mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #88657 from chendotjs/validate-ipvs-timeout
validate configuration of kube-proxy IPVS tcp,tcpfin,udp timeout
This commit is contained in:
commit
01593144e6
@ -147,6 +147,7 @@ func validateKubeProxyIPVSConfiguration(config kubeproxyconfig.KubeProxyIPVSConf
|
|||||||
allErrs = append(allErrs, field.Invalid(fldPath.Child("SyncPeriod"), config.MinSyncPeriod, fmt.Sprintf("must be greater than or equal to %s", fldPath.Child("MinSyncPeriod").String())))
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("SyncPeriod"), config.MinSyncPeriod, fmt.Sprintf("must be greater than or equal to %s", fldPath.Child("MinSyncPeriod").String())))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
allErrs = append(allErrs, validateIPVSTimeout(config, fldPath)...)
|
||||||
allErrs = append(allErrs, validateIPVSSchedulerMethod(kubeproxyconfig.IPVSSchedulerMethod(config.Scheduler), fldPath.Child("Scheduler"))...)
|
allErrs = append(allErrs, validateIPVSSchedulerMethod(kubeproxyconfig.IPVSSchedulerMethod(config.Scheduler), fldPath.Child("Scheduler"))...)
|
||||||
allErrs = append(allErrs, validateIPVSExcludeCIDRs(config.ExcludeCIDRs, fldPath.Child("ExcludeCidrs"))...)
|
allErrs = append(allErrs, validateIPVSExcludeCIDRs(config.ExcludeCIDRs, fldPath.Child("ExcludeCidrs"))...)
|
||||||
|
|
||||||
@ -283,6 +284,24 @@ func validateKubeProxyNodePortAddress(nodePortAddresses []string, fldPath *field
|
|||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func validateIPVSTimeout(config kubeproxyconfig.KubeProxyIPVSConfiguration, fldPath *field.Path) field.ErrorList {
|
||||||
|
allErrs := field.ErrorList{}
|
||||||
|
|
||||||
|
if config.TCPTimeout.Duration < 0 {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("TCPTimeout"), config.TCPTimeout, "must be greater than or equal to 0"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.TCPFinTimeout.Duration < 0 {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("TCPFinTimeout"), config.TCPFinTimeout, "must be greater than or equal to 0"))
|
||||||
|
}
|
||||||
|
|
||||||
|
if config.UDPTimeout.Duration < 0 {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("UDPTimeout"), config.UDPTimeout, "must be greater than or equal to 0"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
|
||||||
func validateIPVSExcludeCIDRs(excludeCIDRs []string, fldPath *field.Path) field.ErrorList {
|
func validateIPVSExcludeCIDRs(excludeCIDRs []string, fldPath *field.Path) field.ErrorList {
|
||||||
allErrs := field.ErrorList{}
|
allErrs := field.ErrorList{}
|
||||||
|
|
||||||
|
@ -597,6 +597,53 @@ func TestValidateKubeProxyIPVSConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
expectErr: false,
|
expectErr: false,
|
||||||
},
|
},
|
||||||
|
// IPVS Timeout can be 0
|
||||||
|
{
|
||||||
|
config: kubeproxyconfig.KubeProxyIPVSConfiguration{
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPTimeout: metav1.Duration{Duration: 0 * time.Second},
|
||||||
|
TCPFinTimeout: metav1.Duration{Duration: 0 * time.Second},
|
||||||
|
UDPTimeout: metav1.Duration{Duration: 0 * time.Second},
|
||||||
|
},
|
||||||
|
expectErr: false,
|
||||||
|
},
|
||||||
|
// IPVS Timeout > 0
|
||||||
|
{
|
||||||
|
config: kubeproxyconfig.KubeProxyIPVSConfiguration{
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
TCPFinTimeout: metav1.Duration{Duration: 2 * time.Second},
|
||||||
|
UDPTimeout: metav1.Duration{Duration: 3 * time.Second},
|
||||||
|
},
|
||||||
|
expectErr: false,
|
||||||
|
},
|
||||||
|
// TCPTimeout Timeout < 0
|
||||||
|
{
|
||||||
|
config: kubeproxyconfig.KubeProxyIPVSConfiguration{
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPTimeout: metav1.Duration{Duration: -1 * time.Second},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
reason: "TCPTimeout must be greater than or equal to 0",
|
||||||
|
},
|
||||||
|
// TCPFinTimeout Timeout < 0
|
||||||
|
{
|
||||||
|
config: kubeproxyconfig.KubeProxyIPVSConfiguration{
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPFinTimeout: metav1.Duration{Duration: -1 * time.Second},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
reason: "TCPFinTimeout must be greater than or equal to 0",
|
||||||
|
},
|
||||||
|
// UDPTimeout Timeout < 0
|
||||||
|
{
|
||||||
|
config: kubeproxyconfig.KubeProxyIPVSConfiguration{
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
UDPTimeout: metav1.Duration{Duration: -1 * time.Second},
|
||||||
|
},
|
||||||
|
expectErr: true,
|
||||||
|
reason: "UDPTimeout must be greater than or equal to 0",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, test := range testCases {
|
for _, test := range testCases {
|
||||||
|
Loading…
Reference in New Issue
Block a user