github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Explicitly pass IP family to proxier

Browse Source 
Rather than re-determining it from the iptables object in both proxies.
This commit is contained in:
Dan Winship 2022-12-22 14:38:38 -05:00
parent fb84c4f0f0
commit e7ed7220eb
4 changed files with 17 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/kube-proxy/app/server_others.go
View File

@ -145,8 +145,10 @@ func newProxyServer(
klog.V(2).InfoS("DetectLocalMode", "LocalMode", string(detectLocalMode)) klog.V(2).InfoS("DetectLocalMode", "LocalMode", string(detectLocalMode))
primaryFamily := v1.IPv4Protocol
primaryProtocol := utiliptables.ProtocolIPv4 primaryProtocol := utiliptables.ProtocolIPv4
if netutils.IsIPv6(nodeIP) { if netutils.IsIPv6(nodeIP) {
primaryFamily = v1.IPv6Protocol
primaryProtocol = utiliptables.ProtocolIPv6 primaryProtocol = utiliptables.ProtocolIPv6
} }
execer := exec.New() execer := exec.New()
@ -216,6 +218,7 @@ func newProxyServer(
// TODO this has side effects that should only happen when Run() is invoked. // TODO this has side effects that should only happen when Run() is invoked.
proxier, err = iptables.NewProxier( proxier, err = iptables.NewProxier(
primaryFamily,
iptInterface, iptInterface,
utilsysctl.New(), utilsysctl.New(),
execer, execer,
@ -290,6 +293,7 @@ func newProxyServer(
} }
proxier, err = ipvs.NewProxier( proxier, err = ipvs.NewProxier(
primaryFamily,
iptInterface, iptInterface,
ipvsInterface, ipvsInterface,
ipsetInterface, ipsetInterface,

5
pkg/kubemark/hollow_proxy.go
View File

@ -85,9 +85,14 @@ func NewHollowProxyOrDie(
klog.InfoS("can't determine this node's IP, assuming 127.0.0.1") klog.InfoS("can't determine this node's IP, assuming 127.0.0.1")
nodeIP = netutils.ParseIPSloppy("127.0.0.1") nodeIP = netutils.ParseIPSloppy("127.0.0.1")
} }
family := v1.IPv4Protocol
if iptInterface.IsIPv6() {
family = v1.IPv6Protocol
}
// Real proxier with fake iptables, sysctl, etc underneath it. // Real proxier with fake iptables, sysctl, etc underneath it.
//var err error //var err error
proxier, err = iptables.NewProxier( proxier, err = iptables.NewProxier(
family,
iptInterface, iptInterface,
sysctl, sysctl,
execer, execer,

12
pkg/proxy/iptables/proxier.go
View File

@ -221,7 +221,8 @@ var _ proxy.Provider = &Proxier{}
// An error will be returned if iptables fails to update or acquire the initial lock. // An error will be returned if iptables fails to update or acquire the initial lock.
// Once a proxier is created, it will keep iptables up to date in the background and // Once a proxier is created, it will keep iptables up to date in the background and
// will not terminate if a particular iptables call fails. // will not terminate if a particular iptables call fails.
func NewProxier(ipt utiliptables.Interface, func NewProxier(ipFamily v1.IPFamily,
ipt utiliptables.Interface,
sysctl utilsysctl.Interface, sysctl utilsysctl.Interface,
exec utilexec.Interface, exec utilexec.Interface,
syncPeriod time.Duration, syncPeriod time.Duration,
@ -259,11 +260,6 @@ func NewProxier(ipt utiliptables.Interface,
serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses) serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses)
ipFamily := v1.IPv4Protocol
if ipt.IsIPv6() {
ipFamily = v1.IPv6Protocol
}
ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses) ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses)
nodePortAddresses = ipFamilyMap[ipFamily] nodePortAddresses = ipFamilyMap[ipFamily]
// Log the IPs not matching the ipFamily // Log the IPs not matching the ipFamily
@ -337,14 +333,14 @@ func NewDualStackProxier(
) (proxy.Provider, error) { ) (proxy.Provider, error) {
// Create an ipv4 instance of the single-stack proxier // Create an ipv4 instance of the single-stack proxier
ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses) ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses)
ipv4Proxier, err := NewProxier(ipt[0], sysctl, ipv4Proxier, err := NewProxier(v1.IPv4Protocol, ipt[0], sysctl,
exec, syncPeriod, minSyncPeriod, masqueradeAll, localhostNodePorts, masqueradeBit, localDetectors[0], hostname, exec, syncPeriod, minSyncPeriod, masqueradeAll, localhostNodePorts, masqueradeBit, localDetectors[0], hostname,
nodeIP[0], recorder, healthzServer, ipFamilyMap[v1.IPv4Protocol]) nodeIP[0], recorder, healthzServer, ipFamilyMap[v1.IPv4Protocol])
if err != nil { if err != nil {
return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err) return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
} }
ipv6Proxier, err := NewProxier(ipt[1], sysctl, ipv6Proxier, err := NewProxier(v1.IPv6Protocol, ipt[1], sysctl,
exec, syncPeriod, minSyncPeriod, masqueradeAll, false, masqueradeBit, localDetectors[1], hostname, exec, syncPeriod, minSyncPeriod, masqueradeAll, false, masqueradeBit, localDetectors[1], hostname,
nodeIP[1], recorder, healthzServer, ipFamilyMap[v1.IPv6Protocol]) nodeIP[1], recorder, healthzServer, ipFamilyMap[v1.IPv6Protocol])
if err != nil { if err != nil {

