proxy/iptables: Remove unnecessary /32 and /128 in iptables rules

If you pass just an IP address to "-s" or "-d", the iptables command
will fill in the correct mask automatically.

Originally, the proxier was just hardcoding "/32" for all of these,
which was unnecessary but simple. But when IPv6 support was added, the
code was made more complicated to deal with the fact that the "/32"
needed to be "/128" in the IPv6 case, so it would parse the IPs to
figure out which family they were, which in turn involved adding some
checks in case the parsing fails (even though that "can't happen" and
the old code didn't check for invalid IPs, even though that would
break the iptables-restore if there had been any).

Anyway, all of that is unnecessary because we can just pass the IP
strings to iptables directly rather than parsing and unparsing them
first.

(The diff to proxier_test.go is just deleting "/32" everywhere.)

pkg/proxy/util/endpoints.go

@@ -17,7 +17,6 @@ limitations under the License.
 package util
 
 import (
-	"fmt"
 	"net"
 	"strconv"
 
@@ -63,13 +62,3 @@ func PortPart(s string) (int, error) {
 	}
 	return portNumber, nil
 }
-
-// ToCIDR returns a host address of the form <ip-address>/32 for
-// IPv4 and <ip-address>/128 for IPv6
-func ToCIDR(ip net.IP) string {
-	len := 32
-	if ip.To4() == nil {
-		len = 128
-	}
-	return fmt.Sprintf("%s/%d", ip.String(), len)
-}

pkg/proxy/util/endpoints_test.go

@@ -18,8 +18,6 @@ package util
 
 import (
 	"testing"
-
-	netutils "k8s.io/utils/net"
 )
 
 func TestIPPart(t *testing.T) {
@@ -102,21 +100,3 @@ func TestPortPart(t *testing.T) {
 		})
 	}
 }
-
-func TestToCIDR(t *testing.T) {
-	testCases := []struct {
-		ip           string
-		expectedAddr string
-	}{
-		{"1.2.3.4", "1.2.3.4/32"},
-		{"2001:db8::1:1", "2001:db8::1:1/128"},
-	}
-
-	for _, tc := range testCases {
-		ip := netutils.ParseIPSloppy(tc.ip)
-		addr := ToCIDR(ip)
-		if addr != tc.expectedAddr {
-			t.Errorf("Unexpected host address for %s: Expected: %s, Got %s", tc.ip, tc.expectedAddr, addr)
-		}
-	}
-}