proxier: use IPSet from k8s.io/utils/net to store local addresses

This allows the proxier to cache local addresses instead of fetching all
local addresses every time in IsLocalIP.

Signed-off-by: Andrew Sy Kim <kiman@vmware.com>

go.mod

@@ -558,7 +558,6 @@ replace (
 	k8s.io/kubelet => ./staging/src/k8s.io/kubelet
 	k8s.io/legacy-cloud-providers => ./staging/src/k8s.io/legacy-cloud-providers
 	k8s.io/metrics => ./staging/src/k8s.io/metrics
-	k8s.io/node-api => ./staging/src/k8s.io/node-api
 	k8s.io/repo-infra => k8s.io/repo-infra v0.0.1-alpha.1
 	k8s.io/sample-apiserver => ./staging/src/k8s.io/sample-apiserver
 	k8s.io/sample-cli-plugin => ./staging/src/k8s.io/sample-cli-plugin

pkg/proxy/iptables/proxier.go

@@ -803,6 +803,9 @@ func (proxier *Proxier) syncProxyRules() {
 		klog.Warning("No local addresses found, assuming all external IPs are not local")
 	}
 
+	localAddrSet := utilnet.IPSet{}
+	localAddrSet.Insert(localAddrs...)
+
 	// We assume that if this was called, we really want to sync them,
 	// even if nothing changed in the meantime. In other words, callers are
 	// responsible for detecting no-op changes and not calling this function.
@@ -1037,7 +1040,7 @@ func (proxier *Proxier) syncProxyRules() {
 			// If the "external" IP happens to be an IP that is local to this
 			// machine, hold the local port open so no other process can open it
 			// (because the socket might open but it would never work).
-			if len(localAddrs) > 0 && (svcInfo.Protocol() != v1.ProtocolSCTP) && utilproxy.ContainsIP(localAddrs, net.ParseIP(externalIP)) {
+			if localAddrSet.Len() > 0 && (svcInfo.Protocol() != v1.ProtocolSCTP) && localAddrSet.Has(net.ParseIP(externalIP)) {
 				lp := utilproxy.LocalPort{
 					Description: "externalIP for " + svcNameString,
 					IP:          externalIP,

pkg/proxy/ipvs/proxier.go

@@ -1016,6 +1016,9 @@ func (proxier *Proxier) syncProxyRules() {
 		klog.Warning("No local addresses found, assuming all external IPs are not local")
 	}
 
+	localAddrSet := utilnet.IPSet{}
+	localAddrSet.Insert(localAddrs...)
+
 	// We assume that if this was called, we really want to sync them,
 	// even if nothing changed in the meantime. In other words, callers are
 	// responsible for detecting no-op changes and not calling this function.
@@ -1200,7 +1203,7 @@ func (proxier *Proxier) syncProxyRules() {
 			// If the "external" IP happens to be an IP that is local to this
 			// machine, hold the local port open so no other process can open it
 			// (because the socket might open but it would never work).
-			if len(localAddrs) > 0 && (svcInfo.Protocol() != v1.ProtocolSCTP) && utilproxy.ContainsIP(localAddrs, net.ParseIP(externalIP)) {
+			if localAddrSet.Len() > 0 && (svcInfo.Protocol() != v1.ProtocolSCTP) && localAddrSet.Has(net.ParseIP(externalIP)) {
 				// We do not start listening on SCTP ports, according to our agreement in the SCTP support KEP
 				lp := utilproxy.LocalPort{
 					Description: "externalIP for " + svcNameString,

pkg/proxy/userspace/BUILD

@@ -36,6 +36,7 @@ go_library(
         "//staging/src/k8s.io/cloud-provider/service/helpers:go_default_library",
         "//vendor/k8s.io/klog:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",
+        "//vendor/k8s.io/utils/net:go_default_library",
     ] + select({
         "@io_bazel_rules_go//go/platform:android": [
             "//vendor/golang.org/x/sys/unix:go_default_library",

pkg/proxy/userspace/proxier.go

@@ -41,6 +41,7 @@ import (
 	"k8s.io/kubernetes/pkg/util/conntrack"
 	"k8s.io/kubernetes/pkg/util/iptables"
 	utilexec "k8s.io/utils/exec"
+	netutils "k8s.io/utils/net"
 )
 
 type portal struct {
@@ -127,7 +128,7 @@ type Proxier struct {
 	listenIP        net.IP
 	iptables        iptables.Interface
 	hostIP          net.IP
-	localAddrs      []net.IP
+	localAddrs      netutils.IPSet
 	proxyPorts      PortAllocator
 	makeProxySocket ProxySocketFunc
 	exec            utilexec.Interface
@@ -378,7 +379,10 @@ func (proxier *Proxier) syncProxyRules() {
 	} else if len(localAddrs) == 0 {
 		klog.Warning("No local addresses were found, assuming all external IPs are not local")
 	}
-	proxier.localAddrs = localAddrs
+
+	localAddrSet := netutils.IPSet{}
+	localAddrSet.Insert(localAddrs...)
+	proxier.localAddrs = localAddrSet
 
