From 1965157b49e343301135fd2987234ef5a519bc9f Mon Sep 17 00:00:00 2001
From: lichunlong <licl@primeton.com>
Date: Wed, 31 May 2017 13:35:55 +0800
Subject: [PATCH 1/4] fix#46039: iptables proxier need use '--bind-address' if
 set

---
 cmd/kube-proxy/app/server.go | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go
index 4549d07cdf2..cad9bcefa2c 100644
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@@ -399,6 +399,20 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
 	proxyMode := getProxyMode(string(config.Mode), iptInterface, iptables.LinuxKernelCompatTester{})
 	if proxyMode == proxyModeIPTables {
 		glog.V(0).Info("Using iptables Proxier.")
+		var nodeIP net.IP
+		if config.BindAddress == "0.0.0.0" || config.BindAddress == "" {
+			nodeIP = getNodeIP(client, hostname)
+		} else {
+			nodeIP = net.ParseIP(config.BindAddress)
+			if nodeIP == nil {
+				return nil, fmt.Errorf("bind-address %s must be valid ip", config.BindAddress)
+			}
+			if local, err := isLocalIP(nodeIP.String()); err != nil {
+				return nil, fmt.Errorf("can't determine if IP is local, assuming not: %v", err)
+			} else if !local {
+				return nil, fmt.Errorf("bind-address %s must be local ip", config.BindAddress)
+			}
+		}
 		if config.IPTables.MasqueradeBit == nil {
 			// MasqueradeBit must be specified or defaulted.
 			return nil, fmt.Errorf("unable to read IPTables MasqueradeBit from config")
@@ -415,7 +429,7 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
 			int(*config.IPTables.MasqueradeBit),
 			config.ClusterCIDR,
 			hostname,
-			getNodeIP(client, hostname),
+			nodeIP,
 			recorder,
 			healthzServer,
 		)
@@ -699,3 +713,20 @@ func getNodeIP(client clientset.Interface, hostname string) net.IP {
 	}
 	return nodeIP
 }
+
+func isLocalIP(ip string) (bool, error) {
+	addrs, err := net.InterfaceAddrs()
+	if err != nil {
+		return false, err
+	}
+	for i := range addrs {
+		intf, _, err := net.ParseCIDR(addrs[i].String())
+		if err != nil {
+			return false, err
+		}
+		if net.ParseIP(ip).Equal(intf) {
+			return true, nil
+		}
+	}
+	return false, nil
+}

From 58d0596c23fa2c04c2c99092b383394a05f011d7 Mon Sep 17 00:00:00 2001
From: lichunlong <licl@primeton.com>
Date: Wed, 31 May 2017 21:48:53 +0800
Subject: [PATCH 2/4] fix review

---
 cmd/kube-proxy/app/server.go | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go
index cad9bcefa2c..bcef3ab4f0e 100644
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@@ -399,19 +399,10 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
 	proxyMode := getProxyMode(string(config.Mode), iptInterface, iptables.LinuxKernelCompatTester{})
 	if proxyMode == proxyModeIPTables {
 		glog.V(0).Info("Using iptables Proxier.")
-		var nodeIP net.IP
-		if config.BindAddress == "0.0.0.0" || config.BindAddress == "" {
+		nodeIP := net.ParseIP(config.BindAddress)
+		if local, _ := isLocalIP(nodeIP); !local {
+			glog.V(2).Infof("bind-address %s must be local ip", config.BindAddress)
 			nodeIP = getNodeIP(client, hostname)
-		} else {
-			nodeIP = net.ParseIP(config.BindAddress)
-			if nodeIP == nil {
-				return nil, fmt.Errorf("bind-address %s must be valid ip", config.BindAddress)
-			}
-			if local, err := isLocalIP(nodeIP.String()); err != nil {
-				return nil, fmt.Errorf("can't determine if IP is local, assuming not: %v", err)
-			} else if !local {
-				return nil, fmt.Errorf("bind-address %s must be local ip", config.BindAddress)
-			}
 		}
 		if config.IPTables.MasqueradeBit == nil {
 			// MasqueradeBit must be specified or defaulted.
@@ -714,17 +705,17 @@ func getNodeIP(client clientset.Interface, hostname string) net.IP {
 	return nodeIP
 }
 
