
+			for {
+				UpdateEndpoints(tc.svcNames[i], generateEndpointSet(tc.numEndpoints))
+				tc.nodePortList[i] = ports
+				ports++
+				if AddServiceListener(tc.svcNames[i], tc.nodePortList[i]) {
+					break
+				}
+				DeleteServiceListener(tc.svcNames[i], tc.nodePortList[i])
+				// Keep searching for a port that works
+				t.Logf("Failed to bind/listen on port %d...trying next port", ports-1)
+				if ports > endPort {
+					t.Errorf("Exhausted range of ports available for tests")
+					return
+				}
+			}
+		}
+		t.Logf("Validating if all nodePorts for tc %d work", n)
+		if !verifyHealthChecks(&tc, t) {
+			t.Errorf("Healthcheck validation failed")
+		}
+
+		for i := 0; i < tc.nodePorts; i++ {
+			DeleteServiceListener(tc.svcNames[i], tc.nodePortList[i])
+			UpdateEndpoints(tc.svcNames[i], sets.NewString())
+		}
+
+		// Ensure that all listeners have been shutdown
+		if verifyHealthChecks(&tc, t) {
+			t.Errorf("Healthcheck validation failed")
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/http.go

@@ -0,0 +1,46 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package healthcheck
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/golang/glog"
+)
+
+// A healthCheckHandler serves http requests on /healthz on the service health check node port,
+// and responds to every request with either:
+// 200 OK and the count of endpoints for the given service that are local to this node.
+// or
+// 503 Service Unavailable If the count is zero or the service does not exist
+type healthCheckHandler struct {
+	svcNsName string
+}
+
+// HTTP Utility function to send the required statusCode and error text to a http.ResponseWriter object
+func sendHealthCheckResponse(rw http.ResponseWriter, statusCode int, error string) {
+	rw.Header().Set("Content-Type", "text/plain")
+	rw.WriteHeader(statusCode)
+	fmt.Fprint(rw, error)
+}
+
+// ServeHTTP: Interface callback method for net.Listener Handlers
+func (h healthCheckHandler) ServeHTTP(response http.ResponseWriter, req *http.Request) {
+	glog.V(4).Infof("Received HC Request Service %s from Cloud Load Balancer", h.svcNsName)
+	healthchecker.handleHealthCheckRequest(response, h.svcNsName)
+}

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/listener.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package healthcheck
+
+// Create/Delete dynamic listeners on the required nodePorts
+
+import (
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/golang/glog"
+)
+
+// handleServiceListenerRequest: receive requests to add/remove service health check listening ports
+func (h *proxyHC) handleServiceListenerRequest(req *proxyListenerRequest) bool {
+	sr, serviceFound := h.serviceResponderMap[req.serviceName]
+	if !req.add {
+		if !serviceFound {
+			return false
+		}
+		glog.Infof("Deleting HealthCheckListenPort for service %s port %d",
+			req.serviceName, req.listenPort)
+		delete(h.serviceResponderMap, req.serviceName)
+		(*sr.listener).Close()
+		return true
+	} else if serviceFound {
+		if req.listenPort == sr.listenPort {
+			// Addition requested but responder for service already exists and port is unchanged
+			return true
+		}
+		// Addition requested but responder for service already exists but the listen port has changed
+		glog.Infof("HealthCheckListenPort for service %s changed from %d to %d - closing old listening port",
+			req.serviceName, sr.listenPort, req.listenPort)
+		delete(h.serviceResponderMap, req.serviceName)
+		(*sr.listener).Close()
+	}
+	// Create a service responder object and start listening and serving on the provided port
+	glog.V(2).Infof("Adding health check listener for service %s on nodePort %d", req.serviceName, req.listenPort)
+	server := http.Server{
+		Addr:    fmt.Sprintf(":%d", req.listenPort),
+		Handler: healthCheckHandler{svcNsName: req.serviceName.String()},
+	}
+	listener, err := net.Listen("tcp", server.Addr)
+	if err != nil {
+		glog.Warningf("FAILED to listen on address %s (%s)\n", server.Addr, err)
+		return false
+	}
+	h.serviceResponderMap[req.serviceName] = serviceResponder{serviceName: req.serviceName,
+		listenPort: req.listenPort,
+		listener:   &listener,
+		server:     &server}
+	go func() {
+		// Anonymous goroutine to block on Serve for this listen port - Serve will exit when the listener is closed
+		glog.V(3).Infof("Goroutine blocking on serving health checks for %s on port %d", req.serviceName, req.listenPort)
+		if err := server.Serve(listener); err != nil {
+			glog.V(3).Infof("Proxy HealthCheck listen socket %d for service %s closed with error %s\n", req.listenPort, req.serviceName, err)
+			return
+		}
+		glog.V(3).Infof("Proxy HealthCheck listen socket %d for service %s closed\n", req.listenPort, req.serviceName)
+	}()
+	return true
+}

vendor/k8s.io/kubernetes/pkg/proxy/healthcheck/worker.go

@@ -0,0 +1,53 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package healthcheck LoadBalancer Healthcheck responder library for kubernetes network proxies
+package healthcheck // import "k8s.io/kubernetes/pkg/proxy/healthcheck"
+
+import (
+	"time"
+
+	"github.com/golang/glog"
+)
+
+var healthchecker *proxyHC
+
+// handlerLoop Serializes all requests to prevent concurrent access to the maps
+func (h *proxyHC) handlerLoop() {
+	ticker := time.NewTicker(1 * time.Minute)
+	defer ticker.Stop()
+	for {
+		select {
+		case req := <-h.mutationRequestChannel:
+			h.handleMutationRequest(req)
+		case req := <-h.listenerRequestChannel:
+			req.responseChannel <- h.handleServiceListenerRequest(req)
+		case <-ticker.C:
+			go h.sync()
+		}
+	}
+}
+
+func (h *proxyHC) sync() {
+	glog.V(4).Infof("%d Health Check Listeners", len(h.serviceResponderMap))
+	glog.V(4).Infof("%d Services registered for health checking", len(h.serviceEndpointsMap.List()))
+	for _, svc := range h.serviceEndpointsMap.ListKeys() {
+		if e, ok := h.serviceEndpointsMap.Get(svc); ok {
+			endpointList := e.(*serviceEndpointsList)
+			glog.V(4).Infof("Service %s has %d local endpoints", svc, endpointList.endpoints.Len())
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/iptables/BUILD

@@ -0,0 +1,49 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["proxier.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/api/service:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/proxy/healthcheck:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/config:go_default_library",
+        "//pkg/util/exec:go_default_library",
+        "//pkg/util/flowcontrol:go_default_library",
+        "//pkg/util/iptables:go_default_library",
+        "//pkg/util/sets:go_default_library",
+        "//pkg/util/slice:go_default_library",
+        "//pkg/util/sysctl:go_default_library",
+        "//vendor:github.com/coreos/go-semver/semver",
+        "//vendor:github.com/davecgh/go-spew/spew",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["proxier_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/exec:go_default_library",
+        "//pkg/util/iptables:go_default_library",
+        "//pkg/util/iptables/testing:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/iptables/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+- thockin
+- smarterclayton
+- bprashanth
+- justinsb
+- freehan
+- dcbw

vendor/k8s.io/kubernetes/pkg/proxy/types.go

@@ -0,0 +1,49 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package proxy
+
+import (
+	"fmt"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/types"
+)
+
+// ProxyProvider is the interface provided by proxier implementations.
+type ProxyProvider interface {
+	// OnServiceUpdate manages the active set of service proxies.
+	// Active service proxies are reinitialized if found in the update set or
+	// removed if missing from the update set.
+	OnServiceUpdate(services []api.Service)
+	// Sync immediately synchronizes the ProxyProvider's current state to iptables.
+	Sync()
+	// SyncLoop runs periodic work.
+	// This is expected to run as a goroutine or as the main loop of the app.
+	// It does not return.
+	SyncLoop()
+}
+
+// ServicePortName carries a namespace + name + portname.  This is the unique
+// identfier for a load-balanced service.
+type ServicePortName struct {
+	types.NamespacedName
+	Port string
+}
+
+func (spn ServicePortName) String() string {
+	return fmt.Sprintf("%s:%s", spn.NamespacedName.String(), spn.Port)
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/BUILD

@@ -0,0 +1,56 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "loadbalancer.go",
+        "port_allocator.go",
+        "proxier.go",
+        "proxysocket.go",
+        "rlimit.go",
+        "roundrobin.go",
+        "udp_server.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/errors:go_default_library",
+        "//pkg/util/iptables:go_default_library",
+        "//pkg/util/net:go_default_library",
+        "//pkg/util/runtime:go_default_library",
+        "//pkg/util/slice:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "port_allocator_test.go",
+        "proxier_test.go",
+        "roundrobin_test.go",
+    ],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/iptables/testing:go_default_library",
+        "//pkg/util/net:go_default_library",
+        "//pkg/util/runtime:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/userspace/OWNERS