 	proxier.ensurePortals()
 	proxier.cleanupStaleStickySessions()
@@ -734,7 +738,7 @@ func (proxier *Proxier) openPortal(service proxy.ServicePortName, info *ServiceI
 }
 
 func (proxier *Proxier) openOnePortal(portal portal, protocol v1.Protocol, proxyIP net.IP, proxyPort int, name proxy.ServicePortName) error {
-	if len(proxier.localAddrs) > 0 && utilproxy.ContainsIP(proxier.localAddrs, portal.ip) {
+	if proxier.localAddrs.Len() > 0 && proxier.localAddrs.Has(portal.ip) {
 		err := proxier.claimNodePort(portal.ip, portal.port, protocol, name)
 		if err != nil {
 			return err
@@ -910,7 +914,7 @@ func (proxier *Proxier) closePortal(service proxy.ServicePortName, info *Service
 
 func (proxier *Proxier) closeOnePortal(portal portal, protocol v1.Protocol, proxyIP net.IP, proxyPort int, name proxy.ServicePortName) []error {
 	el := []error{}
-	if len(proxier.localAddrs) > 0 && utilproxy.ContainsIP(proxier.localAddrs, portal.ip) {
+	if proxier.localAddrs.Len() > 0 && proxier.localAddrs.Has(portal.ip) {
 		if err := proxier.releaseNodePort(portal.ip, portal.port, protocol, name); err != nil {
 			el = append(el, err)
 		}

pkg/proxy/util/utils.go

@@ -123,23 +123,25 @@ func IsProxyableHostname(ctx context.Context, resolv Resolver, hostname string)
 	return nil
 }
 
-// IsLocalIP checks if a given IP address is bound to an interface
+// GetLocalAddrs returns a list of all network addresses on the local system
-// on the local system
+func GetLocalAddrs() ([]net.IP, error) {
-func IsLocalIP(ip string) (bool, error) {
+	var localAddrs []net.IP
+
 	addrs, err := net.InterfaceAddrs()
 	if err != nil {
-		return false, err
+		return nil, err
 	}
-	for i := range addrs {
+
-		intf, _, err := net.ParseCIDR(addrs[i].String())
+	for _, addr := range addrs {
+		ip, _, err := net.ParseCIDR(addr.String())
 		if err != nil {
-			return false, err
+			return nil, err
-		}
-		if net.ParseIP(ip).Equal(intf) {
-			return true, nil
 		}
+
+		localAddrs = append(localAddrs, ip)
 	}
-	return false, nil
+
+	return localAddrs, nil
 }
 
 // ShouldSkipService checks if a given service should skip proxying

staging/repos_generated.bzl

@@ -36,7 +36,6 @@ staging_repos = [
     "k8s.io/kubelet",
     "k8s.io/legacy-cloud-providers",
     "k8s.io/metrics",
-    "k8s.io/node-api",
     "k8s.io/sample-apiserver",
     "k8s.io/sample-cli-plugin",
     "k8s.io/sample-controller",

staging/src/BUILD

@@ -35,7 +35,6 @@ filegroup(
         "//staging/src/k8s.io/kubelet:all-srcs",
         "//staging/src/k8s.io/legacy-cloud-providers:all-srcs",
         "//staging/src/k8s.io/metrics:all-srcs",
-        "//staging/src/k8s.io/node-api:all-srcs",
         "//staging/src/k8s.io/sample-apiserver:all-srcs",
         "//staging/src/k8s.io/sample-cli-plugin:all-srcs",
         "//staging/src/k8s.io/sample-controller:all-srcs",

staging/src/k8s.io/node-api/BUILD

@@ -1,13 +0,0 @@
-filegroup(
-    name = "package-srcs",
-    srcs = glob(["**"]),
-    tags = ["automanaged"],
-    visibility = ["//visibility:private"],
-)
-
-filegroup(
-    name = "all-srcs",
-    srcs = [":package-srcs"],
-    tags = ["automanaged"],
-    visibility = ["//visibility:public"],
-)

staging/src/k8s.io/node-api/go.mod

@@ -1,7 +0,0 @@
-// This is a generated file. Do not edit directly.
-
-module k8s.io/node-api
-
-go 1.13
-
-replace k8s.io/node-api => ../node-api

vendor/k8s.io/node-api

@@ -1 +0,0 @@
-../../staging/src/k8s.io/node-api