Currently, there are some unit tests that are failing on Windows due
to various reasons:
- IPVS proxy mode is not supported on Windows.
- pkg/kubelet/cri/remote was moved to cri-client.
Given that we are no longer modifying any of the EndpointSlice data,
we can just work with pointers to the actual EndpointSlice objects.
(The informer cache is already holding on to them, so they'll be
taking up memory whether or not the EndpointSliceCache points to
them.)
EndpointSliceCache cached EndpointSlices into endpointSliceData
objects, in part so it could sort the ports and addresses, so that if
those fields got reordered without otherwise changing, it would not
trigger an OnEndpointSliceUpdate().
However, the EndpointSlice controller and mirroring controller always
output the ports in the same order, and they never reorder the
addresses of an existing slice unless the set of addresses actually
changed. So in the normal case, sorting the data adds more work than
it saves.
* LocalTrafficDetector construction and test improvements
* Reorder getLocalDetector unit test fields so "input" args come before "output" args
* Don't pass DetectLocalMode as a separate arg to getLocalDetector
It's already part of `config`
* Clarify test names in preparation for merging
* Merge single-stack/dual-stack LocalTrafficDetector construction
Also, only warn if the *primary* IP family is not correctly configured
(since we don't actually know if the cluster is really dual-stack or
not), and pass the pair of detectors to the proxiers as a map rather
than an array.
* Remove the rest of Test_getDualStackLocalDetectorTuple
Track packets dropped by proxy which were marked invalid by conntrack
using nfacct netfilter extended accounting infrastructure.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
nfacct is netfilter's accounting subsystem. This utility allows
interactions with the subsystem using lower level netlink API.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
The constructors only return an error if you pass them invalid data,
but we only ever pass them data which has already been validated,
making the error checking just annoying. Just make them return garbage
output if you give them garbage input.
Windows proxy metric registration was in a separate file, which had
led to some metrics (eg the new ProxyHealthzTotal and ProxyLivezTotal)
not being registered for Windows even though they were implemented by
platform-generic code.
(A few other metrics were neither registered on, nor implemented on
Windows, and that's probably a bug.)
Also, beyond linux-vs-windows, make it clearer which metrics are
specific to individual backends.
All of the LocalTrafficDetector implementations were essentially
identical after construction time, so just reduce them to a single
implementation with multiple constructors.
Also, improve the comments.
Refactor the TestValidateKubeProxyConfiguration by adding a mutating
function that adjusts the configuration according to each test case,
thereby enhancing readability.
Signed-off-by: Daman Arora <aroradaman@gmail.com>
This reverts commit 8bccf4873b, except
for the nftables unit test changes, since we still want the "new"
results (not to mention the bugfixes), just for a different reason
now.
The behavior when you specify no --nodeport-addresses value in a
dual-stack cluster is terrible and we can't fix it, for
backward-compatibility reasons. Actually, the behavior when you
specify no --nodeport-addresses value in a single-stack cluster isn't
exactly awesome either...
Allow specifying `--nodeport-addresses primary` to get the
previously-nftables-backend-specific behavior of listening on only the
node's primary IP or IPs.
Add packet tracing unit tests for ipv4 and ipv6.
Remove unreachable code from runChain, since some of the parsed rules
are never generated by the proxy implementation.
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