@@ -0,0 +1,6 @@
+reviewers:
+- thockin
+- lavalamp
+- smarterclayton
+- freehan
+- bprashanth

vendor/k8s.io/kubernetes/pkg/proxy/userspace/loadbalancer.go

@@ -0,0 +1,34 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"net"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+)
+
+// LoadBalancer is an interface for distributing incoming requests to service endpoints.
+type LoadBalancer interface {
+	// NextEndpoint returns the endpoint to handle a request for the given
+	// service-port and source address.
+	NextEndpoint(service proxy.ServicePortName, srcAddr net.Addr, sessionAffinityReset bool) (string, error)
+	NewService(service proxy.ServicePortName, sessionAffinityType api.ServiceAffinity, stickyMaxAgeMinutes int) error
+	DeleteService(service proxy.ServicePortName)
+	CleanupStaleStickySessions(service proxy.ServicePortName)
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/port_allocator.go

@@ -0,0 +1,153 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"errors"
+	"math/big"
+	"math/rand"
+	"sync"
+	"time"
+
+	"k8s.io/kubernetes/pkg/util/net"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+var (
+	errPortRangeNoPortsRemaining = errors.New("port allocation failed; there are no remaining ports left to allocate in the accepted range")
+)
+
+type PortAllocator interface {
+	AllocateNext() (int, error)
+	Release(int)
+}
+
+// randomAllocator is a PortAllocator implementation that allocates random ports, yielding
+// a port value of 0 for every call to AllocateNext().
+type randomAllocator struct{}
+
+// AllocateNext always returns 0
+func (r *randomAllocator) AllocateNext() (int, error) {
+	return 0, nil
+}
+
+// Release is a noop
+func (r *randomAllocator) Release(_ int) {
+	// noop
+}
+
+// newPortAllocator builds PortAllocator for a given PortRange. If the PortRange is empty
+// then a random port allocator is returned; otherwise, a new range-based allocator
+// is returned.
+func newPortAllocator(r net.PortRange) PortAllocator {
+	if r.Base == 0 {
+		return &randomAllocator{}
+	}
+	return newPortRangeAllocator(r)
+}
+
+const (
+	portsBufSize         = 16
+	nextFreePortCooldown = 500 * time.Millisecond
+	allocateNextTimeout  = 1 * time.Second
+)
+
+type rangeAllocator struct {
+	net.PortRange
+	ports chan int
+	used  big.Int
+	lock  sync.Mutex
+	rand  *rand.Rand
+}
+
+func newPortRangeAllocator(r net.PortRange) PortAllocator {
+	if r.Base == 0 || r.Size == 0 {
+		panic("illegal argument: may not specify an empty port range")
+	}
+	ra := &rangeAllocator{
+		PortRange: r,
+		ports:     make(chan int, portsBufSize),
+		rand:      rand.New(rand.NewSource(time.Now().UnixNano())),
+	}
+	go wait.Until(func() { ra.fillPorts(wait.NeverStop) }, nextFreePortCooldown, wait.NeverStop)
+	return ra
+}
+
+// fillPorts loops, always searching for the next free port and, if found, fills the ports buffer with it.
+// this func blocks until either there are no remaining free ports, or else the stopCh chan is closed.
+func (r *rangeAllocator) fillPorts(stopCh <-chan struct{}) {
+	for {
+		port := r.nextFreePort()
+		if port == -1 {
+			return
+		}
+		select {
+		case <-stopCh:
+			return
+		case r.ports <- port:
+		}
+	}
+}
+
+// nextFreePort finds a free port, first picking a random port. if that port is already in use
+// then the port range is scanned sequentially until either a port is found or the scan completes
+// unsuccessfully. an unsuccessful scan returns a port of -1.
+func (r *rangeAllocator) nextFreePort() int {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	// choose random port
+	j := r.rand.Intn(r.Size)
+	if b := r.used.Bit(j); b == 0 {
+		r.used.SetBit(&r.used, j, 1)
+		return j + r.Base
+	}
+
+	// search sequentially
+	for i := j + 1; i < r.Size; i++ {
+		if b := r.used.Bit(i); b == 0 {
+			r.used.SetBit(&r.used, i, 1)
+			return i + r.Base
+		}
+	}
+	for i := 0; i < j; i++ {
+		if b := r.used.Bit(i); b == 0 {
+			r.used.SetBit(&r.used, i, 1)
+			return i + r.Base
+		}
+	}
+	return -1
+}
+
+func (r *rangeAllocator) AllocateNext() (port int, err error) {
+	select {
+	case port = <-r.ports:
+	case <-time.After(allocateNextTimeout):
+		err = errPortRangeNoPortsRemaining
+	}
+	return
+}
+
+func (r *rangeAllocator) Release(port int) {
+	port -= r.Base
+	if port < 0 || port >= r.Size {
+		return
+	}
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	r.used.SetBit(&r.used, port, 0)
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/port_allocator_test.go

@@ -0,0 +1,101 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/kubernetes/pkg/util/net"
+)
+
+func TestRangeAllocatorEmpty(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("0-0")
+	defer func() {
+		if rv := recover(); rv == nil {
+			t.Fatalf("expected panic because of empty port range: %#v", r)
+		}
+	}()
+	_ = newPortRangeAllocator(*r)
+}
+
+func TestRangeAllocatorFullyAllocated(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("1-1")
+	a := newPortRangeAllocator(*r)
+	p, err := a.AllocateNext()
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if p != 1 {
+		t.Fatalf("unexpected allocated port: %d", p)
+	}
+
+	_, err = a.AllocateNext()
+	if err == nil {
+		t.Fatalf("expected error because of fully-allocated range")
+	}
+
+	a.Release(p)
+	p, err = a.AllocateNext()
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if p != 1 {
+		t.Fatalf("unexpected allocated port: %d", p)
+	}
+
+	_, err = a.AllocateNext()
+	if err == nil {
+		t.Fatalf("expected error because of fully-allocated range")
+	}
+}
+
+func TestRangeAllocator_RandomishAllocation(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("1-100")
+	a := newPortRangeAllocator(*r)
+
+	// allocate all the ports
+	var err error
+	ports := make([]int, 100, 100)
+	for i := 0; i < 100; i++ {
+		ports[i], err = a.AllocateNext()
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+	}
+
+	// release them all
+	for i := 0; i < 100; i++ {
+		a.Release(ports[i])
+	}
+
+	// allocate the ports again
+	rports := make([]int, 100, 100)
+	for i := 0; i < 100; i++ {
+		rports[i], err = a.AllocateNext()
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+	}
+
+	if reflect.DeepEqual(ports, rports) {
+		t.Fatalf("expected re-allocated ports to be in a somewhat random order")
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/proxysocket.go

