Merge pull request #76779 from tedyu/stored-cidr

Store parsed CIDRs at initialization of Proxier
This commit is contained in:
Kubernetes Prow Robot
2019-04-24 23:04:45 -07:00
committed by GitHub
2 changed files with 21 additions and 10 deletions

View File

@@ -194,7 +194,7 @@ type Proxier struct {
syncPeriod time.Duration syncPeriod time.Duration
minSyncPeriod time.Duration minSyncPeriod time.Duration
// Values are CIDR's to exclude when cleaning up IPVS rules. // Values are CIDR's to exclude when cleaning up IPVS rules.
excludeCIDRs []string excludeCIDRs []*net.IPNet
// Set to true to set sysctls arp_ignore and arp_announce // Set to true to set sysctls arp_ignore and arp_announce
strictARP bool strictARP bool
iptables utiliptables.Interface iptables utiliptables.Interface
@@ -274,6 +274,19 @@ func (r *realIPGetter) NodeIPs() (ips []net.IP, err error) {
// Proxier implements ProxyProvider // Proxier implements ProxyProvider
var _ proxy.ProxyProvider = &Proxier{} var _ proxy.ProxyProvider = &Proxier{}
// ParseExcludedCIDRs parses the input strings and returns net.IPNet
// The validation has been done earlier so the error condition will never happen under normal conditions
func ParseExcludedCIDRs(excludeCIDRStrs []string) []*net.IPNet {
var cidrExclusions []*net.IPNet
for _, excludedCIDR := range excludeCIDRStrs {
_, n, err := net.ParseCIDR(excludedCIDR)
if err == nil {
cidrExclusions = append(cidrExclusions, n)
}
}
return cidrExclusions
}
// NewProxier returns a new Proxier given an iptables and ipvs Interface instance. // NewProxier returns a new Proxier given an iptables and ipvs Interface instance.
// Because of the iptables and ipvs logic, it is assumed that there is only a single Proxier active on a machine. // Because of the iptables and ipvs logic, it is assumed that there is only a single Proxier active on a machine.
// An error will be returned if it fails to update or acquire the initial lock. // An error will be returned if it fails to update or acquire the initial lock.
@@ -286,7 +299,7 @@ func NewProxier(ipt utiliptables.Interface,
exec utilexec.Interface, exec utilexec.Interface,
syncPeriod time.Duration, syncPeriod time.Duration,
minSyncPeriod time.Duration, minSyncPeriod time.Duration,
excludeCIDRs []string, excludeCIDRStrs []string,
strictARP bool, strictARP bool,
masqueradeAll bool, masqueradeAll bool,
masqueradeBit int, masqueradeBit int,
@@ -397,7 +410,7 @@ func NewProxier(ipt utiliptables.Interface,
endpointsChanges: proxy.NewEndpointChangeTracker(hostname, nil, &isIPv6, recorder), endpointsChanges: proxy.NewEndpointChangeTracker(hostname, nil, &isIPv6, recorder),
syncPeriod: syncPeriod, syncPeriod: syncPeriod,
minSyncPeriod: minSyncPeriod, minSyncPeriod: minSyncPeriod,
excludeCIDRs: excludeCIDRs, excludeCIDRs: ParseExcludedCIDRs(excludeCIDRStrs),
iptables: ipt, iptables: ipt,
masqueradeAll: masqueradeAll, masqueradeAll: masqueradeAll,
masqueradeMark: masqueradeMark, masqueradeMark: masqueradeMark,
@@ -1715,9 +1728,7 @@ func (proxier *Proxier) cleanLegacyService(activeServices map[string]bool, curre
func (proxier *Proxier) isIPInExcludeCIDRs(ip net.IP) bool { func (proxier *Proxier) isIPInExcludeCIDRs(ip net.IP) bool {
// make sure it does not fall within an excluded CIDR range. // make sure it does not fall within an excluded CIDR range.
for _, excludedCIDR := range proxier.excludeCIDRs { for _, excludedCIDR := range proxier.excludeCIDRs {
// Any validation of this CIDR already should have occurred. if excludedCIDR.Contains(ip) {
_, n, _ := net.ParseCIDR(excludedCIDR)
if n.Contains(ip) {
return true return true
} }
} }

View File

@@ -125,7 +125,7 @@ func (fakeSysctl *FakeSysctl) SetSysctl(sysctl string, newVal int) error {
return nil return nil
} }
func NewFakeProxier(ipt utiliptables.Interface, ipvs utilipvs.Interface, ipset utilipset.Interface, nodeIPs []net.IP, excludeCIDRs []string) *Proxier { func NewFakeProxier(ipt utiliptables.Interface, ipvs utilipvs.Interface, ipset utilipset.Interface, nodeIPs []net.IP, excludeCIDRs []*net.IPNet) *Proxier {
fcmd := fakeexec.FakeCmd{ fcmd := fakeexec.FakeCmd{
CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{ CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{
func() ([]byte, error) { return []byte("dummy device have been created"), nil }, func() ([]byte, error) { return []byte("dummy device have been created"), nil },
@@ -2823,7 +2823,7 @@ func TestCleanLegacyService(t *testing.T) {
ipt := iptablestest.NewFake() ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake() ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion) ipset := ipsettest.NewFake(testIPSetVersion)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, []string{"3.3.3.0/24", "4.4.4.0/24"}) fp := NewFakeProxier(ipt, ipvs, ipset, nil, ParseExcludedCIDRs([]string{"3.3.3.0/24", "4.4.4.0/24"}))
// All ipvs services that were processed in the latest sync loop. // All ipvs services that were processed in the latest sync loop.
activeServices := map[string]bool{"ipvs0": true, "ipvs1": true} activeServices := map[string]bool{"ipvs0": true, "ipvs1": true}
@@ -2930,7 +2930,7 @@ func TestCleanLegacyRealServersExcludeCIDRs(t *testing.T) {
ipvs := ipvstest.NewFake() ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion) ipset := ipsettest.NewFake(testIPSetVersion)
gtm := NewGracefulTerminationManager(ipvs) gtm := NewGracefulTerminationManager(ipvs)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, []string{"4.4.4.4/32"}) fp := NewFakeProxier(ipt, ipvs, ipset, nil, ParseExcludedCIDRs([]string{"4.4.4.4/32"}))
fp.gracefuldeleteManager = gtm fp.gracefuldeleteManager = gtm
vs := &utilipvs.VirtualServer{ vs := &utilipvs.VirtualServer{
@@ -2984,7 +2984,7 @@ func TestCleanLegacyService6(t *testing.T) {
ipt := iptablestest.NewFake() ipt := iptablestest.NewFake()
ipvs := ipvstest.NewFake() ipvs := ipvstest.NewFake()
ipset := ipsettest.NewFake(testIPSetVersion) ipset := ipsettest.NewFake(testIPSetVersion)
fp := NewFakeProxier(ipt, ipvs, ipset, nil, []string{"3000::/64", "4000::/64"}) fp := NewFakeProxier(ipt, ipvs, ipset, nil, ParseExcludedCIDRs([]string{"3000::/64", "4000::/64"}))
fp.nodeIP = net.ParseIP("::1") fp.nodeIP = net.ParseIP("::1")
// All ipvs services that were processed in the latest sync loop. // All ipvs services that were processed in the latest sync loop.