-func isLocalIP(ip string) (bool, error) {
+func isLocalIP(ip net.IP) (bool, error) {
 	addrs, err := net.InterfaceAddrs()
 	if err != nil {
 		return false, err
 	}
 	for i := range addrs {
-		intf, _, err := net.ParseCIDR(addrs[i].String())
+		intfIP, _, err := net.ParseCIDR(addrs[i].String())
 		if err != nil {
 			return false, err
 		}
-		if net.ParseIP(ip).Equal(intf) {
+		if ip.Equal(intfIP) {
 			return true, nil
 		}
 	}

From 63bc96e1b05c1da37b64ea7c782eb432852dfd09 Mon Sep 17 00:00:00 2001
From: lichunlong <licl@primeton.com>
Date: Thu, 1 Jun 2017 17:22:41 +0800
Subject: [PATCH 3/4] fix review

---
 cmd/kube-proxy/app/server.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go
index bcef3ab4f0e..4b9ea5f5ee4 100644
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@@ -399,9 +399,13 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
 	proxyMode := getProxyMode(string(config.Mode), iptInterface, iptables.LinuxKernelCompatTester{})
 	if proxyMode == proxyModeIPTables {
 		glog.V(0).Info("Using iptables Proxier.")
-		nodeIP := net.ParseIP(config.BindAddress)
-		if local, _ := isLocalIP(nodeIP); !local {
-			glog.V(2).Infof("bind-address %s must be local ip", config.BindAddress)
+		var nodeIP net.IP
+		if config.BindAddress != "0.0.0.0" {
+			nodeIP := net.ParseIP(config.BindAddress)
+			if local := isLocalIP(nodeIP); !local {
+				return nil, fmt.Errorf("invalid bind-address: %v, it must be a local IP", config.BindAddress)
+			}
+		} else {
 			nodeIP = getNodeIP(client, hostname)
 		}
 		if config.IPTables.MasqueradeBit == nil {
@@ -705,19 +709,19 @@ func getNodeIP(client clientset.Interface, hostname string) net.IP {
 	return nodeIP
 }
 
-func isLocalIP(ip net.IP) (bool, error) {
+func isLocalIP(ip net.IP) bool {
 	addrs, err := net.InterfaceAddrs()
 	if err != nil {
-		return false, err
+		return false
 	}
 	for i := range addrs {
 		intfIP, _, err := net.ParseCIDR(addrs[i].String())
 		if err != nil {
-			return false, err
+			return false
 		}
 		if ip.Equal(intfIP) {
-			return true, nil
+			return true
 		}
 	}
-	return false, nil
+	return false
 }

From dc768c87c375fce9f9a5708e95abc0a5b3014f5b Mon Sep 17 00:00:00 2001
From: lichunlong <licl@primeton.com>
Date: Fri, 2 Jun 2017 15:32:22 +0800
Subject: [PATCH 4/4] fix review

---
 cmd/kube-proxy/app/server.go | 22 +---------------------
 1 file changed, 1 insertion(+), 21 deletions(-)

diff --git a/cmd/kube-proxy/app/server.go b/cmd/kube-proxy/app/server.go
index 4b9ea5f5ee4..f43651b88f4 100644
--- a/cmd/kube-proxy/app/server.go
+++ b/cmd/kube-proxy/app/server.go
@@ -401,10 +401,7 @@ func NewProxyServer(config *componentconfig.KubeProxyConfiguration, cleanupAndEx
 		glog.V(0).Info("Using iptables Proxier.")
 		var nodeIP net.IP
 		if config.BindAddress != "0.0.0.0" {
-			nodeIP := net.ParseIP(config.BindAddress)
-			if local := isLocalIP(nodeIP); !local {
-				return nil, fmt.Errorf("invalid bind-address: %v, it must be a local IP", config.BindAddress)
-			}
+			nodeIP = net.ParseIP(config.BindAddress)
 		} else {
 			nodeIP = getNodeIP(client, hostname)
 		}
@@ -708,20 +705,3 @@ func getNodeIP(client clientset.Interface, hostname string) net.IP {
 	}
 	return nodeIP
 }
-
-func isLocalIP(ip net.IP) bool {
-	addrs, err := net.InterfaceAddrs()
-	if err != nil {
-		return false
-	}
-	for i := range addrs {
-		intfIP, _, err := net.ParseCIDR(addrs[i].String())
-		if err != nil {
-			return false
-		}
-		if ip.Equal(intfIP) {
-			return true
-		}
-	}
-	return false
-}