@@ -0,0 +1,300 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+	"k8s.io/kubernetes/pkg/util/runtime"
+)
+
+// Abstraction over TCP/UDP sockets which are proxied.
+type proxySocket interface {
+	// Addr gets the net.Addr for a proxySocket.
+	Addr() net.Addr
+	// Close stops the proxySocket from accepting incoming connections.
+	// Each implementation should comment on the impact of calling Close
+	// while sessions are active.
+	Close() error
+	// ProxyLoop proxies incoming connections for the specified service to the service endpoints.
+	ProxyLoop(service proxy.ServicePortName, info *serviceInfo, proxier *Proxier)
+	// ListenPort returns the host port that the proxySocket is listening on
+	ListenPort() int
+}
+
+func newProxySocket(protocol api.Protocol, ip net.IP, port int) (proxySocket, error) {
+	host := ""
+	if ip != nil {
+		host = ip.String()
+	}
+
+	switch strings.ToUpper(string(protocol)) {
+	case "TCP":
+		listener, err := net.Listen("tcp", net.JoinHostPort(host, strconv.Itoa(port)))
+		if err != nil {
+			return nil, err
+		}
+		return &tcpProxySocket{Listener: listener, port: port}, nil
+	case "UDP":
+		addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(host, strconv.Itoa(port)))
+		if err != nil {
+			return nil, err
+		}
+		conn, err := net.ListenUDP("udp", addr)
+		if err != nil {
+			return nil, err
+		}
+		return &udpProxySocket{UDPConn: conn, port: port}, nil
+	}
+	return nil, fmt.Errorf("unknown protocol %q", protocol)
+}
+
+// How long we wait for a connection to a backend in seconds
+var endpointDialTimeout = []time.Duration{250 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second, 2 * time.Second}
+
+// tcpProxySocket implements proxySocket.  Close() is implemented by net.Listener.  When Close() is called,
+// no new connections are allowed but existing connections are left untouched.
+type tcpProxySocket struct {
+	net.Listener
+	port int
+}
+
+func (tcp *tcpProxySocket) ListenPort() int {
+	return tcp.port
+}
+
+func tryConnect(service proxy.ServicePortName, srcAddr net.Addr, protocol string, proxier *Proxier) (out net.Conn, err error) {
+	sessionAffinityReset := false
+	for _, dialTimeout := range endpointDialTimeout {
+		endpoint, err := proxier.loadBalancer.NextEndpoint(service, srcAddr, sessionAffinityReset)
+		if err != nil {
+			glog.Errorf("Couldn't find an endpoint for %s: %v", service, err)
+			return nil, err
+		}
+		glog.V(3).Infof("Mapped service %q to endpoint %s", service, endpoint)
+		// TODO: This could spin up a new goroutine to make the outbound connection,
+		// and keep accepting inbound traffic.
+		outConn, err := net.DialTimeout(protocol, endpoint, dialTimeout)
+		if err != nil {
+			if isTooManyFDsError(err) {
+				panic("Dial failed: " + err.Error())
+			}
+			glog.Errorf("Dial failed: %v", err)
+			sessionAffinityReset = true
+			continue
+		}
+		return outConn, nil
+	}
+	return nil, fmt.Errorf("failed to connect to an endpoint.")
+}
+
+func (tcp *tcpProxySocket) ProxyLoop(service proxy.ServicePortName, myInfo *serviceInfo, proxier *Proxier) {
+	for {
+		if !myInfo.isAlive() {
+			// The service port was closed or replaced.
+			return
+		}
+		// Block until a connection is made.
+		inConn, err := tcp.Accept()
+		if err != nil {
+			if isTooManyFDsError(err) {
+				panic("Accept failed: " + err.Error())
+			}
+
+			if isClosedError(err) {
+				return
+			}
+			if !myInfo.isAlive() {
+				// Then the service port was just closed so the accept failure is to be expected.
+				return
+			}
+			glog.Errorf("Accept failed: %v", err)
+			continue
+		}
+		glog.V(3).Infof("Accepted TCP connection from %v to %v", inConn.RemoteAddr(), inConn.LocalAddr())
+		outConn, err := tryConnect(service, inConn.(*net.TCPConn).RemoteAddr(), "tcp", proxier)
+		if err != nil {
+			glog.Errorf("Failed to connect to balancer: %v", err)
+			inConn.Close()
+			continue
+		}
+		// Spin up an async copy loop.
+		go proxyTCP(inConn.(*net.TCPConn), outConn.(*net.TCPConn))
+	}
+}
+
+// proxyTCP proxies data bi-directionally between in and out.
+func proxyTCP(in, out *net.TCPConn) {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	glog.V(4).Infof("Creating proxy between %v <-> %v <-> %v <-> %v",
+		in.RemoteAddr(), in.LocalAddr(), out.LocalAddr(), out.RemoteAddr())
+	go copyBytes("from backend", in, out, &wg)
+	go copyBytes("to backend", out, in, &wg)
+	wg.Wait()
+}
+
+func copyBytes(direction string, dest, src *net.TCPConn, wg *sync.WaitGroup) {
+	defer wg.Done()
+	glog.V(4).Infof("Copying %s: %s -> %s", direction, src.RemoteAddr(), dest.RemoteAddr())
+	n, err := io.Copy(dest, src)
+	if err != nil {
+		if !isClosedError(err) {
+			glog.Errorf("I/O error: %v", err)
+		}
+	}
+	glog.V(4).Infof("Copied %d bytes %s: %s -> %s", n, direction, src.RemoteAddr(), dest.RemoteAddr())
+	dest.Close()
+	src.Close()
+}
+
+// udpProxySocket implements proxySocket.  Close() is implemented by net.UDPConn.  When Close() is called,
+// no new connections are allowed and existing connections are broken.
+// TODO: We could lame-duck this ourselves, if it becomes important.
+type udpProxySocket struct {
+	*net.UDPConn
+	port int
+}
+
+func (udp *udpProxySocket) ListenPort() int {
+	return udp.port
+}
+
+func (udp *udpProxySocket) Addr() net.Addr {
+	return udp.LocalAddr()
+}
+
+// Holds all the known UDP clients that have not timed out.
+type clientCache struct {
+	mu      sync.Mutex
+	clients map[string]net.Conn // addr string -> connection
+}
+
+func newClientCache() *clientCache {
+	return &clientCache{clients: map[string]net.Conn{}}
+}
+
+func (udp *udpProxySocket) ProxyLoop(service proxy.ServicePortName, myInfo *serviceInfo, proxier *Proxier) {
+	var buffer [4096]byte // 4KiB should be enough for most whole-packets
+	for {
+		if !myInfo.isAlive() {
+			// The service port was closed or replaced.
+			break
+		}
+
+		// Block until data arrives.
+		// TODO: Accumulate a histogram of n or something, to fine tune the buffer size.
+		n, cliAddr, err := udp.ReadFrom(buffer[0:])
+		if err != nil {
+			if e, ok := err.(net.Error); ok {
+				if e.Temporary() {
+					glog.V(1).Infof("ReadFrom had a temporary failure: %v", err)
+					continue
+				}
+			}
+			glog.Errorf("ReadFrom failed, exiting ProxyLoop: %v", err)
+			break
+		}
+		// If this is a client we know already, reuse the connection and goroutine.
+		svrConn, err := udp.getBackendConn(myInfo.activeClients, cliAddr, proxier, service, myInfo.timeout)
+		if err != nil {
+			continue
+		}
+		// TODO: It would be nice to let the goroutine handle this write, but we don't
+		// really want to copy the buffer.  We could do a pool of buffers or something.
+		_, err = svrConn.Write(buffer[0:n])
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("Write failed: %v", err)
+				// TODO: Maybe tear down the goroutine for this client/server pair?
+			}
+			continue
+		}
+		err = svrConn.SetDeadline(time.Now().Add(myInfo.timeout))
+		if err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			continue
+		}
+	}
+}
+
+func (udp *udpProxySocket) getBackendConn(activeClients *clientCache, cliAddr net.Addr, proxier *Proxier, service proxy.ServicePortName, timeout time.Duration) (net.Conn, error) {
+	activeClients.mu.Lock()
+	defer activeClients.mu.Unlock()
+
+	svrConn, found := activeClients.clients[cliAddr.String()]
+	if !found {
+		// TODO: This could spin up a new goroutine to make the outbound connection,
+		// and keep accepting inbound traffic.
+		glog.V(3).Infof("New UDP connection from %s", cliAddr)
+		var err error
+		svrConn, err = tryConnect(service, cliAddr, "udp", proxier)
+		if err != nil {
+			return nil, err
+		}
+		if err = svrConn.SetDeadline(time.Now().Add(timeout)); err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			return nil, err
+		}
+		activeClients.clients[cliAddr.String()] = svrConn
+		go func(cliAddr net.Addr, svrConn net.Conn, activeClients *clientCache, timeout time.Duration) {
+			defer runtime.HandleCrash()
+			udp.proxyClient(cliAddr, svrConn, activeClients, timeout)
+		}(cliAddr, svrConn, activeClients, timeout)
+	}
+	return svrConn, nil
+}
+
+// This function is expected to be called as a goroutine.
+// TODO: Track and log bytes copied, like TCP
+func (udp *udpProxySocket) proxyClient(cliAddr net.Addr, svrConn net.Conn, activeClients *clientCache, timeout time.Duration) {
+	defer svrConn.Close()
+	var buffer [4096]byte
+	for {
+		n, err := svrConn.Read(buffer[0:])
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("Read failed: %v", err)
+			}
+			break
+		}
+		err = svrConn.SetDeadline(time.Now().Add(timeout))
+		if err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			break
+		}
+		n, err = udp.WriteTo(buffer[0:n], cliAddr)
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("WriteTo failed: %v", err)
+			}
+			break
+		}
+	}
+	activeClients.mu.Lock()
+	delete(activeClients.clients, cliAddr.String())
+	activeClients.mu.Unlock()
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/rlimit.go

@@ -0,0 +1,25 @@
+// +build !windows
+
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import "syscall"
+
+func setRLimit(limit uint64) error {
+	return syscall.Setrlimit(syscall.RLIMIT_NOFILE, &syscall.Rlimit{Max: limit, Cur: limit})
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/rlimit_windows.go

@@ -0,0 +1,23 @@
+// +build windows
+
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+func setRLimit(limit uint64) error {
+	return nil
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/roundrobin.go

