diff --git a/cmd/kube-proxy/app/server_others.go b/cmd/kube-proxy/app/server_others.go index 9c5cb19f236..3deee7491b3 100644 --- a/cmd/kube-proxy/app/server_others.go +++ b/cmd/kube-proxy/app/server_others.go @@ -148,22 +148,55 @@ func newProxyServer( return nil, fmt.Errorf("unable to read IPTables MasqueradeBit from config") } - // TODO this has side effects that should only happen when Run() is invoked. - proxier, err = iptables.NewProxier( - iptInterface, - utilsysctl.New(), - execer, - config.IPTables.SyncPeriod.Duration, - config.IPTables.MinSyncPeriod.Duration, - config.IPTables.MasqueradeAll, - int(*config.IPTables.MasqueradeBit), - config.ClusterCIDR, - hostname, - nodeIP, - recorder, - healthzServer, - config.NodePortAddresses, - ) + if utilfeature.DefaultFeatureGate.Enabled(features.IPv6DualStack) { + klog.V(0).Info("creating dualStackProxier for iptables.") + + // Create iptables handlers for both families, one is already created + // Always ordered as IPv4, IPv6 + var ipt [2]utiliptables.Interface + if iptInterface.IsIpv6() { + ipt[1] = iptInterface + ipt[0] = utiliptables.New(execer, utiliptables.ProtocolIpv4) + } else { + ipt[0] = iptInterface + ipt[1] = utiliptables.New(execer, utiliptables.ProtocolIpv6) + } + + // TODO this has side effects that should only happen when Run() is invoked. + proxier, err = iptables.NewDualStackProxier( + ipt, + utilsysctl.New(), + execer, + config.IPTables.SyncPeriod.Duration, + config.IPTables.MinSyncPeriod.Duration, + config.IPTables.MasqueradeAll, + int(*config.IPTables.MasqueradeBit), + cidrTuple(config.ClusterCIDR), + hostname, + nodeIPTuple(config.BindAddress), + recorder, + healthzServer, + config.NodePortAddresses, + ) + } else { // Create a single-stack proxier. + // TODO this has side effects that should only happen when Run() is invoked. + proxier, err = iptables.NewProxier( + iptInterface, + utilsysctl.New(), + execer, + config.IPTables.SyncPeriod.Duration, + config.IPTables.MinSyncPeriod.Duration, + config.IPTables.MasqueradeAll, + int(*config.IPTables.MasqueradeBit), + config.ClusterCIDR, + hostname, + nodeIP, + recorder, + healthzServer, + config.NodePortAddresses, + ) + } + if err != nil { return nil, fmt.Errorf("unable to create proxier: %v", err) } @@ -174,6 +207,7 @@ func newProxyServer( klog.V(0).Info("creating dualStackProxier for ipvs.") // Create iptables handlers for both families, one is already created + // Always ordered as IPv4, IPv6 var ipt [2]utiliptables.Interface if iptInterface.IsIpv6() { ipt[1] = iptInterface diff --git a/pkg/proxy/BUILD b/pkg/proxy/BUILD index 0057cdf8fc1..5a275d1c297 100644 --- a/pkg/proxy/BUILD +++ b/pkg/proxy/BUILD @@ -48,6 +48,7 @@ filegroup( "//pkg/proxy/healthcheck:all-srcs", "//pkg/proxy/iptables:all-srcs", "//pkg/proxy/ipvs:all-srcs", + "//pkg/proxy/metaproxier:all-srcs", "//pkg/proxy/metrics:all-srcs", "//pkg/proxy/userspace:all-srcs", "//pkg/proxy/util:all-srcs", diff --git a/pkg/proxy/iptables/BUILD b/pkg/proxy/iptables/BUILD index 188925f9588..cac0ab4c220 100644 --- a/pkg/proxy/iptables/BUILD +++ b/pkg/proxy/iptables/BUILD @@ -14,6 +14,7 @@ go_library( "//pkg/features:go_default_library", "//pkg/proxy:go_default_library", "//pkg/proxy/healthcheck:go_default_library", + "//pkg/proxy/metaproxier:go_default_library", "//pkg/proxy/metrics:go_default_library", "//pkg/proxy/util:go_default_library", "//pkg/util/async:go_default_library", diff --git a/pkg/proxy/iptables/proxier.go b/pkg/proxy/iptables/proxier.go index 1461cb458ab..98b768be466 100644 --- a/pkg/proxy/iptables/proxier.go +++ b/pkg/proxy/iptables/proxier.go @@ -43,6 +43,7 @@ import ( "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/proxy" "k8s.io/kubernetes/pkg/proxy/healthcheck" + "k8s.io/kubernetes/pkg/proxy/metaproxier" "k8s.io/kubernetes/pkg/proxy/metrics" utilproxy "k8s.io/kubernetes/pkg/proxy/util" "k8s.io/kubernetes/pkg/util/async" @@ -333,6 +334,42 @@ func NewProxier(ipt utiliptables.Interface, return proxier, nil } +// NewDualStackProxier creates a MetaProxier instance, with IPv4 and IPv6 proxies. +func