diff --git a/pkg/proxy/apis/config/validation/validation.go b/pkg/proxy/apis/config/validation/validation.go index 63557542a8b..019ba44bc5b 100644 --- a/pkg/proxy/apis/config/validation/validation.go +++ b/pkg/proxy/apis/config/validation/validation.go @@ -147,6 +147,7 @@ func validateKubeProxyIPVSConfiguration(config kubeproxyconfig.KubeProxyIPVSConf allErrs = append(allErrs, field.Invalid(fldPath.Child("SyncPeriod"), config.MinSyncPeriod, fmt.Sprintf("must be greater than or equal to %s", fldPath.Child("MinSyncPeriod").String()))) } + allErrs = append(allErrs, validateIPVSTimeout(config, fldPath)...) allErrs = append(allErrs, validateIPVSSchedulerMethod(kubeproxyconfig.IPVSSchedulerMethod(config.Scheduler), fldPath.Child("Scheduler"))...) allErrs = append(allErrs, validateIPVSExcludeCIDRs(config.ExcludeCIDRs, fldPath.Child("ExcludeCidrs"))...) @@ -283,6 +284,24 @@ func validateKubeProxyNodePortAddress(nodePortAddresses []string, fldPath *field return allErrs } +func validateIPVSTimeout(config kubeproxyconfig.KubeProxyIPVSConfiguration, fldPath *field.Path) field.ErrorList { + allErrs := field.ErrorList{} + + if config.TCPTimeout.Duration < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("TCPTimeout"), config.TCPTimeout, "must be greater than or equal to 0")) + } + + if config.TCPFinTimeout.Duration < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("TCPFinTimeout"), config.TCPFinTimeout, "must be greater than or equal to 0")) + } + + if config.UDPTimeout.Duration < 0 { + allErrs = append(allErrs, field.Invalid(fldPath.Child("UDPTimeout"), config.UDPTimeout, "must be greater than or equal to 0")) + } + + return allErrs +} + func validateIPVSExcludeCIDRs(excludeCIDRs []string, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} diff --git a/pkg/proxy/apis/config/validation/validation_test.go b/pkg/proxy/apis/config/validation/validation_test.go index 4ff23262847..35bf9d77e0b 100644 --- a/pkg/proxy/apis/config/validation/validation_test.go +++ b/pkg/proxy/apis/config/validation/validation_test.go @@ -597,6 +597,53 @@ func TestValidateKubeProxyIPVSConfiguration(t *testing.T) { }, expectErr: false, }, + // IPVS Timeout can be 0 + { + config: kubeproxyconfig.KubeProxyIPVSConfiguration{ + SyncPeriod: metav1.Duration{Duration: 5 * time.Second}, + TCPTimeout: metav1.Duration{Duration: 0 * time.Second}, + TCPFinTimeout: metav1.Duration{Duration: 0 * time.Second}, + UDPTimeout: metav1.Duration{Duration: 0 * time.Second}, + }, + expectErr: false, + }, + // IPVS Timeout > 0 + { + config: kubeproxyconfig.KubeProxyIPVSConfiguration{ + SyncPeriod: metav1.Duration{Duration: 5 * time.Second}, + TCPTimeout: metav1.Duration{Duration: 1 * time.Second}, + TCPFinTimeout: metav1.Duration{Duration: 2 * time.Second}, + UDPTimeout: metav1.Duration{Duration: 3 * time.Second}, + }, + expectErr: false, + }, + // TCPTimeout Timeout < 0 + { + config: kubeproxyconfig.KubeProxyIPVSConfiguration{ + SyncPeriod: metav1.Duration{Duration: 5 * time.Second}, + TCPTimeout: metav1.Duration{Duration: -1 * time.Second}, + }, + expectErr: true, + reason: "TCPTimeout must be greater than or equal to 0", + }, + // TCPFinTimeout Timeout < 0 + { + config: kubeproxyconfig.KubeProxyIPVSConfiguration{ + SyncPeriod: metav1.Duration{Duration: 5 * time.Second}, + TCPFinTimeout: metav1.Duration{Duration: -1 * time.Second}, + }, + expectErr: true, + reason: "TCPFinTimeout must be greater than or equal to 0", + }, + // UDPTimeout Timeout < 0 + { + config: kubeproxyconfig.KubeProxyIPVSConfiguration{ + SyncPeriod: metav1.Duration{Duration: 5 * time.Second}, + UDPTimeout: metav1.Duration{Duration: -1 * time.Second}, + }, + expectErr: true, + reason: "UDPTimeout must be greater than or equal to 0", + }, } for _, test := range testCases {