Fix access to Kubernetes Service from inside Windows Pod when two services have same NodeIp as backend (Overlay)
This commit is contained in:
@@ -278,6 +278,24 @@ func newServiceInfo(svcPortName proxy.ServicePortName, port *v1.ServicePort, ser
|
|||||||
return info
|
return info
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (network hnsNetworkInfo) findRemoteSubnetProviderAddress(ip string) string {
|
||||||
|
var providerAddress string
|
||||||
|
for _, rs := range network.remoteSubnets {
|
||||||
|
_, ipNet, err := net.ParseCIDR(rs.destinationPrefix)
|
||||||
|
if err != nil {
|
||||||
|
klog.Fatalf("%v", err)
|
||||||
|
}
|
||||||
|
if ipNet.Contains(net.ParseIP(ip)) {
|
||||||
|
providerAddress = rs.providerAddress
|
||||||
|
}
|
||||||
|
if ip == rs.providerAddress {
|
||||||
|
providerAddress = rs.providerAddress
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return providerAddress
|
||||||
|
}
|
||||||
|
|
||||||
type endpointsChange struct {
|
type endpointsChange struct {
|
||||||
previous proxyEndpointsMap
|
previous proxyEndpointsMap
|
||||||
current proxyEndpointsMap
|
current proxyEndpointsMap
|
||||||
@@ -1153,24 +1171,12 @@ func (proxier *Proxier) syncProxyRules() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
proxier.network = *updatedNetwork
|
proxier.network = *updatedNetwork
|
||||||
var providerAddress string
|
|
||||||
for _, rs := range proxier.network.remoteSubnets {
|
providerAddress := proxier.network.findRemoteSubnetProviderAddress(ep.ip)
|
||||||
_, ipNet, err := net.ParseCIDR(rs.destinationPrefix)
|
|
||||||
if err != nil {
|
|
||||||
klog.Fatalf("%v", err)
|
|
||||||
}
|
|
||||||
if ipNet.Contains(net.ParseIP(ep.ip)) {
|
|
||||||
providerAddress = rs.providerAddress
|
|
||||||
}
|
|
||||||
if ep.ip == rs.providerAddress {
|
|
||||||
providerAddress = rs.providerAddress
|
|
||||||
containsNodeIP = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if len(providerAddress) == 0 {
|
if len(providerAddress) == 0 {
|
||||||
klog.Infof("Could not find provider address for %s. Assuming it is a public IP", ep.ip)
|
klog.Infof("Could not find provider address for %s. Assuming it is a public IP", ep.ip)
|
||||||
providerAddress = proxier.nodeIP.String()
|
providerAddress = proxier.nodeIP.String()
|
||||||
containsPublicIP = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
hnsEndpoint := &endpointsInfo{
|
hnsEndpoint := &endpointsInfo{
|
||||||
@@ -1200,6 +1206,17 @@ func (proxier *Proxier) syncProxyRules() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if proxier.network.networkType == "Overlay" {
|
||||||
|
providerAddress := proxier.network.findRemoteSubnetProviderAddress(ep.ip)
|
||||||
|
|
||||||
|
isNodeIP := (ep.ip == providerAddress)
|
||||||
|
isPublicIP := (len(providerAddress) == 0)
|
||||||
|
klog.Infof("Endpoint %s on overlay network %s is classified as NodeIp: %v, Public Ip: %v", ep.ip, hnsNetworkName, isNodeIP, isPublicIP)
|
||||||
|
|
||||||
|
containsNodeIP = containsNodeIP || isNodeIP
|
||||||
|
containsPublicIP = containsPublicIP || isPublicIP
|
||||||
|
}
|
||||||
|
|
||||||
// Save the hnsId for reference
|
// Save the hnsId for reference
|
||||||
LogJson(newHnsEndpoint, "Hns Endpoint resource", 1)
|
LogJson(newHnsEndpoint, "Hns Endpoint resource", 1)
|
||||||
hnsEndpoints = append(hnsEndpoints, *newHnsEndpoint)
|
hnsEndpoints = append(hnsEndpoints, *newHnsEndpoint)
|
||||||
|
@@ -321,6 +321,27 @@ func TestNoopEndpointSlice(t *testing.T) {
|
|||||||
p.OnEndpointSlicesSynced()
|
p.OnEndpointSlicesSynced()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestFindRemoteSubnetProviderAddress(t *testing.T) {
|
||||||
|
networkInfo, _ := newFakeHNS().getNetworkByName("TestNetwork")
|
||||||
|
pa := networkInfo.findRemoteSubnetProviderAddress(providerAddress)
|
||||||
|
|
||||||
|
if pa != providerAddress {
|
||||||
|
t.Errorf("%v does not match %v", pa, providerAddress)
|
||||||
|
}
|
||||||
|
|
||||||
|
pa = networkInfo.findRemoteSubnetProviderAddress(epIpAddressRemote)
|
||||||
|
|
||||||
|
if pa != providerAddress {
|
||||||
|
t.Errorf("%v does not match %v", pa, providerAddress)
|
||||||
|
}
|
||||||
|
|
||||||
|
pa = networkInfo.findRemoteSubnetProviderAddress(serviceVip)
|
||||||
|
|
||||||
|
if len(pa) != 0 {
|
||||||
|
t.Errorf("Provider address is not empty as expected")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func makeNSN(namespace, name string) types.NamespacedName {
|
func makeNSN(namespace, name string) types.NamespacedName {
|
||||||
return types.NamespacedName{Namespace: namespace, Name: name}
|
return types.NamespacedName{Namespace: namespace, Name: name}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user