NewDualStackProxier( + ipt [2]utiliptables.Interface, + sysctl utilsysctl.Interface, + exec utilexec.Interface, + syncPeriod time.Duration, + minSyncPeriod time.Duration, + masqueradeAll bool, + masqueradeBit int, + clusterCIDR [2]string, + hostname string, + nodeIP [2]net.IP, + recorder record.EventRecorder, + healthzServer healthcheck.ProxierHealthUpdater, + nodePortAddresses []string, +) (proxy.Provider, error) { + // Create an ipv4 instance of the single-stack proxier + ipv4Proxier, err := NewProxier(ipt[0], sysctl, + exec, syncPeriod, minSyncPeriod, + masqueradeAll, masqueradeBit, clusterCIDR[0], hostname, nodeIP[0], + recorder, healthzServer, nodePortAddresses) + if err != nil { + return nil, fmt.Errorf("unable to create ipv4 proxier: %v", err) + } + + ipv6Proxier, err := NewProxier(ipt[1], sysctl, + exec, syncPeriod, minSyncPeriod, + masqueradeAll, masqueradeBit, clusterCIDR[1], hostname, nodeIP[1], + recorder, healthzServer, nodePortAddresses) + if err != nil { + return nil, fmt.Errorf("unable to create ipv6 proxier: %v", err) + } + + return metaproxier.NewMetaProxier(ipv4Proxier, ipv6Proxier), nil // TODO move meta-proxier to mode-neutral package +} + type iptablesJumpChain struct { table utiliptables.Table dstChain utiliptables.Chain diff --git a/pkg/proxy/ipvs/BUILD b/pkg/proxy/ipvs/BUILD index 9a45bf55c4c..7b276fdcdea 100644 --- a/pkg/proxy/ipvs/BUILD +++ b/pkg/proxy/ipvs/BUILD @@ -45,7 +45,6 @@ go_library( srcs = [ "graceful_termination.go", "ipset.go", - "meta_proxier.go", "netlink.go", "netlink_linux.go", "netlink_unsupported.go", @@ -56,8 +55,8 @@ go_library( deps = [ "//pkg/features:go_default_library", "//pkg/proxy:go_default_library", - "//pkg/proxy/config:go_default_library", "//pkg/proxy/healthcheck:go_default_library", + "//pkg/proxy/metaproxier:go_default_library", "//pkg/proxy/metrics:go_default_library", "//pkg/proxy/util:go_default_library", "//pkg/util/async:go_default_library", diff --git a/pkg/proxy/ipvs/proxier.go b/pkg/proxy/ipvs/proxier.go index 45505b6b0db..5836a74970c 100644 --- a/pkg/proxy/ipvs/proxier.go +++ b/pkg/proxy/ipvs/proxier.go @@ -46,6 +46,7 @@ import ( "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/proxy" "k8s.io/kubernetes/pkg/proxy/healthcheck" + "k8s.io/kubernetes/pkg/proxy/metaproxier" "k8s.io/kubernetes/pkg/proxy/metrics" utilproxy "k8s.io/kubernetes/pkg/proxy/util" "k8s.io/kubernetes/pkg/util/async" @@ -515,7 +516,7 @@ func NewDualStackProxier( // Return a meta-proxier that dispatch calls between the two // single-stack proxier instances - return NewMetaProxier(ipv4Proxier, ipv6Proxier), nil + return metaproxier.NewMetaProxier(ipv4Proxier, ipv6Proxier), nil } func filterCIDRs(wantIPv6 bool, cidrs []string) []string { diff --git a/pkg/proxy/metaproxier/BUILD b/pkg/proxy/metaproxier/BUILD new file mode 100644 index 00000000000..4f11238d4a8 --- /dev/null +++ b/pkg/proxy/metaproxier/BUILD @@ -0,0 +1,30 @@ +package(default_visibility = ["//visibility:public"]) + +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["meta_proxier.go"], + importpath = "k8s.io/kubernetes/pkg/proxy/metaproxier", + deps = [ + "//pkg/proxy:go_default_library", + "//pkg/proxy/config:go_default_library", + "//staging/src/k8s.io/api/core/v1:go_default_library", + "//staging/src/k8s.io/api/discovery/v1beta1:go_default_library", + "//vendor/k8s.io/klog:go_default_library", + "//vendor/k8s.io/utils/net:go_default_library", + ], +) + +filegroup( + name = "package-srcs", + srcs = glob(["**"]), + tags = ["automanaged"], + visibility = ["//visibility:private"], +) + +filegroup( + name = "all-srcs", + srcs = [":package-srcs"], + tags = ["automanaged"], +) diff --git a/pkg/proxy/ipvs/meta_proxier.go b/pkg/proxy/metaproxier/meta_proxier.go similarity index 99% rename from pkg/proxy/ipvs/meta_proxier.go rename to pkg/proxy/metaproxier/meta_proxier.go index 062ac3feee5..9bfe44275d7 100644 --- a/pkg/proxy/ipvs/meta_proxier.go +++ b/pkg/proxy/metaproxier/meta_proxier.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package ipvs +package metaproxier import ( "fmt"