@@ -0,0 +1,326 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"reflect"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/slice"
+)
+
+var (
+	ErrMissingServiceEntry = errors.New("missing service entry")
+	ErrMissingEndpoints    = errors.New("missing endpoints")
+)
+
+type affinityState struct {
+	clientIP string
+	//clientProtocol  api.Protocol //not yet used
+	//sessionCookie   string       //not yet used
+	endpoint string
+	lastUsed time.Time
+}
+
+type affinityPolicy struct {
+	affinityType api.ServiceAffinity
+	affinityMap  map[string]*affinityState // map client IP -> affinity info
+	ttlMinutes   int
+}
+
+// LoadBalancerRR is a round-robin load balancer.
+type LoadBalancerRR struct {
+	lock     sync.RWMutex
+	services map[proxy.ServicePortName]*balancerState
+}
+
+// Ensure this implements LoadBalancer.
+var _ LoadBalancer = &LoadBalancerRR{}
+
+type balancerState struct {
+	endpoints []string // a list of "ip:port" style strings
+	index     int      // current index into endpoints
+	affinity  affinityPolicy
+}
+
+func newAffinityPolicy(affinityType api.ServiceAffinity, ttlMinutes int) *affinityPolicy {
+	return &affinityPolicy{
+		affinityType: affinityType,
+		affinityMap:  make(map[string]*affinityState),
+		ttlMinutes:   ttlMinutes,
+	}
+}
+
+// NewLoadBalancerRR returns a new LoadBalancerRR.
+func NewLoadBalancerRR() *LoadBalancerRR {
+	return &LoadBalancerRR{
+		services: map[proxy.ServicePortName]*balancerState{},
+	}
+}
+
+func (lb *LoadBalancerRR) NewService(svcPort proxy.ServicePortName, affinityType api.ServiceAffinity, ttlMinutes int) error {
+	glog.V(4).Infof("LoadBalancerRR NewService %q", svcPort)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+	lb.newServiceInternal(svcPort, affinityType, ttlMinutes)
+	return nil
+}
+
+// This assumes that lb.lock is already held.
+func (lb *LoadBalancerRR) newServiceInternal(svcPort proxy.ServicePortName, affinityType api.ServiceAffinity, ttlMinutes int) *balancerState {
+	if ttlMinutes == 0 {
+		ttlMinutes = 180 //default to 3 hours if not specified.  Should 0 be unlimited instead????
+	}
+
+	if _, exists := lb.services[svcPort]; !exists {
+		lb.services[svcPort] = &balancerState{affinity: *newAffinityPolicy(affinityType, ttlMinutes)}
+		glog.V(4).Infof("LoadBalancerRR service %q did not exist, created", svcPort)
+	} else if affinityType != "" {
+		lb.services[svcPort].affinity.affinityType = affinityType
+	}
+	return lb.services[svcPort]
+}
+
+func (lb *LoadBalancerRR) DeleteService(svcPort proxy.ServicePortName) {
+	glog.V(4).Infof("LoadBalancerRR DeleteService %q", svcPort)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+	delete(lb.services, svcPort)
+}
+
+// return true if this service is using some form of session affinity.
+func isSessionAffinity(affinity *affinityPolicy) bool {
+	// Should never be empty string, but checking for it to be safe.
+	if affinity.affinityType == "" || affinity.affinityType == api.ServiceAffinityNone {
+		return false
+	}
+	return true
+}
+
+// NextEndpoint returns a service endpoint.
+// The service endpoint is chosen using the round-robin algorithm.
+func (lb *LoadBalancerRR) NextEndpoint(svcPort proxy.ServicePortName, srcAddr net.Addr, sessionAffinityReset bool) (string, error) {
+	// Coarse locking is simple.  We can get more fine-grained if/when we
+	// can prove it matters.
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	state, exists := lb.services[svcPort]
+	if !exists || state == nil {
+		return "", ErrMissingServiceEntry
+	}
+	if len(state.endpoints) == 0 {
+		return "", ErrMissingEndpoints
+	}
+	glog.V(4).Infof("NextEndpoint for service %q, srcAddr=%v: endpoints: %+v", svcPort, srcAddr, state.endpoints)
+
+	sessionAffinityEnabled := isSessionAffinity(&state.affinity)
+
+	var ipaddr string
+	if sessionAffinityEnabled {
+		// Caution: don't shadow ipaddr
+		var err error
+		ipaddr, _, err = net.SplitHostPort(srcAddr.String())
+		if err != nil {
+			return "", fmt.Errorf("malformed source address %q: %v", srcAddr.String(), err)
+		}
+		if !sessionAffinityReset {
+			sessionAffinity, exists := state.affinity.affinityMap[ipaddr]
+			if exists && int(time.Now().Sub(sessionAffinity.lastUsed).Minutes()) < state.affinity.ttlMinutes {
+				// Affinity wins.
+				endpoint := sessionAffinity.endpoint
+				sessionAffinity.lastUsed = time.Now()
+				glog.V(4).Infof("NextEndpoint for service %q from IP %s with sessionAffinity %#v: %s", svcPort, ipaddr, sessionAffinity, endpoint)
+				return endpoint, nil
+			}
+		}
+	}
+	// Take the next endpoint.
+	endpoint := state.endpoints[state.index]
+	state.index = (state.index + 1) % len(state.endpoints)
+
+	if sessionAffinityEnabled {
+		var affinity *affinityState
+		affinity = state.affinity.affinityMap[ipaddr]
+		if affinity == nil {
+			affinity = new(affinityState) //&affinityState{ipaddr, "TCP", "", endpoint, time.Now()}
+			state.affinity.affinityMap[ipaddr] = affinity
+		}
+		affinity.lastUsed = time.Now()
+		affinity.endpoint = endpoint
+		affinity.clientIP = ipaddr
+		glog.V(4).Infof("Updated affinity key %s: %#v", ipaddr, state.affinity.affinityMap[ipaddr])
+	}
+
+	return endpoint, nil
+}
+
+type hostPortPair struct {
+	host string
+	port int
+}
+
+func isValidEndpoint(hpp *hostPortPair) bool {
+	return hpp.host != "" && hpp.port > 0
+}
+
+func flattenValidEndpoints(endpoints []hostPortPair) []string {
+	// Convert Endpoint objects into strings for easier use later.  Ignore
+	// the protocol field - we'll get that from the Service objects.
+	var result []string
+	for i := range endpoints {
+		hpp := &endpoints[i]
+		if isValidEndpoint(hpp) {
+			result = append(result, net.JoinHostPort(hpp.host, strconv.Itoa(hpp.port)))
+		}
+	}
+	return result
+}
+
+// Remove any session affinity records associated to a particular endpoint (for example when a pod goes down).
+func removeSessionAffinityByEndpoint(state *balancerState, svcPort proxy.ServicePortName, endpoint string) {
+	for _, affinity := range state.affinity.affinityMap {
+		if affinity.endpoint == endpoint {
+			glog.V(4).Infof("Removing client: %s from affinityMap for service %q", affinity.endpoint, svcPort)
+			delete(state.affinity.affinityMap, affinity.clientIP)
+		}
+	}
+}
+
+// Loop through the valid endpoints and then the endpoints associated with the Load Balancer.
+// Then remove any session affinity records that are not in both lists.
+// This assumes the lb.lock is held.
+func (lb *LoadBalancerRR) updateAffinityMap(svcPort proxy.ServicePortName, newEndpoints []string) {
+	allEndpoints := map[string]int{}
+	for _, newEndpoint := range newEndpoints {
+		allEndpoints[newEndpoint] = 1
+	}
+	state, exists := lb.services[svcPort]
+	if !exists {
+		return
+	}
+	for _, existingEndpoint := range state.endpoints {
+		allEndpoints[existingEndpoint] = allEndpoints[existingEndpoint] + 1
+	}
+	for mKey, mVal := range allEndpoints {
+		if mVal == 1 {
+			glog.V(2).Infof("Delete endpoint %s for service %q", mKey, svcPort)
+			removeSessionAffinityByEndpoint(state, svcPort, mKey)
+		}
+	}
+}
+
+// OnEndpointsUpdate manages the registered service endpoints.
+// Registered endpoints are updated if found in the update set or
+// unregistered if missing from the update set.
+func (lb *LoadBalancerRR) OnEndpointsUpdate(allEndpoints []api.Endpoints) {
+	registeredEndpoints := make(map[proxy.ServicePortName]bool)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	// Update endpoints for services.
+	for i := range allEndpoints {
+		svcEndpoints := &allEndpoints[i]
+
+		// We need to build a map of portname -> all ip:ports for that
+		// portname.  Explode Endpoints.Subsets[*] into this structure.
+		portsToEndpoints := map[string][]hostPortPair{}
+		for i := range svcEndpoints.Subsets {
+			ss := &svcEndpoints.Subsets[i]
+			for i := range ss.Ports {
+				port := &ss.Ports[i]
+				for i := range ss.Addresses {
+					addr := &ss.Addresses[i]
+					portsToEndpoints[port.Name] = append(portsToEndpoints[port.Name], hostPortPair{addr.IP, int(port.Port)})
+					// Ignore the protocol field - we'll get that from the Service objects.
+				}
+			}
+		}
+
+		for portname := range portsToEndpoints {
+			svcPort := proxy.ServicePortName{NamespacedName: types.NamespacedName{Namespace: svcEndpoints.Namespace, Name: svcEndpoints.Name}, Port: portname}
+			state, exists := lb.services[svcPort]
+			curEndpoints := []string{}
+			if state != nil {
+				curEndpoints = state.endpoints
+			}
+			newEndpoints := flattenValidEndpoints(portsToEndpoints[portname])
+
+			if !exists || state == nil || len(curEndpoints) != len(newEndpoints) || !slicesEquiv(slice.CopyStrings(curEndpoints), newEndpoints) {
+				glog.V(1).Infof("LoadBalancerRR: Setting endpoints for %s to %+v", svcPort, newEndpoints)
+				lb.updateAffinityMap(svcPort, newEndpoints)
+				// OnEndpointsUpdate can be called without NewService being called externally.
+				// To be safe we will call it here.  A new service will only be created
+				// if one does not already exist.  The affinity will be updated
+				// later, once NewService is called.
+				state = lb.newServiceInternal(svcPort, api.ServiceAffinity(""), 0)
+				state.endpoints = slice.ShuffleStrings(newEndpoints)
+
+				// Reset the round-robin index.
+				state.index = 0
+			}
+			registeredEndpoints[svcPort] = true
+		}
+	}
+	// Remove endpoints missing from the update.
+	for k := range lb.services {
+		if _, exists := registeredEndpoints[k]; !exists {
+			glog.V(2).Infof("LoadBalancerRR: Removing endpoints for %s", k)
+			// Reset but don't delete.
+			state := lb.services[k]
+			state.endpoints = []string{}
+			state.index = 0
+			state.affinity.affinityMap = map[string]*affinityState{}
+		}
+	}
+}
+
+// Tests whether two slices are equivalent.  This sorts both slices in-place.
+func slicesEquiv(lhs, rhs []string) bool {
+	if len(lhs) != len(rhs) {
+		return false
+	}
+	if reflect.DeepEqual(slice.SortStrings(lhs), slice.SortStrings(rhs)) {
+		return true
+	}
+	return false
+}
+
+func (lb *LoadBalancerRR) CleanupStaleStickySessions(svcPort proxy.ServicePortName) {
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	state, exists := lb.services[svcPort]
+	if !exists {
+		return
+	}
+	for ip, affinity := range state.affinity.affinityMap {
+		if int(time.Now().Sub(affinity.lastUsed).Minutes()) >= state.affinity.ttlMinutes {
+			glog.V(4).Infof("Removing client %s from affinityMap for service %q", affinity.clientIP, svcPort)
+			delete(state.affinity.affinityMap, ip)
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/userspace/udp_server.go

