mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 05:27:21 +00:00
Add validation for bridge-interface and interface-name-prefix
Co-authored-by: Will Daly <widaly@microsoft.com> Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit is contained in:
Surya Seetharaman
parent
7d480d8ac8
commit
1ea5f9432c
@ -102,6 +102,12 @@ func Validate(config *kubeproxyconfig.KubeProxyConfiguration) field.ErrorList {
|
|||||||
|
|
||||||
allErrs = append(allErrs, validateKubeProxyNodePortAddress(config.NodePortAddresses, newPath.Child("NodePortAddresses"))...)
|
allErrs = append(allErrs, validateKubeProxyNodePortAddress(config.NodePortAddresses, newPath.Child("NodePortAddresses"))...)
|
||||||
allErrs = append(allErrs, validateShowHiddenMetricsVersion(config.ShowHiddenMetricsForVersion, newPath.Child("ShowHiddenMetricsForVersion"))...)
|
allErrs = append(allErrs, validateShowHiddenMetricsVersion(config.ShowHiddenMetricsForVersion, newPath.Child("ShowHiddenMetricsForVersion"))...)
|
||||||
|
if config.DetectLocalMode == kubeproxyconfig.LocalModeBridgeInterface {
|
||||||
|
allErrs = append(allErrs, validateInterface(config.DetectLocal.BridgeInterface, newPath.Child("InterfaceName"))...)
|
||||||
|
}
|
||||||
|
if config.DetectLocalMode == kubeproxyconfig.LocalModeInterfaceNamePrefix {
|
||||||
|
allErrs = append(allErrs, validateInterface(config.DetectLocal.InterfaceNamePrefix, newPath.Child("InterfacePrefix"))...)
|
||||||
|
}
|
||||||
|
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
@ -317,3 +323,11 @@ func validateShowHiddenMetricsVersion(version string, fldPath *field.Path) field
|
|||||||
|
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func validateInterface(iface string, fldPath *field.Path) field.ErrorList {
|
||||||
|
allErrs := field.ErrorList{}
|
||||||
|
if len(iface) == 0 {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath, iface, "must not be empty"))
|
||||||
|
}
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
|||||||
@ -175,6 +175,52 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
|
|||||||
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
BindAddress: "10.10.12.11",
|
||||||
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
|
ClusterCIDR: "192.168.59.0/24",
|
||||||
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
|
||||||
|
MasqueradeAll: true,
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
|
||||||
|
},
|
||||||
|
Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
|
||||||
|
MaxPerCore: pointer.Int32Ptr(1),
|
||||||
|
Min: pointer.Int32Ptr(1),
|
||||||
|
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
},
|
||||||
|
DetectLocalMode: kubeproxyconfig.LocalModeInterfaceNamePrefix,
|
||||||
|
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
|
||||||
|
InterfaceNamePrefix: "vethabcde",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
BindAddress: "10.10.12.11",
|
||||||
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
|
ClusterCIDR: "192.168.59.0/24",
|
||||||
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
|
||||||
|
MasqueradeAll: true,
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
|
||||||
|
},
|
||||||
|
Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
|
||||||
|
MaxPerCore: pointer.Int32Ptr(1),
|
||||||
|
Min: pointer.Int32Ptr(1),
|
||||||
|
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
},
|
||||||
|
DetectLocalMode: kubeproxyconfig.LocalModeBridgeInterface,
|
||||||
|
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
|
||||||
|
BridgeInterface: "avz",
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, successCase := range successCases {
|
for _, successCase := range successCases {
|
||||||
@ -366,6 +412,58 @@ func TestValidateKubeProxyConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("KubeProxyIPVSConfiguration.SyncPeriod"), metav1.Duration{Duration: 0}, "must be greater than 0")},
|
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("KubeProxyIPVSConfiguration.SyncPeriod"), metav1.Duration{Duration: 0}, "must be greater than 0")},
|
||||||
},
|
},
|
||||||
|
"interfacePrefix is empty": {
|
||||||
|
config: kubeproxyconfig.KubeProxyConfiguration{
|
||||||
|
BindAddress: "10.10.12.11",
|
||||||
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
|
ClusterCIDR: "192.168.59.0/24",
|
||||||
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
|
||||||
|
MasqueradeAll: true,
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
|
||||||
|
},
|
||||||
|
Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
|
||||||
|
MaxPerCore: pointer.Int32Ptr(1),
|
||||||
|
Min: pointer.Int32Ptr(1),
|
||||||
|
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
},
|
||||||
|
DetectLocalMode: kubeproxyconfig.LocalModeInterfaceNamePrefix,
|
||||||
|
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
|
||||||
|
InterfaceNamePrefix: "",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("InterfacePrefix"), "", "must not be empty")},
|
||||||
|
},
|
||||||
|
"bridgeInterfaceName is empty": {
|
||||||
|
config: kubeproxyconfig.KubeProxyConfiguration{
|
||||||
|
BindAddress: "10.10.12.11",
|
||||||
|
HealthzBindAddress: "0.0.0.0:12345",
|
||||||
|
MetricsBindAddress: "127.0.0.1:10249",
|
||||||
|
ClusterCIDR: "192.168.59.0/24",
|
||||||
|
UDPIdleTimeout: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
|
||||||
|
IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
|
||||||
|
MasqueradeAll: true,
|
||||||
|
SyncPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
|
||||||
|
},
|
||||||
|
Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
|
||||||
|
MaxPerCore: pointer.Int32Ptr(1),
|
||||||
|
Min: pointer.Int32Ptr(1),
|
||||||
|
TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
TCPCloseWaitTimeout: &metav1.Duration{Duration: 5 * time.Second},
|
||||||
|
},
|
||||||
|
DetectLocalMode: kubeproxyconfig.LocalModeBridgeInterface,
|
||||||
|
DetectLocal: kubeproxyconfig.DetectLocalConfiguration{
|
||||||
|
InterfaceNamePrefix: "eth0", // we won't care about prefix since mode is not prefix
|
||||||
|
},
|
||||||
|
},
|
||||||
|
expectedErrs: field.ErrorList{field.Invalid(newPath.Child("InterfaceName"), "", "must not be empty")},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, testCase := range testCases {
|
for name, testCase := range testCases {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user