From e2409a054b620e80e683d1b51c84015ce8e32ec7 Mon Sep 17 00:00:00 2001 From: Lars Ekman Date: Wed, 14 Nov 2018 12:27:59 +0100 Subject: [PATCH 1/3] Fixes NodePort in ipv6 with proxy-mode=ipvs. #68437 Use ipv6 addresses for NodePort with proxy-mode=ipvs in a ipv6-only cluster. --- pkg/proxy/ipvs/netlink_linux.go | 11 ++++++++--- pkg/proxy/ipvs/proxier.go | 6 +++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/pkg/proxy/ipvs/netlink_linux.go b/pkg/proxy/ipvs/netlink_linux.go index 0c671200f03..bb8e267712c 100644 --- a/pkg/proxy/ipvs/netlink_linux.go +++ b/pkg/proxy/ipvs/netlink_linux.go @@ -30,11 +30,12 @@ import ( type netlinkHandle struct { netlink.Handle + ipv6 bool } // NewNetLinkHandle will crate a new NetLinkHandle -func NewNetLinkHandle() NetLinkHandle { - return &netlinkHandle{netlink.Handle{}} +func NewNetLinkHandle(ipv6 bool) NetLinkHandle { + return &netlinkHandle{netlink.Handle{}, ipv6} } // EnsureAddressBind checks if address is bound to the interface and, if not, binds it. If the address is already bound, return true. @@ -181,7 +182,11 @@ func (h *netlinkHandle) GetLocalAddresses(dev, filterDev string) (sets.String, e if route.LinkIndex == filterLinkIndex { continue } - if route.Src != nil { + if h.ipv6 { + if route.Dst.IP.To4() == nil && ! route.Dst.IP.IsLinkLocalUnicast() { + res.Insert(route.Dst.IP.String()) + } + } else if route.Src != nil { res.Insert(route.Src.String()) } } diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index a391a22d116..28c745cbbe5 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -382,14 +382,14 @@ func NewProxier(ipt utiliptables.Interface, healthzServer: healthzServer, ipvs: ipvs, ipvsScheduler: scheduler, - ipGetter: &realIPGetter{nl: NewNetLinkHandle()}, + ipGetter: &realIPGetter{nl: NewNetLinkHandle(nodeIP.To4() == nil)}, iptablesData: bytes.NewBuffer(nil), filterChainsData: bytes.NewBuffer(nil), natChains: bytes.NewBuffer(nil), natRules: bytes.NewBuffer(nil), filterChains: bytes.NewBuffer(nil), filterRules: bytes.NewBuffer(nil), - netlinkHandle: NewNetLinkHandle(), + netlinkHandle: NewNetLinkHandle(nodeIP.To4() == nil), ipset: ipset, nodePortAddresses: nodePortAddresses, networkInterfacer: utilproxy.RealNetwork{}, @@ -576,7 +576,7 @@ func CleanupLeftovers(ipvs utilipvs.Interface, ipt utiliptables.Interface, ipset } } // Delete dummy interface created by ipvs Proxier. - nl := NewNetLinkHandle() + nl := NewNetLinkHandle(false) err := nl.DeleteDummyDevice(DefaultDummyDevice) if err != nil { klog.Errorf("Error deleting dummy device %s created by IPVS proxier: %v", DefaultDummyDevice, err) From 1be71b8a996001b600427075316b972b7c643db4 Mon Sep 17 00:00:00 2001 From: Lars Ekman Date: Mon, 19 Nov 2018 10:02:48 +0100 Subject: [PATCH 2/3] Add the extra parameter for non-linux code --- pkg/proxy/ipvs/netlink_unsupported.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/proxy/ipvs/netlink_unsupported.go b/pkg/proxy/ipvs/netlink_unsupported.go index a83081f1fdb..1c709cd2b60 100644 --- a/pkg/proxy/ipvs/netlink_unsupported.go +++ b/pkg/proxy/ipvs/netlink_unsupported.go @@ -28,7 +28,7 @@ type emptyHandle struct { } // NewNetLinkHandle will create an EmptyHandle -func NewNetLinkHandle() NetLinkHandle { +func NewNetLinkHandle(ipv6 bool) NetLinkHandle { return &emptyHandle{} } From 2e5a985e479566b694b2c62f166a8e80e225555b Mon Sep 17 00:00:00 2001 From: Lars Ekman Date: Mon, 19 Nov 2018 11:44:17 +0100 Subject: [PATCH 3/3] Updates after review --- pkg/proxy/ipvs/netlink_linux.go | 10 +++++----- pkg/proxy/ipvs/proxier.go | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/proxy/ipvs/netlink_linux.go b/pkg/proxy/ipvs/netlink_linux.go index bb8e267712c..c917c9429c0 100644 --- a/pkg/proxy/ipvs/netlink_linux.go +++ b/pkg/proxy/ipvs/netlink_linux.go @@ -30,12 +30,12 @@ import ( type netlinkHandle struct { netlink.Handle - ipv6 bool + isIPv6 bool } // NewNetLinkHandle will crate a new NetLinkHandle -func NewNetLinkHandle(ipv6 bool) NetLinkHandle { - return &netlinkHandle{netlink.Handle{}, ipv6} +func NewNetLinkHandle(isIPv6 bool) NetLinkHandle { + return &netlinkHandle{netlink.Handle{}, isIPv6} } // EnsureAddressBind checks if address is bound to the interface and, if not, binds it. If the address is already bound, return true. @@ -182,8 +182,8 @@ func (h *netlinkHandle) GetLocalAddresses(dev, filterDev string) (sets.String, e if route.LinkIndex == filterLinkIndex { continue } - if h.ipv6 { - if route.Dst.IP.To4() == nil && ! route.Dst.IP.IsLinkLocalUnicast() { + if h.isIPv6 { + if route.Dst.IP.To4() == nil && !route.Dst.IP.IsLinkLocalUnicast() { res.Insert(route.Dst.IP.String()) } } else if route.Src != nil { diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 28c745cbbe5..75e9a2c30da 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -382,14 +382,14 @@ func NewProxier(ipt utiliptables.Interface, healthzServer: healthzServer, ipvs: ipvs, ipvsScheduler: scheduler, - ipGetter: &realIPGetter{nl: NewNetLinkHandle(nodeIP.To4() == nil)}, + ipGetter: &realIPGetter{nl: NewNetLinkHandle(isIPv6)}, iptablesData: bytes.NewBuffer(nil), filterChainsData: bytes.NewBuffer(nil), natChains: bytes.NewBuffer(nil), natRules: bytes.NewBuffer(nil), filterChains: bytes.NewBuffer(nil), filterRules: bytes.NewBuffer(nil), - netlinkHandle: NewNetLinkHandle(nodeIP.To4() == nil), + netlinkHandle: NewNetLinkHandle(isIPv6), ipset: ipset, nodePortAddresses: nodePortAddresses, networkInterfacer: utilproxy.RealNetwork{},