@@ -0,0 +1,54 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package userspace
+
+import (
+	"fmt"
+	"net"
+)
+
+// udpEchoServer is a simple echo server in UDP, intended for testing the proxy.
+type udpEchoServer struct {
+	net.PacketConn
+}
+
+func (r *udpEchoServer) Loop() {
+	var buffer [4096]byte
+	for {
+		n, cliAddr, err := r.ReadFrom(buffer[0:])
+		if err != nil {
+			fmt.Printf("ReadFrom failed: %v\n", err)
+			continue
+		}
+		r.WriteTo(buffer[0:n], cliAddr)
+	}
+}
+
+func newUDPEchoServer() (*udpEchoServer, error) {
+	packetconn, err := net.ListenPacket("udp", ":0")
+	if err != nil {
+		return nil, err
+	}
+	return &udpEchoServer{packetconn}, nil
+}
+
+/*
+func main() {
+	r,_ := newUDPEchoServer()
+	r.Loop()
+}
+*/

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/BUILD

@@ -0,0 +1,55 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "loadbalancer.go",
+        "port_allocator.go",
+        "proxier.go",
+        "proxysocket.go",
+        "roundrobin.go",
+        "udp_server.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/errors:go_default_library",
+        "//pkg/util/net:go_default_library",
+        "//pkg/util/netsh:go_default_library",
+        "//pkg/util/runtime:go_default_library",
+        "//pkg/util/slice:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "port_allocator_test.go",
+        "proxier_test.go",
+        "roundrobin_test.go",
+    ],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/proxy:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/net:go_default_library",
+        "//pkg/util/netsh/testing:go_default_library",
+        "//pkg/util/runtime:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/loadbalancer.go

@@ -0,0 +1,34 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"net"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+)
+
+// LoadBalancer is an interface for distributing incoming requests to service endpoints.
+type LoadBalancer interface {
+	// NextEndpoint returns the endpoint to handle a request for the given
+	// service-port and source address.
+	NextEndpoint(service proxy.ServicePortName, srcAddr net.Addr, sessionAffinityReset bool) (string, error)
+	NewService(service proxy.ServicePortName, sessionAffinityType api.ServiceAffinity, stickyMaxAgeMinutes int) error
+	DeleteService(service proxy.ServicePortName)
+	CleanupStaleStickySessions(service proxy.ServicePortName)
+}

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/port_allocator.go

@@ -0,0 +1,153 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"errors"
+	"math/big"
+	"math/rand"
+	"sync"
+	"time"
+
+	"k8s.io/kubernetes/pkg/util/net"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+var (
+	errPortRangeNoPortsRemaining = errors.New("port allocation failed; there are no remaining ports left to allocate in the accepted range")
+)
+
+type PortAllocator interface {
+	AllocateNext() (int, error)
+	Release(int)
+}
+
+// randomAllocator is a PortAllocator implementation that allocates random ports, yielding
+// a port value of 0 for every call to AllocateNext().
+type randomAllocator struct{}
+
+// AllocateNext always returns 0
+func (r *randomAllocator) AllocateNext() (int, error) {
+	return 0, nil
+}
+
+// Release is a noop
+func (r *randomAllocator) Release(_ int) {
+	// noop
+}
+
+// newPortAllocator builds PortAllocator for a given PortRange. If the PortRange is empty
+// then a random port allocator is returned; otherwise, a new range-based allocator
+// is returned.
+func newPortAllocator(r net.PortRange) PortAllocator {
+	if r.Base == 0 {
+		return &randomAllocator{}
+	}
+	return newPortRangeAllocator(r)
+}
+
+const (
+	portsBufSize         = 16
+	nextFreePortCooldown = 500 * time.Millisecond
+	allocateNextTimeout  = 1 * time.Second
+)
+
+type rangeAllocator struct {
+	net.PortRange
+	ports chan int
+	used  big.Int
+	lock  sync.Mutex
+	rand  *rand.Rand
+}
+
+func newPortRangeAllocator(r net.PortRange) PortAllocator {
+	if r.Base == 0 || r.Size == 0 {
+		panic("illegal argument: may not specify an empty port range")
+	}
+	ra := &rangeAllocator{
+		PortRange: r,
+		ports:     make(chan int, portsBufSize),
+		rand:      rand.New(rand.NewSource(time.Now().UnixNano())),
+	}
+	go wait.Until(func() { ra.fillPorts(wait.NeverStop) }, nextFreePortCooldown, wait.NeverStop)
+	return ra
+}
+
+// fillPorts loops, always searching for the next free port and, if found, fills the ports buffer with it.
+// this func blocks until either there are no remaining free ports, or else the stopCh chan is closed.
+func (r *rangeAllocator) fillPorts(stopCh <-chan struct{}) {
+	for {
+		port := r.nextFreePort()
+		if port == -1 {
+			return
+		}
+		select {
+		case <-stopCh:
+			return
+		case r.ports <- port:
+		}
+	}
+}
+
+// nextFreePort finds a free port, first picking a random port. if that port is already in use
+// then the port range is scanned sequentially until either a port is found or the scan completes
+// unsuccessfully. an unsuccessful scan returns a port of -1.
+func (r *rangeAllocator) nextFreePort() int {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	// choose random port
+	j := r.rand.Intn(r.Size)
+	if b := r.used.Bit(j); b == 0 {
+		r.used.SetBit(&r.used, j, 1)
+		return j + r.Base
+	}
+
+	// search sequentially
+	for i := j + 1; i < r.Size; i++ {
+		if b := r.used.Bit(i); b == 0 {
+			r.used.SetBit(&r.used, i, 1)
+			return i + r.Base
+		}
+	}
+	for i := 0; i < j; i++ {
+		if b := r.used.Bit(i); b == 0 {
+			r.used.SetBit(&r.used, i, 1)
+			return i + r.Base
+		}
+	}
+	return -1
+}
+
+func (r *rangeAllocator) AllocateNext() (port int, err error) {
+	select {
+	case port = <-r.ports:
+	case <-time.After(allocateNextTimeout):
+		err = errPortRangeNoPortsRemaining
+	}
+	return
+}
+
+func (r *rangeAllocator) Release(port int) {
+	port -= r.Base
+	if port < 0 || port >= r.Size {
+		return
+	}
+	r.lock.Lock()
+	defer r.lock.Unlock()
+	r.used.SetBit(&r.used, port, 0)
+}