12
pkg/proxy/ipvs/proxier.go
View File

@ -354,7 +354,8 @@ var _ proxy.Provider = &Proxier{}
// An error will be returned if it fails to update or acquire the initial lock. // An error will be returned if it fails to update or acquire the initial lock.
// Once a proxier is created, it will keep iptables and ipvs rules up to date in the background and // Once a proxier is created, it will keep iptables and ipvs rules up to date in the background and
// will not terminate if a particular iptables or ipvs call fails. // will not terminate if a particular iptables or ipvs call fails.
func NewProxier(ipt utiliptables.Interface, func NewProxier(ipFamily v1.IPFamily,
ipt utiliptables.Interface,
ipvs utilipvs.Interface, ipvs utilipvs.Interface,
ipset utilipset.Interface, ipset utilipset.Interface,
sysctl utilsysctl.Interface, sysctl utilsysctl.Interface,
@ -449,11 +450,6 @@ func NewProxier(ipt utiliptables.Interface,
masqueradeValue := 1 << uint(masqueradeBit) masqueradeValue := 1 << uint(masqueradeBit)
masqueradeMark := fmt.Sprintf("%#08x", masqueradeValue) masqueradeMark := fmt.Sprintf("%#08x", masqueradeValue)
ipFamily := v1.IPv4Protocol
if ipt.IsIPv6() {
ipFamily = v1.IPv6Protocol
}
klog.V(2).InfoS("Record nodeIP and family", "nodeIP", nodeIP, "family", ipFamily) klog.V(2).InfoS("Record nodeIP and family", "nodeIP", nodeIP, "family", ipFamily)
if len(scheduler) == 0 { if len(scheduler) == 0 {
@ -551,7 +547,7 @@ func NewDualStackProxier(
ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses) ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses)
// Create an ipv4 instance of the single-stack proxier // Create an ipv4 instance of the single-stack proxier
ipv4Proxier, err := NewProxier(ipt[0], ipvs, safeIpset, sysctl, ipv4Proxier, err := NewProxier(v1.IPv4Protocol, ipt[0], ipvs, safeIpset, sysctl,
exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP, exec, syncPeriod, minSyncPeriod, filterCIDRs(false, excludeCIDRs), strictARP,
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit, tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
localDetectors[0], hostname, nodeIP[0], localDetectors[0], hostname, nodeIP[0],
@ -560,7 +556,7 @@ func NewDualStackProxier(
return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err) return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err)
} }
ipv6Proxier, err := NewProxier(ipt[1], ipvs, safeIpset, sysctl, ipv6Proxier, err := NewProxier(v1.IPv6Protocol, ipt[1], ipvs, safeIpset, sysctl,
exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP, exec, syncPeriod, minSyncPeriod, filterCIDRs(true, excludeCIDRs), strictARP,
tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit, tcpTimeout, tcpFinTimeout, udpTimeout, masqueradeAll, masqueradeBit,
localDetectors[1], hostname, nodeIP[1], localDetectors[1], hostname, nodeIP[1],