diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index d55f9b2cae3..7a179d31540 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -54,6 +54,7 @@ import ( "k8s.io/kubernetes/pkg/proxy/iptables" "k8s.io/kubernetes/pkg/proxy/ipvs" proxymetrics "k8s.io/kubernetes/pkg/proxy/metrics" + proxyutil "k8s.io/kubernetes/pkg/proxy/util" proxyutiliptables "k8s.io/kubernetes/pkg/proxy/util/iptables" utilipset "k8s.io/kubernetes/pkg/util/ipset" utiliptables "k8s.io/kubernetes/pkg/util/iptables" @@ -167,11 +168,22 @@ func newProxyServer( ipt[1] = iptInterface } + nodePortAddresses := config.NodePortAddresses + if !ipt[0].Present() { return nil, fmt.Errorf("iptables is not supported for primary IP family %q", primaryProtocol) } else if !ipt[1].Present() { klog.InfoS("kube-proxy running in single-stack mode: secondary ipFamily is not supported", "ipFamily", ipt[1].Protocol()) dualStack = false + + // Validate NodePortAddresses is single-stack + npaByFamily := proxyutil.MapCIDRsByIPFamily(config.NodePortAddresses) + secondaryFamily := proxyutil.OtherIPFamily(primaryFamily) + badAddrs := npaByFamily[secondaryFamily] + if len(badAddrs) > 0 { + klog.InfoS("Ignoring --nodeport-addresses of the wrong family", "ipFamily", secondaryFamily, "addresses", badAddrs) + nodePortAddresses = npaByFamily[primaryFamily] + } } if proxyMode == proxyconfigapi.ProxyModeIPTables { @@ -206,7 +218,7 @@ func newProxyServer( nodeIPTuple(config.BindAddress), recorder, healthzServer, - config.NodePortAddresses, + nodePortAddresses, ) } else { // Create a single-stack proxier if and only if the node does not support dual-stack (i.e, no iptables support). @@ -232,7 +244,7 @@ func newProxyServer( nodeIP, recorder, healthzServer, - config.NodePortAddresses, + nodePortAddresses, ) } @@ -282,7 +294,7 @@ func newProxyServer( recorder, healthzServer, config.IPVS.Scheduler, - config.NodePortAddresses, + nodePortAddresses, kernelHandler, ) } else { @@ -314,7 +326,7 @@ func newProxyServer( recorder, healthzServer, config.IPVS.Scheduler, - config.NodePortAddresses, + nodePortAddresses, kernelHandler, ) } diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 85d958bec1b..fbde2f8db8b 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -260,13 +260,6 @@ func NewProxier(ipFamily v1.IPFamily, serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses) - ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses) - nodePortAddresses = ipFamilyMap[ipFamily] - // Log the IPs not matching the ipFamily - if ips, ok := ipFamilyMap[utilproxy.OtherIPFamily(ipFamily)]; ok && len(ips) > 0 { - klog.InfoS("Found node IPs of the wrong family", "ipFamily", ipFamily, "IPs", strings.Join(ips, ",")) - } - proxier := &Proxier{ svcPortMap: make(proxy.ServicePortMap), serviceChanges: proxy.NewServiceChangeTracker(newServiceInfo, ipFamily, recorder, nil), diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 5f1bcfb1ef8..8527b410e33 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -459,13 +459,6 @@ func NewProxier(ipFamily v1.IPFamily, serviceHealthServer := healthcheck.NewServiceHealthServer(hostname, recorder, nodePortAddresses) - ipFamilyMap := utilproxy.MapCIDRsByIPFamily(nodePortAddresses) - nodePortAddresses = ipFamilyMap[ipFamily] - // Log the IPs not matching the ipFamily - if ips, ok := ipFamilyMap[utilproxy.OtherIPFamily(ipFamily)]; ok && len(ips) > 0 { - klog.InfoS("Found node IPs of the wrong family", "ipFamily", ipFamily, "IPs", ips) - } - // excludeCIDRs has been validated before, here we just parse it to IPNet list parsedExcludeCIDRs, _ := netutils.ParseCIDRs(excludeCIDRs) diff --git a/pkg/proxy/ipvs/proxier_test.go b/pkg/proxy/ipvs/proxier_test.go index 203f0ffb0c3..0e1e8b5383e 100644 --- a/pkg/proxy/ipvs/proxier_test.go +++ b/pkg/proxy/ipvs/proxier_test.go @@ -2117,11 +2117,11 @@ func TestOnlyLocalNodePorts(t *testing.T) { addrs1 := []net.Addr{&net.IPNet{IP: netutils.ParseIPSloppy("2001:db8::"), Mask: net.CIDRMask(64, 128)}} fp.networkInterfacer.(*proxyutiltest.FakeNetwork).AddInterfaceAddr(&itf, addrs) fp.networkInterfacer.(*proxyutiltest.FakeNetwork).AddInterfaceAddr(&itf1, addrs1) - fp.nodePortAddresses = []string{"100.101.102.0/24", "2001:db8::0/64"} + fp.nodePortAddresses = []string{"100.101.102.0/24"} fp.syncProxyRules() - // Expect 2 (matching ipvs IPFamily field) services and 1 destination + // Expect 2 services and 1 destination epVS := &netlinktest.ExpectedVirtualServer{ VSNum: 2, IP: nodeIP.String(), Port: uint16(svcNodePort), Protocol: string(v1.ProtocolTCP), RS: []netlinktest.ExpectedRealServer{{ @@ -2205,7 +2205,7 @@ func TestHealthCheckNodePort(t *testing.T) { addrs1 := []net.Addr{&net.IPNet{IP: netutils.ParseIPSloppy("2001:db8::"), Mask: net.CIDRMask(64, 128)}} fp.networkInterfacer.(*proxyutiltest.FakeNetwork).AddInterfaceAddr(&itf, addrs) fp.networkInterfacer.(*proxyutiltest.FakeNetwork).AddInterfaceAddr(&itf1, addrs1) - fp.nodePortAddresses = []string{"100.101.102.0/24", "2001:db8::0/64"} + fp.nodePortAddresses = []string{"100.101.102.0/24"} fp.syncProxyRules()