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/port_allocator_test.go

@@ -0,0 +1,101 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/kubernetes/pkg/util/net"
+)
+
+func TestRangeAllocatorEmpty(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("0-0")
+	defer func() {
+		if rv := recover(); rv == nil {
+			t.Fatalf("expected panic because of empty port range: %#v", r)
+		}
+	}()
+	_ = newPortRangeAllocator(*r)
+}
+
+func TestRangeAllocatorFullyAllocated(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("1-1")
+	a := newPortRangeAllocator(*r)
+	p, err := a.AllocateNext()
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if p != 1 {
+		t.Fatalf("unexpected allocated port: %d", p)
+	}
+
+	_, err = a.AllocateNext()
+	if err == nil {
+		t.Fatalf("expected error because of fully-allocated range")
+	}
+
+	a.Release(p)
+	p, err = a.AllocateNext()
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if p != 1 {
+		t.Fatalf("unexpected allocated port: %d", p)
+	}
+
+	_, err = a.AllocateNext()
+	if err == nil {
+		t.Fatalf("expected error because of fully-allocated range")
+	}
+}
+
+func TestRangeAllocator_RandomishAllocation(t *testing.T) {
+	r := &net.PortRange{}
+	r.Set("1-100")
+	a := newPortRangeAllocator(*r)
+
+	// allocate all the ports
+	var err error
+	ports := make([]int, 100, 100)
+	for i := 0; i < 100; i++ {
+		ports[i], err = a.AllocateNext()
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+	}
+
+	// release them all
+	for i := 0; i < 100; i++ {
+		a.Release(ports[i])
+	}
+
+	// allocate the ports again
+	rports := make([]int, 100, 100)
+	for i := 0; i < 100; i++ {
+		rports[i], err = a.AllocateNext()
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+	}
+
+	if reflect.DeepEqual(ports, rports) {
+		t.Fatalf("expected re-allocated ports to be in a somewhat random order")
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/proxysocket.go

@@ -0,0 +1,300 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+	"k8s.io/kubernetes/pkg/util/runtime"
+)
+
+// Abstraction over TCP/UDP sockets which are proxied.
+type proxySocket interface {
+	// Addr gets the net.Addr for a proxySocket.
+	Addr() net.Addr
+	// Close stops the proxySocket from accepting incoming connections.
+	// Each implementation should comment on the impact of calling Close
+	// while sessions are active.
+	Close() error
+	// ProxyLoop proxies incoming connections for the specified service to the service endpoints.
+	ProxyLoop(service proxy.ServicePortName, info *serviceInfo, proxier *Proxier)
+	// ListenPort returns the host port that the proxySocket is listening on
+	ListenPort() int
+}
+
+func newProxySocket(protocol api.Protocol, ip net.IP, port int) (proxySocket, error) {
+	host := ""
+	if ip != nil {
+		host = ip.String()
+	}
+
+	switch strings.ToUpper(string(protocol)) {
+	case "TCP":
+		listener, err := net.Listen("tcp", net.JoinHostPort(host, strconv.Itoa(port)))
+		if err != nil {
+			return nil, err
+		}
+		return &tcpProxySocket{Listener: listener, port: port}, nil
+	case "UDP":
+		addr, err := net.ResolveUDPAddr("udp", net.JoinHostPort(host, strconv.Itoa(port)))
+		if err != nil {
+			return nil, err
+		}
+		conn, err := net.ListenUDP("udp", addr)
+		if err != nil {
+			return nil, err
+		}
+		return &udpProxySocket{UDPConn: conn, port: port}, nil
+	}
+	return nil, fmt.Errorf("unknown protocol %q", protocol)
+}
+
+// How long we wait for a connection to a backend in seconds
+var endpointDialTimeout = []time.Duration{250 * time.Millisecond, 500 * time.Millisecond, 1 * time.Second, 2 * time.Second}
+
+// tcpProxySocket implements proxySocket.  Close() is implemented by net.Listener.  When Close() is called,
+// no new connections are allowed but existing connections are left untouched.
+type tcpProxySocket struct {
+	net.Listener
+	port int
+}
+
+func (tcp *tcpProxySocket) ListenPort() int {
+	return tcp.port
+}
+
+func tryConnect(service proxy.ServicePortName, srcAddr net.Addr, protocol string, proxier *Proxier) (out net.Conn, err error) {
+	sessionAffinityReset := false
+	for _, dialTimeout := range endpointDialTimeout {
+		endpoint, err := proxier.loadBalancer.NextEndpoint(service, srcAddr, sessionAffinityReset)
+		if err != nil {
+			glog.Errorf("Couldn't find an endpoint for %s: %v", service, err)
+			return nil, err
+		}
+		glog.V(3).Infof("Mapped service %q to endpoint %s", service, endpoint)
+		// TODO: This could spin up a new goroutine to make the outbound connection,
+		// and keep accepting inbound traffic.
+		outConn, err := net.DialTimeout(protocol, endpoint, dialTimeout)
+		if err != nil {
+			if isTooManyFDsError(err) {
+				panic("Dial failed: " + err.Error())
+			}
+			glog.Errorf("Dial failed: %v", err)
+			sessionAffinityReset = true
+			continue
+		}
+		return outConn, nil
+	}
+	return nil, fmt.Errorf("failed to connect to an endpoint.")
+}
+
+func (tcp *tcpProxySocket) ProxyLoop(service proxy.ServicePortName, myInfo *serviceInfo, proxier *Proxier) {
+	for {
+		if !myInfo.isAlive() {
+			// The service port was closed or replaced.
+			return
+		}
+		// Block until a connection is made.
+		inConn, err := tcp.Accept()
+		if err != nil {
+			if isTooManyFDsError(err) {
+				panic("Accept failed: " + err.Error())
+			}
+
+			if isClosedError(err) {
+				return
+			}
+			if !myInfo.isAlive() {
+				// Then the service port was just closed so the accept failure is to be expected.
+				return
+			}
+			glog.Errorf("Accept failed: %v", err)
+			continue
+		}
+		glog.V(3).Infof("Accepted TCP connection from %v to %v", inConn.RemoteAddr(), inConn.LocalAddr())
+		outConn, err := tryConnect(service, inConn.(*net.TCPConn).RemoteAddr(), "tcp", proxier)
+		if err != nil {
+			glog.Errorf("Failed to connect to balancer: %v", err)
+			inConn.Close()
+			continue
+		}
+		// Spin up an async copy loop.
+		go proxyTCP(inConn.(*net.TCPConn), outConn.(*net.TCPConn))
+	}
+}
+
+// proxyTCP proxies data bi-directionally between in and out.
+func proxyTCP(in, out *net.TCPConn) {
+	var wg sync.WaitGroup
+	wg.Add(2)
+	glog.V(4).Infof("Creating proxy between %v <-> %v <-> %v <-> %v",
+		in.RemoteAddr(), in.LocalAddr(), out.LocalAddr(), out.RemoteAddr())
+	go copyBytes("from backend", in, out, &wg)
+	go copyBytes("to backend", out, in, &wg)
+	wg.Wait()
+}
+
+func copyBytes(direction string, dest, src *net.TCPConn, wg *sync.WaitGroup) {
+	defer wg.Done()
+	glog.V(4).Infof("Copying %s: %s -> %s", direction, src.RemoteAddr(), dest.RemoteAddr())
+	n, err := io.Copy(dest, src)
+	if err != nil {
+		if !isClosedError(err) {
+			glog.Errorf("I/O error: %v", err)
+		}
+	}
+	glog.V(4).Infof("Copied %d bytes %s: %s -> %s", n, direction, src.RemoteAddr(), dest.RemoteAddr())
+	dest.Close()
+	src.Close()
+}
+
+// udpProxySocket implements proxySocket.  Close() is implemented by net.UDPConn.  When Close() is called,
+// no new connections are allowed and existing connections are broken.
+// TODO: We could lame-duck this ourselves, if it becomes important.
+type udpProxySocket struct {
+	*net.UDPConn
+	port int
+}
+
+func (udp *udpProxySocket) ListenPort() int {
+	return udp.port
+}
+
+func (udp *udpProxySocket) Addr() net.Addr {
+	return udp.LocalAddr()
+}
+
+// Holds all the known UDP clients that have not timed out.
+type clientCache struct {
+	mu      sync.Mutex
+	clients map[string]net.Conn // addr string -> connection
+}
+
+func newClientCache() *clientCache {
+	return &clientCache{clients: map[string]net.Conn{}}
+}
+
+func (udp *udpProxySocket) ProxyLoop(service proxy.ServicePortName, myInfo *serviceInfo, proxier *Proxier) {
+	var buffer [4096]byte // 4KiB should be enough for most whole-packets
+	for {
+		if !myInfo.isAlive() {
+			// The service port was closed or replaced.
+			break
+		}
+
+		// Block until data arrives.
+		// TODO: Accumulate a histogram of n or something, to fine tune the buffer size.
+		n, cliAddr, err := udp.ReadFrom(buffer[0:])
+		if err != nil {
+			if e, ok := err.(net.Error); ok {
+				if e.Temporary() {
+					glog.V(1).Infof("ReadFrom had a temporary failure: %v", err)
+					continue
+				}
+			}
+			glog.Errorf("ReadFrom failed, exiting ProxyLoop: %v", err)
+			break
+		}
+		// If this is a client we know already, reuse the connection and goroutine.
+		svrConn, err := udp.getBackendConn(myInfo.activeClients, cliAddr, proxier, service, myInfo.timeout)
+		if err != nil {
+			continue
+		}
+		// TODO: It would be nice to let the goroutine handle this write, but we don't
+		// really want to copy the buffer.  We could do a pool of buffers or something.
+		_, err = svrConn.Write(buffer[0:n])
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("Write failed: %v", err)
+				// TODO: Maybe tear down the goroutine for this client/server pair?
+			}
+			continue
+		}
+		err = svrConn.SetDeadline(time.Now().Add(myInfo.timeout))
+		if err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			continue
+		}
+	}
+}
+
+func (udp *udpProxySocket) getBackendConn(activeClients *clientCache, cliAddr net.Addr, proxier *Proxier, service proxy.ServicePortName, timeout time.Duration) (net.Conn, error) {
+	activeClients.mu.Lock()
+	defer activeClients.mu.Unlock()
+
+	svrConn, found := activeClients.clients[cliAddr.String()]
+	if !found {
+		// TODO: This could spin up a new goroutine to make the outbound connection,
+		// and keep accepting inbound traffic.
+		glog.V(3).Infof("New UDP connection from %s", cliAddr)
+		var err error
+		svrConn, err = tryConnect(service, cliAddr, "udp", proxier)
+		if err != nil {
+			return nil, err
+		}
+		if err = svrConn.SetDeadline(time.Now().Add(timeout)); err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			return nil, err
+		}
+		activeClients.clients[cliAddr.String()] = svrConn
+		go func(cliAddr net.Addr, svrConn net.Conn, activeClients *clientCache, timeout time.Duration) {
+			defer runtime.HandleCrash()
+			udp.proxyClient(cliAddr, svrConn, activeClients, timeout)
+		}(cliAddr, svrConn, activeClients, timeout)
+	}
+	return svrConn, nil
+}
+
+// This function is expected to be called as a goroutine.
+// TODO: Track and log bytes copied, like TCP
+func (udp *udpProxySocket) proxyClient(cliAddr net.Addr, svrConn net.Conn, activeClients *clientCache, timeout time.Duration) {
+	defer svrConn.Close()
+	var buffer [4096]byte
+	for {
+		n, err := svrConn.Read(buffer[0:])
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("Read failed: %v", err)
+			}
+			break
+		}
+		err = svrConn.SetDeadline(time.Now().Add(timeout))
+		if err != nil {
+			glog.Errorf("SetDeadline failed: %v", err)
+			break
+		}
+		n, err = udp.WriteTo(buffer[0:n], cliAddr)
+		if err != nil {
+			if !logTimeout(err) {
+				glog.Errorf("WriteTo failed: %v", err)
+			}
+			break
+		}
+	}
+	activeClients.mu.Lock()
+	delete(activeClients.clients, cliAddr.String())
+	activeClients.mu.Unlock()
+}

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/roundrobin.go

@@ -0,0 +1,326 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"reflect"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/golang/glog"
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/proxy"
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/slice"
+)
+
+var (
+	ErrMissingServiceEntry = errors.New("missing service entry")
+	ErrMissingEndpoints    = errors.New("missing endpoints")
+)
+
+type affinityState struct {
+	clientIP string
+	//clientProtocol  api.Protocol //not yet used
+	//sessionCookie   string       //not yet used
+	endpoint string
+	lastUsed time.Time
+}
+
+type affinityPolicy struct {
+	affinityType api.ServiceAffinity
+	affinityMap  map[string]*affinityState // map client IP -> affinity info
+	ttlMinutes   int
+}
+
+// LoadBalancerRR is a round-robin load balancer.
+type LoadBalancerRR struct {
+	lock     sync.RWMutex
+	services map[proxy.ServicePortName]*balancerState
+}
+
+// Ensure this implements LoadBalancer.
+var _ LoadBalancer = &LoadBalancerRR{}
+
+type balancerState struct {
+	endpoints []string // a list of "ip:port" style strings
+	index     int      // current index into endpoints
+	affinity  affinityPolicy
+}
+
+func newAffinityPolicy(affinityType api.ServiceAffinity, ttlMinutes int) *affinityPolicy {
+	return &affinityPolicy{
+		affinityType: affinityType,
+		affinityMap:  make(map[string]*affinityState),
+		ttlMinutes:   ttlMinutes,
+	}
+}
+
+// NewLoadBalancerRR returns a new LoadBalancerRR.
+func NewLoadBalancerRR() *LoadBalancerRR {
+	return &LoadBalancerRR{
+		services: map[proxy.ServicePortName]*balancerState{},
+	}
+}
+
+func (lb *LoadBalancerRR) NewService(svcPort proxy.ServicePortName, affinityType api.ServiceAffinity, ttlMinutes int) error {
+	glog.V(4).Infof("LoadBalancerRR NewService %q", svcPort)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+	lb.newServiceInternal(svcPort, affinityType, ttlMinutes)
+	return nil
+}
+
+// This assumes that lb.lock is already held.
+func (lb *LoadBalancerRR) newServiceInternal(svcPort proxy.ServicePortName, affinityType api.ServiceAffinity, ttlMinutes int) *balancerState {
+	if ttlMinutes == 0 {
+		ttlMinutes = 180 //default to 3 hours if not specified.  Should 0 be unlimited instead????
+	}
+
+	if _, exists := lb.services[svcPort]; !exists {
+		lb.services[svcPort] = &balancerState{affinity: *newAffinityPolicy(affinityType, ttlMinutes)}
+		glog.V(4).Infof("LoadBalancerRR service %q did not exist, created", svcPort)
+	} else if affinityType != "" {
+		lb.services[svcPort].affinity.affinityType = affinityType
+	}
+	return lb.services[svcPort]
+}
+
+func (lb *LoadBalancerRR) DeleteService(svcPort proxy.ServicePortName) {
+	glog.V(4).Infof("LoadBalancerRR DeleteService %q", svcPort)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+	delete(lb.services, svcPort)
+}
+
+// return true if this service is using some form of session affinity.
+func isSessionAffinity(affinity *affinityPolicy) bool {
+	// Should never be empty string, but checking for it to be safe.
+	if affinity.affinityType == "" || affinity.affinityType == api.ServiceAffinityNone {
+		return false
+	}
+	return true
+}
+
+// NextEndpoint returns a service endpoint.
+// The service endpoint is chosen using the round-robin algorithm.
+func (lb *LoadBalancerRR) NextEndpoint(svcPort proxy.ServicePortName, srcAddr net.Addr, sessionAffinityReset bool) (string, error) {
+	// Coarse locking is simple.  We can get more fine-grained if/when we
+	// can prove it matters.
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	state, exists := lb.services[svcPort]
+	if !exists || state == nil {
+		return "", ErrMissingServiceEntry
+	}
+	if len(state.endpoints) == 0 {
+		return "", ErrMissingEndpoints
+	}
+	glog.V(4).Infof("NextEndpoint for service %q, srcAddr=%v: endpoints: %+v", svcPort, srcAddr, state.endpoints)
+
+	sessionAffinityEnabled := isSessionAffinity(&state.affinity)
+
+	var ipaddr string
+	if sessionAffinityEnabled {
+		// Caution: don't shadow ipaddr
+		var err error
+		ipaddr, _, err = net.SplitHostPort(srcAddr.String())
+		if err != nil {
+			return "", fmt.Errorf("malformed source address %q: %v", srcAddr.String(), err)
+		}
+		if !sessionAffinityReset {
+			sessionAffinity, exists := state.affinity.affinityMap[ipaddr]
+			if exists && int(time.Now().Sub(sessionAffinity.lastUsed).Minutes()) < state.affinity.ttlMinutes {
+				// Affinity wins.
+				endpoint := sessionAffinity.endpoint
+				sessionAffinity.lastUsed = time.Now()
+				glog.V(4).Infof("NextEndpoint for service %q from IP %s with sessionAffinity %#v: %s", svcPort, ipaddr, sessionAffinity, endpoint)
+				return endpoint, nil
+			}
+		}
+	}
+	// Take the next endpoint.
+	endpoint := state.endpoints[state.index]
+	state.index = (state.index + 1) % len(state.endpoints)
+
+	if sessionAffinityEnabled {
+		var affinity *affinityState
+		affinity = state.affinity.affinityMap[ipaddr]
+		if affinity == nil {
+			affinity = new(affinityState) //&affinityState{ipaddr, "TCP", "", endpoint, time.Now()}
+			state.affinity.affinityMap[ipaddr] = affinity
+		}
+		affinity.lastUsed = time.Now()
+		affinity.endpoint = endpoint
+		affinity.clientIP = ipaddr
+		glog.V(4).Infof("Updated affinity key %s: %#v", ipaddr, state.affinity.affinityMap[ipaddr])
+	}
+
+	return endpoint, nil
+}
+
+type hostPortPair struct {
+	host string
+	port int
+}
+
+func isValidEndpoint(hpp *hostPortPair) bool {
+	return hpp.host != "" && hpp.port > 0
+}
+
+func flattenValidEndpoints(endpoints []hostPortPair) []string {
+	// Convert Endpoint objects into strings for easier use later.  Ignore
+	// the protocol field - we'll get that from the Service objects.
+	var result []string
+	for i := range endpoints {
+		hpp := &endpoints[i]
+		if isValidEndpoint(hpp) {
+			result = append(result, net.JoinHostPort(hpp.host, strconv.Itoa(hpp.port)))
+		}
+	}
+	return result
+}
+
+// Remove any session affinity records associated to a particular endpoint (for example when a pod goes down).
+func removeSessionAffinityByEndpoint(state *balancerState, svcPort proxy.ServicePortName, endpoint string) {
+	for _, affinity := range state.affinity.affinityMap {
+		if affinity.endpoint == endpoint {
+			glog.V(4).Infof("Removing client: %s from affinityMap for service %q", affinity.endpoint, svcPort)
+			delete(state.affinity.affinityMap, affinity.clientIP)
+		}
+	}
+}
+
+// Loop through the valid endpoints and then the endpoints associated with the Load Balancer.
+// Then remove any session affinity records that are not in both lists.
+// This assumes the lb.lock is held.
+func (lb *LoadBalancerRR) updateAffinityMap(svcPort proxy.ServicePortName, newEndpoints []string) {
+	allEndpoints := map[string]int{}
+	for _, newEndpoint := range newEndpoints {
+		allEndpoints[newEndpoint] = 1
+	}
+	state, exists := lb.services[svcPort]
+	if !exists {
+		return
+	}
+	for _, existingEndpoint := range state.endpoints {
+		allEndpoints[existingEndpoint] = allEndpoints[existingEndpoint] + 1
+	}
+	for mKey, mVal := range allEndpoints {
+		if mVal == 1 {
+			glog.V(2).Infof("Delete endpoint %s for service %q", mKey, svcPort)
+			removeSessionAffinityByEndpoint(state, svcPort, mKey)
+		}
+	}
+}
+
+// OnEndpointsUpdate manages the registered service endpoints.
+// Registered endpoints are updated if found in the update set or
+// unregistered if missing from the update set.
+func (lb *LoadBalancerRR) OnEndpointsUpdate(allEndpoints []api.Endpoints) {
+	registeredEndpoints := make(map[proxy.ServicePortName]bool)
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	// Update endpoints for services.
+	for i := range allEndpoints {
+		svcEndpoints := &allEndpoints[i]
+
+		// We need to build a map of portname -> all ip:ports for that
+		// portname.  Explode Endpoints.Subsets[*] into this structure.
+		portsToEndpoints := map[string][]hostPortPair{}
+		for i := range svcEndpoints.Subsets {
+			ss := &svcEndpoints.Subsets[i]
+			for i := range ss.Ports {
+				port := &ss.Ports[i]
+				for i := range ss.Addresses {
+					addr := &ss.Addresses[i]
+					portsToEndpoints[port.Name] = append(portsToEndpoints[port.Name], hostPortPair{addr.IP, int(port.Port)})
+					// Ignore the protocol field - we'll get that from the Service objects.
+				}
+			}
+		}
+
+		for portname := range portsToEndpoints {
+			svcPort := proxy.ServicePortName{NamespacedName: types.NamespacedName{Namespace: svcEndpoints.Namespace, Name: svcEndpoints.Name}, Port: portname}
+			state, exists := lb.services[svcPort]
+			curEndpoints := []string{}
+			if state != nil {
+				curEndpoints = state.endpoints
+			}
+			newEndpoints := flattenValidEndpoints(portsToEndpoints[portname])
+
+			if !exists || state == nil || len(curEndpoints) != len(newEndpoints) || !slicesEquiv(slice.CopyStrings(curEndpoints), newEndpoints) {
+				glog.V(1).Infof("LoadBalancerRR: Setting endpoints for %s to %+v", svcPort, newEndpoints)
+				lb.updateAffinityMap(svcPort, newEndpoints)
+				// OnEndpointsUpdate can be called without NewService being called externally.
+				// To be safe we will call it here.  A new service will only be created
+				// if one does not already exist.  The affinity will be updated
+				// later, once NewService is called.
+				state = lb.newServiceInternal(svcPort, api.ServiceAffinity(""), 0)
+				state.endpoints = slice.ShuffleStrings(newEndpoints)
+
+				// Reset the round-robin index.
+				state.index = 0
+			}
+			registeredEndpoints[svcPort] = true
+		}
+	}
+	// Remove endpoints missing from the update.
+	for k := range lb.services {
+		if _, exists := registeredEndpoints[k]; !exists {
+			glog.V(2).Infof("LoadBalancerRR: Removing endpoints for %s", k)
+			// Reset but don't delete.
+			state := lb.services[k]
+			state.endpoints = []string{}
+			state.index = 0
+			state.affinity.affinityMap = map[string]*affinityState{}
+		}
+	}
+}
+
+// Tests whether two slices are equivalent.  This sorts both slices in-place.
+func slicesEquiv(lhs, rhs []string) bool {
+	if len(lhs) != len(rhs) {
+		return false
+	}
+	if reflect.DeepEqual(slice.SortStrings(lhs), slice.SortStrings(rhs)) {
+		return true
+	}
+	return false
+}
+
+func (lb *LoadBalancerRR) CleanupStaleStickySessions(svcPort proxy.ServicePortName) {
+	lb.lock.Lock()
+	defer lb.lock.Unlock()
+
+	state, exists := lb.services[svcPort]
+	if !exists {
+		return
+	}
+	for ip, affinity := range state.affinity.affinityMap {
+		if int(time.Now().Sub(affinity.lastUsed).Minutes()) >= state.affinity.ttlMinutes {
+			glog.V(4).Infof("Removing client %s from affinityMap for service %q", affinity.clientIP, svcPort)
+			delete(state.affinity.affinityMap, ip)
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/proxy/winuserspace/udp_server.go

@@ -0,0 +1,47 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package winuserspace
+
+import (
+	"fmt"
+	"net"
+)
+
+// udpEchoServer is a simple echo server in UDP, intended for testing the proxy.
+type udpEchoServer struct {
+	net.PacketConn
+}
+
+func (r *udpEchoServer) Loop() {
+	var buffer [4096]byte
+	for {
+		n, cliAddr, err := r.ReadFrom(buffer[0:])
+		if err != nil {
+			fmt.Printf("ReadFrom failed: %v\n", err)
+			continue
+		}
+		r.WriteTo(buffer[0:n], cliAddr)
+	}
+}
+
+func newUDPEchoServer() (*udpEchoServer, error) {
+	packetconn, err := net.ListenPacket("udp", ":0")
+	if err != nil {
+		return nil, err
+	}
+	return &udpEchoServer{packetconn}, nil
+}